CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27064 – netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
https://notcve.org/view.php?id=CVE-2024-27064
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain If nft_netdev_register_hooks() fails, the memory associated with nft_stats is not freed, causing a memory leak. This patch fixes it by moving nft_stats_alloc() down after nft_netdev_register_hooks() succeeds. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige una pérdida de memoria en nf_tables_updchain Si nft_netdev_register_hooks() ... • https://git.kernel.org/stable/c/b9703ed44ffbfba85c103b9de01886a225e14b38 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52653 – SUNRPC: fix a memleak in gss_import_v2_context
https://notcve.org/view.php?id=CVE-2023-52653
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error. Thus, this patch reform the last call of gss_import_v2_context to the gss_krb5_import_ctx_v2, preventing the memleak while keepping the return formation. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: SUNRPC: cor... • https://git.kernel.org/stable/c/47d84807762966c3611c38adecec6ea703ddda7a •
CVSS: 3.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52652 – NTB: fix possible name leak in ntb_register_device()
https://notcve.org/view.php?id=CVE-2023-52652
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: NTB: fix possible name leak in ntb_register_device() If device_register() fails in ntb_register_device(), the device name allocated by dev_set_name() should be freed. As per the comment in device_register(), callers should use put_device() to give up the reference in the error path. So fix this by calling put_device() in the error path so that the name can be freed in kobject_cleanup(). As a result of this, put_device() in the error path of... • https://git.kernel.org/stable/c/a1bd3baeb2f18b2b3d0f98ce5fdaa725149b950b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48669 – powerpc/pseries: Fix potential memleak in papr_get_attr()
https://notcve.org/view.php?id=CVE-2022-48669
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/pseries: corrija una posible fuga de mem en papr_get_attr() `buf` está asignado en papr_get_attr(), y krealloc() de `buf` podría fallar. Necesitamos liberar el "buf" original en ca... • https://git.kernel.org/stable/c/3c14b73454cf9f6e2146443fdfbdfb912c0efed3 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27063 – leds: trigger: netdev: Fix kernel panic on interface rename trig notify
https://notcve.org/view.php?id=CVE-2024-27063
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") in the various changes, reworked the way to set the LINKUP mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function. This changed the logic where, in the previous implementation the dev from the trigger even... • https://git.kernel.org/stable/c/d5e01266e7f5fa12400d4c8aa4e86fe89dcc61e9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27062 – nouveau: lock the client object tree.
https://notcve.org/view.php?id=CVE-2024-27062
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306] general protection fault, probably for non-canonical address 0x6677ed422bceb80c: 0000 [#1] PREEMPT SMP PTI [ 4562.099314] CPU: 2 PID: 23171 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 [ 4562.099324] Hardware name: Gigabyte Technology Co.... • https://git.kernel.org/stable/c/6887314f5356389fc219b8152e951ac084a10ef7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27061 – crypto: sun8i-ce - Fix use after free in unprepare
https://notcve.org/view.php?id=CVE-2024-27061
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ce - Fix use after free in unprepare sun8i_ce_cipher_unprepare should be called before crypto_finalize_skcipher_request, because client callbacks may immediately free memory, that isn't needed anymore. But it will be used by unprepare after free. Before removing prepare/unprepare callbacks it was handled by crypto engine in crypto_finalize_request. Usually that results in a pointer dereference problem during a in crypto selfte... • https://git.kernel.org/stable/c/4136212ab18eb3dce6efb6e18108765c36708f71 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27060 – thunderbolt: Fix NULL pointer dereference in tb_port_update_credits()
https://notcve.org/view.php?id=CVE-2024-27060
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix NULL pointer dereference in tb_port_update_credits() Olliver reported that his system crashes when plugging in Thunderbolt 1 device: BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:tb_port_do_update_credits+0x1b/0x130 [thunderbolt] Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27059 – USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
https://notcve.org/view.php?id=CVE-2024-27059
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands. The calculation involves division and modulus operations, which will cause a crash if either of these values is 0. While this never happens with a genuine device, it could happen with a flawed or... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27058 – tmpfs: fix race on handling dquot rbtree
https://notcve.org/view.php?id=CVE-2024-27058
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree. Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts: Thread 1 Thread 2 - shmem_... • https://git.kernel.org/stable/c/eafc474e202978ac735c551d5ee1eb8c02e2be54 •