CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52572 – cifs: Fix UAF in cifs_demultiplex_thread()
https://notcve.org/view.php?id=CVE-2023-52572
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/923 CPU: 1 PID: 923 Comm: cifsd Not tainted 6.1.0-rc4+ #45 ... Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52571 – power: supply: rk817: Fix node refcount leak
https://notcve.org/view.php?id=CVE-2023-52571
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak Dan Carpenter reports that the Smatch static checker warning has found that there is another refcount leak in the probe function. While of_node_put() was added in one of the return paths, it should in fact be added for ALL return paths that return an error and at driver removal time. In the Linux kernel, the following vulnerability has been resolved: power: supply: rk817: Fix node refcount leak D... • https://git.kernel.org/stable/c/7d1e3961725e69774871b081a065c2b3640c5f0e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52570 – vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent()
https://notcve.org/view.php?id=CVE-2023-52570
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() Inject fault while probing mdpy.ko, if kstrdup() of create_dir() fails in kobject_add_internal() in kobject_init_and_add() in mdev_type_add() in parent_create_sysfs_files(), it will return 0 and probe successfully. And when rmmod mdpy.ko, the mdpy_dev_exit() will call mdev_unregister_parent(), the mdev_type_remove() may traverse uninitialized parent->types[i] in parent_remove_... • https://git.kernel.org/stable/c/da44c340c4fe9d9653ae84fa6a60f406bafcffce •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52569 – btrfs: remove BUG() after failure to insert delayed dir index item
https://notcve.org/view.php?id=CVE-2023-52569
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we have allocated/acquired before and return the error to the caller. This is fine because all existing call chains undo anything they have done before calling btrfs_insert_delayed_dir_index() or BUG_ON (when creating pending snapshots ... • https://git.kernel.org/stable/c/39c4a9522db0072570d602e9b365119e17fb9f4f •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52568 – x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
https://notcve.org/view.php?id=CVE-2023-52568
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race The SGX EPC reclaimer (ksgxd) may reclaim the SECS EPC page for an enclave and set secs.epc_page to NULL. The SECS page is used for EAUG and ELDU in the SGX page fault handler. However, the NULL check for secs.epc_page is only done for ELDU, not EAUG before being used. Fix this by doing the same NULL check and reloading of the SECS page as needed for both EAUG and ELDU. The SECS pa... • https://git.kernel.org/stable/c/5a90d2c3f5ef87717e54572af8426aba6fdbdaa6 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52567 – serial: 8250_port: Check IRQ data before use
https://notcve.org/view.php?id=CVE-2023-52567
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a case we need to skip the wake event as we came to this path from the timer interrupt and quite likely system is already awake. Without this fix we have got an Oops: serial8250: ttyS0 at I/O 0x3f8 (irq = 0, base_baud = 115200) is a 16... • https://git.kernel.org/stable/c/edfe57aedff4ecf3606533aabf8ecf7676c3c5d9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52566 – nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
https://notcve.org/view.php?id=CVE-2023-52566
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. If the reference count hits 0 and its owner page gets unlocked, bh may be freed. However, bh->b_page is dereferenced to put the page after that, which may result in a use-after-free bug. This patch moves the release operation after u... • https://git.kernel.org/stable/c/a3d93f709e893187d301aa5458b2248db9f22bd1 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52565 – media: uvcvideo: Fix OOB read
https://notcve.org/view.php?id=CVE-2023-52565
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read. In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix OOB read If the index provided by the user is bigger than the mask size, we might do an out of bound read. • https://git.kernel.org/stable/c/367703c3ec4f72208b8cae14310b8a2c955ec565 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52564 – Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux"
https://notcve.org/view.php?id=CVE-2023-52564
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to free up the virtual ttys by calling gsm_dlci_release() for each available DLCI. There, dlci_put() is called to decrease the reference counter for the DLCI via tty_port_put() which finally calls gsm_dlci_free(). This already clears the poi... • https://git.kernel.org/stable/c/8fc0eabaa73bbd9bd705577071564616da5c8c61 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52563 – drm/meson: fix memory leak on ->hpd_notify callback
https://notcve.org/view.php?id=CVE-2023-52563
02 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix memory leak on ->hpd_notify callback The EDID returned by drm_bridge_get_edid() needs to be freed. • https://git.kernel.org/stable/c/e098989a9219f4456047f9b0e8c44f03e29a843e •