CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26654 – ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
https://notcve.org/view.php?id=CVE-2024-26654
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker co... • https://git.kernel.org/stable/c/198de43d758ca2700e2b52b49c0b189b4931466c •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52629 – sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
https://notcve.org/view.php?id=CVE-2023-52629
29 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() ... • https://git.kernel.org/stable/c/9f5e8eee5cfe1328660c71812d87c2a67bda389f • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52628 – netfilter: nftables: exthdr: fix 4-byte stack OOB write
https://notcve.org/view.php?id=CVE-2023-52628
28 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option supp... • https://git.kernel.org/stable/c/49499c3e6e18b7677a63316f3ff54a16533dc28f • CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26652 – net: pds_core: Fix possible double free in error handling path
https://notcve.org/view.php?id=CVE-2024-26652
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened. En el kernel de Linux, se resolvió la si... • https://git.kernel.org/stable/c/4569cce43bc61e4cdd76597a1cf9b608846c18cc •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26651 – sr9800: Add check for usbnet_get_endpoints
https://notcve.org/view.php?id=CVE-2024-26651
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sr9800: Agregar verificación para usbnet_get_endpoints Agregar verificación para usbnet_get_endpoints() y devolver el error si falla para transferir el error. • https://git.kernel.org/stable/c/19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26649 – drm/amdgpu: Fix the null pointer when load rlc firmware
https://notcve.org/view.php?id=CVE-2024-26649
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el puntero nulo al cargar el firmware rlc. Si el firmware RLC no es válido debi... • https://git.kernel.org/stable/c/3da9b71563cbb7281875adab1d7c4132679da987 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26648 – drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
https://notcve.org/view.php?id=CVE-2024-26648
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933) En el kernel de Linux, se resolvió la s... • https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26647 – drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
https://notcve.org/view.php?id=CVE-2024-26647
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903) En el kernel de Linux, se resol... • https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26646 – thermal: intel: hfi: Add syscore callbacks for system-wide PM
https://notcve.org/view.php?id=CVE-2024-26646
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the ... • https://git.kernel.org/stable/c/28f010dc50df0f7987c04112114fcfa7e0803566 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52627 – iio: adc: ad7091r: Allow users to configure device events
https://notcve.org/view.php?id=CVE-2023-52627
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user space when ADC readings fall bellow the thresholds of low limit registers or above the values set in high limit registers. However, to configure iio events and their thresholds, a set of callback functions must be implemented and those ... • https://git.kernel.org/stable/c/ca69300173b642ba64118200172171ea5967b6c5 •