CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-46923 – fs/mount_setattr: always cleanup mount_kattr
https://notcve.org/view.php?id=CVE-2021-46923
27 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested. En el kernel de Linux, se ha resuelto la siguiente vulne... • https://git.kernel.org/stable/c/9caccd41541a6f7d6279928d9f971f6642c361af • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52474 – IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests
https://notcve.org/view.php?id=CVE-2023-52474
26 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs where an iovec other than the tail iovec does not run up to the page boundary for the buffer pointed to by that iovec.a Here are the specific bugs: 1. user_sdma_txadd() does not use struct user_sdma_iovec->iov.iov_len. Rather, user_sdma_... • https://git.kernel.org/stable/c/7724105686e718ac476a6ad3304fea2fbcfcffde •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2019-25162 – i2c: Fix a potential use after free
https://notcve.org/view.php?id=CVE-2019-25162
26 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: corrige un use after free que libera la estructura adap solo después de que hayamos terminado de usarla. Este parche simplemente mueve put_device() un... • https://github.com/uthrasri/CVE-2019-25162 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26606 – binder: signal epoll threads of self-work
https://notcve.org/view.php?id=CVE-2024-26606
26 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indef... • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48626 – moxart: fix potential use-after-free on remove path
https://notcve.org/view.php?id=CVE-2022-48626
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: moxart: corrige el posible use-after-free en la ruta de eliminación. Se informó que se podía acceder a la estructura del hos... • https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52473 – thermal: core: Fix NULL pointer dereference in zone registration error path
https://notcve.org/view.php?id=CVE-2023-52473
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_with_trips() returns an error, the tz variable is set to NULL and subsequently dereferenced in kfree(tz->tzp). Commit adc8749b150c ("thermal/drivers/core: Use put_device() if device_register() fails") added the tz = NULL assignment in question to avoid a possible double-free after dropping the reference to the zon... • https://git.kernel.org/stable/c/3d439b1a2ad36c8b4ea151c8de25309d60d17407 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52472 – crypto: rsa - add a check for allocation failure
https://notcve.org/view.php?id=CVE-2023-52472
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: rsa: agregue una verificación para fallas en la asignación. Los verificado... • https://git.kernel.org/stable/c/6637e11e4ad22ff03183da0dbd36d65c98b81cf7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52470 – drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
https://notcve.org/view.php?id=CVE-2023-52470
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: verifique el valor de retorno de alloc_workqueue en radeon_crtc_init() verifique el valor de retorno de alloc_workqueue en radeon_crtc_init() para evitar null-ptr-deref. A NULL pointer dereference flaw was ... • https://git.kernel.org/stable/c/fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52469 – drivers/amd/pm: fix a use-after-free in kv_parse_power_table
https://notcve.org/view.php?id=CVE-2023-52469
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the following call chains: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its first free in kv_parse_power_table and causes a use-after-f... • https://git.kernel.org/stable/c/a2e73f56fa6282481927ec43aa9362c03c2e2104 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52468 – class: fix use-after-free in class_register()
https://notcve.org/view.php?id=CVE-2023-52468
25 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: class: fix use-after-free in class_register() The lock_class_key is still registered and can be found in lock_keys_hash hlist after subsys_private is freed in error handler path.A task who iterate over the lock_keys_hash later may cause use-after-free.So fix that up and unregister the lock_class_key before kfree(cp). On our platform, a driver fails to kset_register because of creating duplicate filename '/class/xxx'.With Kasan enabled, it p... • https://git.kernel.org/stable/c/dcfbb67e48a2becfce7990386e985b9c45098ee5 • CWE-416: Use After Free •