CVE-2023-52689 – ALSA: scarlett2: Add missing mutex lock around get meter levels
https://notcve.org/view.php?id=CVE-2023-52689
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex should be locked while accessing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: scarlett2: agrega un bloqueo mutex faltante alrededor de los niveles de obtención de medidores. Como scarlett2_meter_ctl_get() usa meter_level_map[], el data_mutex debe estar bloqueado al acceder a él. • https://git.kernel.org/stable/c/3473185f31df29ac572be94fdb87ad8267108bec https://git.kernel.org/stable/c/74e3de7cdcc31ce75ab42350ae0946eff62a2da2 https://git.kernel.org/stable/c/993f7b42fa066b055e3a19b7f76ad8157c0927a0 https://access.redhat.com/security/cve/CVE-2023-52689 https://bugzilla.redhat.com/show_bug.cgi?id=2281305 •
CVE-2023-52688 – wifi: ath12k: fix the error handler of rfkill config
https://notcve.org/view.php?id=CVE-2023-52688
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath12k: corrige el controlador de errores de la configuración de rfkill Cuando la configuración principal de rfkill arroja un error, debería liberar los recursos asignados. Actualmente no está liberando recursos de creación de pdev centrales. • https://git.kernel.org/stable/c/004ccbc0dd49c63576a4c60a663a38dd3cb6bee5 https://git.kernel.org/stable/c/b4e593a7a22fa3c7d0550ef51c90b5c21f790aa8 https://git.kernel.org/stable/c/898d8b3e1414cd900492ee6a0b582f8095ba4a1a •
CVE-2023-52687 – crypto: safexcel - Add error handling for dma_map_sg() calls
https://notcve.org/view.php?id=CVE-2023-52687
In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg(). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: safexcel - Añadir manejo de errores para llamadas a dma_map_sg() La macro dma_map_sg() puede devolver 0 en caso de error. Este parche permite realizar comprobaciones en caso de fallo de la macro y garantiza la eliminación de la asignación de búferes previamente asignados con dma_unmap_sg(). Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE. • https://git.kernel.org/stable/c/49186a7d9e46ff132a0ed9b721ad6b6a58dba6c1 https://git.kernel.org/stable/c/4c0ac81a172a69a7733290915276672787e904ec https://git.kernel.org/stable/c/8084b788c2fb1260f7d44c032d5124680b20d2b2 https://git.kernel.org/stable/c/fc0b785802b856566df3ac943e38a072557001c4 https://git.kernel.org/stable/c/87e02063d07708cac5bfe9fd3a6a242898758ac8 •
CVE-2023-52686 – powerpc/powernv: Add a null pointer check in opal_event_init()
https://notcve.org/view.php?id=CVE-2023-52686
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: añadir una verificación de puntero nulo en opal_event_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. • https://git.kernel.org/stable/c/2717a33d60745f2f72e521cdaedf79b00f66f8ca https://git.kernel.org/stable/c/8422d179cf46889c15ceff9ede48c5bfa4e7f0b4 https://git.kernel.org/stable/c/e93d7cf4c1ddbcd846739e7ad849f955a4f18031 https://git.kernel.org/stable/c/e6ad05e3ae9c84c5a71d7bb2d44dc845ae7990cf https://git.kernel.org/stable/c/c0b111ea786ddcc8be0682612830796ece9436c7 https://git.kernel.org/stable/c/9a523e1da6d88c2034f946adfa4f74b236c95ca9 https://git.kernel.org/stable/c/a14c55eb461d630b836f80591d8caf1f74e62877 https://git.kernel.org/stable/c/e08c2e275fa1874de945b87093f925997 •
CVE-2023-52684 – firmware: qcom: qseecom: fix memory leaks in error paths
https://notcve.org/view.php?id=CVE-2023-52684
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: qcom: qseecom: corrige pérdidas de memoria en rutas de error Corrija instancias de devolución de códigos de error directamente en lugar de saltar a las etiquetas relevantes donde se liberaría la memoria asignada para las llamadas SCM. • https://git.kernel.org/stable/c/759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 https://git.kernel.org/stable/c/85fdbf6840455be64eac16bdfe0df3368ee3d0f0 https://git.kernel.org/stable/c/6c57d7b593c4a4e60db65d5ce0fe1d9f79ccbe9b •