CVE-2019-25162 – i2c: Fix a potential use after free
https://notcve.org/view.php?id=CVE-2019-25162
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: corrige un use after free que libera la estructura adap solo después de que hayamos terminado de usarla. Este parche simplemente mueve put_device() un poco hacia abajo para evitar el use after free. [wsa: comentario agregado al código, etiqueta de correcciones agregada] An out-of-bounds (OOB) memory access flaw was found in the i2c driver module in the Linux kernel. • https://git.kernel.org/stable/c/611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829 https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87 https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9 https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7 https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4 https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c7484 • CWE-416: Use After Free •
CVE-2019-25160 – netlabel: fix out-of-bounds memory accesses
https://notcve.org/view.php?id=CVE-2019-25160
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlabel: corrige accesos a memoria fuera de los límites Hay dos accesos a memoria fuera de los límites de matriz, uno en cipso_v4_map_lvl_valid() y el otro en netlbl_bitmap_walk(). Ambos errores son vergonzosamente simples y las soluciones son sencillas. Para su información, cualquiera que esté implementando este parche en kernels anteriores a v4.8, querrá aplicar el parche netlbl_bitmap_walk() a cipso_v4_bitmap_walk() ya que netlbl_bitmap_walk() no existe antes de Linux v4.8. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272 https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950 https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000 https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba6413 • CWE-125: Out-of-bounds Read •
CVE-2024-26606 – binder: signal epoll threads of self-work
https://notcve.org/view.php?id=CVE-2024-26606
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: carpeta: señal de epoll de subprocesos de autotrabajo En el modo (e)poll, los subprocesos a menudo dependen de eventos de E/S para determinar cuándo los datos están listos para el consumo. • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240 •
CVE-2022-48626 – moxart: fix potential use-after-free on remove path
https://notcve.org/view.php?id=CVE-2022-48626
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: moxart: corrige el posible use-after-free en la ruta de eliminación. Se informó que se podía acceder a la estructura del host mmc después de que se liberó en moxart_remove(), así que solucione este problema guardando el registro base del dispositivo y usarlo en lugar de la desreferencia del puntero. • https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552 https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156 https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323 https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5 https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a5 • CWE-416: Use After Free •
CVE-2021-46905 – net: hso: fix NULL-deref on disconnect regression
https://notcve.org/view.php?id=CVE-2021-46905
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: hso: corrige NULL-deref durante la regresión de desconexión. El Commit 8a12f8836145 ("net: hso: corrige null-ptr-deref durante la cancelación del registro del dispositivo tty") corrigió la asignación menor picante reportada por syzbot, pero en su lugar introdujo una desreferencia de puntero NULL incondicional en cada desconexión. Específicamente, ya no se debe acceder a la tabla de dispositivos serie después de que hso_serial_tty_unregister() haya liberado al menor. A vulnerability was found in the Linux kernel. • https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66 https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d96 • CWE-476: NULL Pointer Dereference •