CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52486 – drm: Don't unref the same fb many times by mistake due to deadlock handling
https://notcve.org/view.php?id=CVE-2023-52486
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from the top. But we forget to reset the fb pointer back to NULL, and so if we then get another error during the retry, before the fb lookup, we proceed the unref the same fb again without having gotten another reference. The end result is... • https://git.kernel.org/stable/c/376e21a9e4c2c63ee5d8d3aa74be5082c3882229 • CWE-833: Deadlock •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52485 – drm/amd/display: Wake DMCUB before sending a command
https://notcve.org/view.php?id=CVE-2023-52485
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command [Why] We can hang in place trying to send commands when the DMCUB isn't powered on. [How] For functions that execute within a DC context or DC lock we can wrap the direct calls to dm_execute_dmub_cmd/list with code that exits idle power optimizations and reallows once we're done with the command submission on success. For DM direct submissions the DM will need to manage the enter/exit seq... • https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26607 – drm/bridge: sii902x: Fix probing race issue
https://notcve.org/view.php?id=CVE-2024-26607
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_hel... • https://git.kernel.org/stable/c/21d808405fe49028036932dd969920f4fee4f481 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52484 – iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
https://notcve.org/view.php?id=CVE-2023-52484
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------- watchdog: BUG: soft lockup - CPU#244 stuck for 26s! pstate: 83400009 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : arm_smmu_cmdq_issue_cmdlist+0x178/0xa50 lr : arm_smmu_cmdq_issue_cmdlist+0x150/0xa50 sp : ffff8000d83ef290 x29:... • https://git.kernel.org/stable/c/f5a604757aa8e37ea9c7011dc9da54fa1b30f29b •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52483 – mctp: perform route lookups under a RCU read-side lock
https://notcve.org/view.php?id=CVE-2023-52483
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: mctp: perform route lookups under a RCU read-side lock Our current route lookups (mctp_route_lookup and mctp_route_lookup_null) traverse the net's route list without the RCU read lock held. This means the route lookup is subject to preemption, resulting in an potential grace period expiry, and so an eventual kfree() while we still have the route pointer. Add the proper read-side critical section locks around the route lookups, preventing pr... • https://git.kernel.org/stable/c/889b7da23abf92faf34491df95733bda63639e32 •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52482 – x86/srso: Add SRSO mitigation for Hygon processors
https://notcve.org/view.php?id=CVE-2023-52482
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/srso: agregue mitigación SRSO para procesadores Hygon. Agregue mitigación para la vulnerabilidad de desbordamiento de pila de retorno especulativo que también existe en los procesadores Hygon. A vulnerability was fou... • https://git.kernel.org/stable/c/e7ea043bc3f19473561c08565047b3f1671bf35d • CWE-562: Return of Stack Variable Address •
CVSS: 6.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52481 – arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
https://notcve.org/view.php?id=CVE-2023-52481
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load might leak data from a privileged load via a cache side channel. The issue only exists for loads within a translation regime with the same translation (e.g. same ASID and VMID). Therefore, the issue only affects the return to EL0. The... • https://git.kernel.org/stable/c/6e3ae2927b432a3b7c8374f14dbc1bd9ebe4372c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52480 – ksmbd: fix race condition between session lookup and expire
https://notcve.org/view.php?id=CVE-2023-52480
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix race condition between session lookup and expire Thread A + Thread B ksmbd_session_lookup | smb2_sess_setup sess = xa_load | | | xa_erase(&conn->sessions, sess->id); | | ksmbd_session_destroy(sess) --> kfree(sess) | // UAF! | sess->last_active = jiffies | + This patch add rwsem to fix race condition between ksmbd_session_lookup and ksmbd_expire_session. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrig... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52479 – ksmbd: fix uaf in smb20_oplock_break_ack
https://notcve.org/view.php?id=CVE-2023-52479
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix uaf in smb20_oplock_break_ack drop reference after use opinfo. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: corrige uaf en smb20_oplock_break_ack elimina la referencia después de usar opinfo. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52478 – HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
https://notcve.org/view.php?id=CVE-2023-52478
29 Feb 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs from a workqueue but it also runs on probe() and if a "device-connected" packet is received by the hw when the thread running hidpp_connect_event() from probe() is waiting on the hw, then a second thread running hidpp_connect_event() will... • https://git.kernel.org/stable/c/ca0c4cc1d215dc22ab0e738c9f017c650f3183f5 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •