CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26657 – drm/sched: fix null-ptr-deref in init entity
https://notcve.org/view.php?id=CVE-2024-26657
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/sched: fix null-ptr-deref in init entity The bug can be triggered by sending an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context. The bug was reported by Joonkyo Jung
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26656 – drm/amdgpu: fix use-after-free bug
https://notcve.org/view.php?id=CVE-2024-26656
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26655 – Fix memory leak in posix_clock_open()
https://notcve.org/view.php?id=CVE-2024-26655
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix memory leak in posix_clock_open() If the clk ops.open() function returns an error, we don't release the pccontext we allocated for this clock. Re-organize the code slightly to make it all more obvious. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Reparar la pérdida de memoria en posix_clock_open() Si la función clk ops.open() devuelve un error, no liberamos el contexto de pc que asignamos para este reloj. Reorganice l... • https://git.kernel.org/stable/c/60c6946675fc06dd2fd2b7a4b6fd1c1f046f1056 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26654 – ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
https://notcve.org/view.php?id=CVE-2024-26654
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker could... • https://git.kernel.org/stable/c/198de43d758ca2700e2b52b49c0b189b4931466c •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26653 – usb: misc: ljca: Fix double free in error handling path
https://notcve.org/view.php?id=CVE-2024-26653
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: misc: ljca: Fix double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function ljca_auxdev_release calls kfree(auxdev->dev.platform_data) to free the parameter data of the function ljca_new_client_device. The callers of ljca_new_client_device shouldn't call kfree() again in the error handling path to free the platform data. Fix this by cleaning up the redundant k... • https://git.kernel.org/stable/c/acd6199f195d6de814ac4090ce0864a613b1580e •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52629 – sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
https://notcve.org/view.php?id=CVE-2023-52629
29 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_... • https://git.kernel.org/stable/c/9f5e8eee5cfe1328660c71812d87c2a67bda389f • CWE-416: Use After Free •
CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52628 – netfilter: nftables: exthdr: fix 4-byte stack OOB write
https://notcve.org/view.php?id=CVE-2023-52628
28 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support ... • https://git.kernel.org/stable/c/49499c3e6e18b7677a63316f3ff54a16533dc28f • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26652 – net: pds_core: Fix possible double free in error handling path
https://notcve.org/view.php?id=CVE-2024-26652
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: pds_core: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), Callback function pdsc_auxbus_dev_release calls kfree(padev) to free memory. We shouldn't call kfree(padev) again in the error handling path. Fix this by cleaning up the redundant kfree() and putting the error handling back to where the errors happened. En el kernel de Linux, se resolvió la sigui... • https://git.kernel.org/stable/c/4569cce43bc61e4cdd76597a1cf9b608846c18cc •
CVSS: 6.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26651 – sr9800: Add check for usbnet_get_endpoints
https://notcve.org/view.php?id=CVE-2024-26651
27 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sr9800: Agregar verificación para usbnet_get_endpoints Agregar verificación para usbnet_get_endpoints() y devolver el error si falla para transferir el error. In the Linux kernel, the following vulnerability has been resolved: sr9800: ... • https://git.kernel.org/stable/c/19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26649 – drm/amdgpu: Fix the null pointer when load rlc firmware
https://notcve.org/view.php?id=CVE-2024-26649
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer when load rlc firmware If the RLC firmware is invalid because of wrong header size, the pointer to the rlc firmware is released in function amdgpu_ucode_request. There will be a null pointer error in subsequent use. So skip validation to fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: corrige el puntero nulo al cargar el firmware rlc. Si el firmware RLC no es válido debido... • https://git.kernel.org/stable/c/3da9b71563cbb7281875adab1d7c4132679da987 • CWE-476: NULL Pointer Dereference •