CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52668 – btrfs: zoned: fix lock ordering in btrfs_zone_activate()
https://notcve.org/view.php?id=CVE-2023-52668
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ #1 Not tainted ------------------------------------------------------ kworker/u5:5/793427 is trying to acquire lock: ffff88813256d028 (&cache->lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130 but task is already holding lock: ff... • https://git.kernel.org/stable/c/a7e1ac7bdc5af91af2d52e6269fdbd92fe9ee353 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52667 – net/mlx5e: fix a potential double-free in fs_any_create_groups
https://notcve.org/view.php?id=CVE-2023-52667
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table() will free ft->g again through calling mlx5e_destroy_flow_table(), which will lead to a double-free. Fix this by setting ft->g to NULL in fs_any_create_groups(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5... • https://git.kernel.org/stable/c/0f575c20bf0686caf3d82d6c626c2e1e4a4c36e6 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35833 – dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA
https://notcve.org/view.php?id=CVE-2024-35833
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the managed version to fix both issues. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: fsl-qdma: corregida una pérdida de memoria relacionada con el comando de cola DMA. Este dma_alloc_coherent() no se deshace n... • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35832 – bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit
https://notcve.org/view.php?id=CVE-2024-35832
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. It should be freed by kvfree not kfree. Or umount will triger: [ 406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008 [ 406.830676 ] #PF: supervisor read access in kernel mode [ 406.831643 ] #PF: error_code(0x0000) - not-present page [ 406.832487 ] PGD 0 P4D 0 [ 406.832898 ] Oops: 0000 [#1] PREE... • https://git.kernel.org/stable/c/1c6fdbd8f2465ddfb73a01ec620cbf3d14044e1a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52664 – net: atlantic: eliminate double free in error handling logic
https://notcve.org/view.php?id=CVE-2023-52664
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error co... • https://git.kernel.org/stable/c/5015024ddfe5efccf1b964f14f078c2152b3b335 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35831 – io_uring: Fix release of pinned pages when __io_uaddr_map fails
https://notcve.org/view.php?id=CVE-2024-35831
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: Fix release of pinned pages when __io_uaddr_map fails Looking at the error path of __io_uaddr_map, if we fail after pinning the pages for any reasons, ret will be set to -EINVAL and the error handler won't properly release the pinned pages. I didn't manage to trigger it without forcing a failure, but it can happen in real life when memory is heavily fragmented. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_... • https://git.kernel.org/stable/c/223ef474316466e9f61f6e0064f3a6fe4923a2c5 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35830 – media: tc358743: register v4l2 async device only after successful setup
https://notcve.org/view.php?id=CVE-2024-35830
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: media: tc358743: registre el dispositivo asíncrono v4l2 solo después de una configuración exitosa Asegúrese de que el dispositivo se haya configurado correctamente antes de registrar el di... • https://git.kernel.org/stable/c/4c5211a100399c3823563193dd881dcb3b7d24fc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35829 – drm/lima: fix a memleak in lima_heap_alloc
https://notcve.org/view.php?id=CVE-2024-35829
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/lima: corregida una fuga de mem en lima_heap_alloc Cuando falla lima_vm_map_bo, es necesario desasignar los recursos o habrá fugas de memoria. In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in ... • https://git.kernel.org/stable/c/6aebc51d7aeff5a30d86485f320f0c871b5f23a4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35828 – wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
https://notcve.org/view.php?id=CVE-2024-35828
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaración for de... • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35827 – io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
https://notcve.org/view.php?id=CVE-2024-35827
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The "controllen" variable is type size_t (unsigned long). Casting it to int could lead to an integer underflow. The check_add_overflow() function considers the type of the destination which is type int. If we add two positive values and the result cannot fit in an integer then that's counted as an overflow. However, if we cast "controllen" to an int and it turns negative, then nega... • https://git.kernel.org/stable/c/9b0fc3c054ff2eb13753104884f1045b5bb3a627 •