CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27393 – xen-netfront: Add missing skb_mark_for_recycle
https://notcve.org/view.php?id=CVE-2024-27393
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: pag... • https://git.kernel.org/stable/c/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 2CVE-2023-52654 – io_uring/af_unix: disable sending io_uring over sockets
https://notcve.org/view.php?id=CVE-2023-52654
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary. En e... • https://packetstorm.news/files/id/189862 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48704 – drm/radeon: add a force flush to delay work when radeon
https://notcve.org/view.php?id=CVE-2022-48704
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs acce... • https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48695 – scsi: mpt3sas: Fix use-after-free warning
https://notcve.org/view.php?id=CVE-2022-48695
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpt3sas: Corrija la advertencia de use-after-free. Corrija la siguiente advertencia de use-after-free que se observa durante ... • https://git.kernel.org/stable/c/146b16c8071f5f6c67895d15beeee1163f5107c4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48703 – thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
https://notcve.org/view.php?id=CVE-2022-48703
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checking ZERO... • https://git.kernel.org/stable/c/0ba13c763aacb27ab32bde5d559bf40e88465921 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48702 – ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
https://notcve.org/view.php?id=CVE-2022-48702
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the newly allocated voices as if it never wrapped around. This results in out of bounds access if the first voice has a high enough index so that first_voice + requested_voice_count > NUM_G (64). The more voices are re... • https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48701 – ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()
https://notcve.org/view.php?id=CVE-2022-48701
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() There may be a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of it's interfaces less than 4, an out-of-bounds read bug occurs when parsing the interface descriptor for this device. Fix this by checking the number of interfaces. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: corrige un error fuera de los... • https://git.kernel.org/stable/c/b970518014f2f0f6c493fb86c1e092b936899061 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48697 – nvmet: fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-48697
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_compl... • https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48693 – soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
https://notcve.org/view.php?id=CVE-2022-48693
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks (2) we need to add iounmap() for each iomap in fail path En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: brcmstb: pm-arm: corrige los errores de fuga de refcount y __iomem En brcmstb_pm_probe(), hay dos tipos de errores de fuga: (... • https://git.kernel.org/stable/c/0b741b8234c86065fb6954d32d427b3f7e14756f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48691 – netfilter: nf_tables: clean up hook list when offload flags check fails
https://notcve.org/view.php?id=CVE-2022-48691
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810180b100 (size 96): comm "syz-executor133", pid 3619, jiffies 4294945714 (age 12.690s) hex dump (first 32 bytes): 28 64 23 02 81 88 ff ff 28 64 23 02 81 88 ff ff (d#.....(d#..... 90 a8 aa 83 ff ff ff ff 00 00 b5 0f 81 88 ff ff ............ • https://git.kernel.org/stable/c/d54725cd11a57c30f650260cfb0a92c268bdc3e0 • CWE-401: Missing Release of Memory after Effective Lifetime •