CVE-2023-52599 – jfs: fix array-index-out-of-bounds in diNewExt
https://notcve.org/view.php?id=CVE-2023-52599
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt [Syz report] UBSAN: array-index-out-of-bounds in fs/jfs/jfs_imap.c:2360:2 index -878706688 is out of range for type 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/10/2023 Call Trace:
CVE-2023-52598 – s390/ptrace: handle setting of fpc register correctly
https://notcve.org/view.php?id=CVE-2023-52598
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context ... • https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713 • CWE-20: Improper Input Validation •
CVE-2023-52597 – KVM: s390: fix setting of fpc register
https://notcve.org/view.php?id=CVE-2023-52597
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers... • https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18 • CWE-20: Improper Input Validation •
CVE-2023-52596 – sysctl: Fix out of bounds access for empty sysctl registers
https://notcve.org/view.php?id=CVE-2023-52596
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories. The function register_sysctl_mount_point now passes a ctl_table of size 1 instead of size 0. It now relies solely... • https://git.kernel.org/stable/c/15893975e9e382f8294ea8d926f08dc2d8d39ede •
CVE-2023-52595 – wifi: rt2x00: restart beacon queue when hardware reset
https://notcve.org/view.php?id=CVE-2023-52595
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw(). En el... • https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48 • CWE-20: Improper Input Validation •
CVE-2023-52594 – wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
https://notcve.org/view.php?id=CVE-2023-52594
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified v... • https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc • CWE-125: Out-of-bounds Read •
CVE-2023-52593 – wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
https://notcve.org/view.php?id=CVE-2023-52593
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()' should check the return value before examining skb data. So convert the latter to return an appropriate error code and propagate it to return from 'wfx_start_ap()' as well. Compile tested only. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: wfx: corrige la posible desreferencia del pu... • https://git.kernel.org/stable/c/574dcd3126aa2eed75437137843f254b1190dd03 •
CVE-2023-52591 – reiserfs: Avoid touching renamed directory if parent does not change
https://notcve.org/view.php?id=CVE-2023-52591
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: reiserfs: evite tocar el directorio renombrado si el padre no cambia. El VFS no bloquea... • https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc •
CVE-2023-52590 – ocfs2: Avoid touching renamed directory if parent does not change
https://notcve.org/view.php?id=CVE-2023-52590
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ocfs2: evite tocar el directorio renombrado si el padre no cambia. El VFS no bloqueará el direct... • https://git.kernel.org/stable/c/de940cede3c41624e2de27f805b490999f419df9 •
CVE-2023-52589 – media: rkisp1: Fix IRQ disable race issue
https://notcve.org/view.php?id=CVE-2023-52589
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is not the case, as the interrupt handler can already be running, which would lead to the ISP being disabled while the interrupt handler handling a captured frame. This brings up two issues: 1) the ISP could be... • https://git.kernel.org/stable/c/25cb42af9ffabffec499e9e69e2fd3797774ce5b •