CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2024-53202 – firmware_loader: Fix possible resource leak in fw_log_firmware_info()
https://notcve.org/view.php?id=CVE-2024-53202
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. • https://git.kernel.org/stable/c/02fe26f25325b547b7a31a65deb0326c04bb5174 https://git.kernel.org/stable/c/789a72498d32f88d24371c10985aceb46397056c https://git.kernel.org/stable/c/eb5d67d00ad17a5bd0920f455160dc2ccbd2dc78 https://git.kernel.org/stable/c/f380f895dbb2a11d62ca6df9e82d995f4bc26b84 https://git.kernel.org/stable/c/369a9c046c2fdfe037f05b43b84c386bdbccc103 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2024-53201 – drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
https://notcve.org/view.php?id=CVE-2024-53201
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again through pipe_ctx. Multiple if statements directly call attributes of plane_state, leading to potential null pointer dereference issues. This patch adds necessary null checks to ensure stability. • https://git.kernel.org/stable/c/65a6fee22d5cfa645cb05489892dc9cd3d142fc2 https://git.kernel.org/stable/c/8e4ed3cf1642df0c4456443d865cff61a9598aa8 https://git.kernel.org/stable/c/68f75e6f08aad66069a629db8d7840919156c761 https://git.kernel.org/stable/c/6b4ee2560d4d8de2688da68cd9581177035e0876 https://git.kernel.org/stable/c/3609259326171cd5b98462636580fb2ae5c87d40 https://git.kernel.org/stable/c/6a057072ddd127255350357dd880903e8fa23f36 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2024-53200 – drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
https://notcve.org/view.php?id=CVE-2024-53200
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. • https://git.kernel.org/stable/c/0baae624630788862bbd654741929007971e9d5b https://git.kernel.org/stable/c/020002c76147ecfdafe95c44abd3240e216b6316 https://git.kernel.org/stable/c/0dd3d1de7a5957804ccd58c1b252f9e34710e3f6 https://git.kernel.org/stable/c/95792a18da0795300e15075ac05d1915e9066999 https://git.kernel.org/stable/c/2bc96c95070571c6c824e0d4c7783bee25a37876 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-53199 – ASoC: imx-audmix: Add NULL check in imx_audmix_probe
https://notcve.org/view.php?id=CVE-2024-53199
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imx_audmix_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in imx_audmix_probe() is not checked. Add NULL check in imx_audmix_probe(), to handle kernel NULL pointer dereference error. • https://git.kernel.org/stable/c/05d996e113481fdd9ac40ccf5cadabd1e73f2404 https://git.kernel.org/stable/c/c040cbe2e13da6454ae4748e04e53d885e1c9603 https://git.kernel.org/stable/c/dc5aa71f39b44d8117b2417dafd0e2884a75dd37 https://git.kernel.org/stable/c/e038f43edaf0083f6aa7c9415d86cf28dfd152f9 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53198 – xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
https://notcve.org/view.php?id=CVE-2024-53198
In the Linux kernel, the following vulnerability has been resolved: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() This patch fixes an issue in the function xenbus_dev_probe(). In the xenbus_dev_probe() function, within the if (err) branch at line 313, the program incorrectly returns err directly without releasing the resources allocated by err = drv->probe(dev, id). As the return value is non-zero, the upper layers assume the processing logic has failed. However, the probe operation was performed earlier without a corresponding remove operation. Since the probe actually allocates resources, failing to perform the remove operation could lead to problems. To fix this issue, we followed the resource release logic of the xenbus_dev_remove() function by adding a new block fail_remove before the fail_put block. After entering the branch if (err) at line 313, the function will use a goto statement to jump to the fail_remove block, ensuring that the previously acquired resources are correctly released, thus preventing the reference count leak. This bug was identified by an experimental static analysis tool developed by our team. • https://git.kernel.org/stable/c/4bac07c993d03434ea902d3d4290d9e45944b66c https://git.kernel.org/stable/c/87106169b4ce26f85561f953d13d1fd86d99b612 https://git.kernel.org/stable/c/0aa9e30b5b4af5dd504801689d6d84c584290a45 https://git.kernel.org/stable/c/e8823e6ff313465910edea07581627d85e68d9fd https://git.kernel.org/stable/c/3fc0996d2fefe61219375fd650601724b8cf2d30 https://git.kernel.org/stable/c/804b96f8d0a02fa10b92f28b2e042f9128ed3ffc https://git.kernel.org/stable/c/217bdce88b104269b73603b84d0ab4dd04f481bc https://git.kernel.org/stable/c/2f977a4c82d35d063f5fe198bbc501c4b •