CVE-2024-35828 – wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
https://notcve.org/view.php?id=CVE-2024-35828
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaración for de lbs_allocate_cmd_buffer(), si falló la asignación de cmdarray[i].cmdbuf, tanto cmdarray como cmdarray[i] Es necesario liberar ].cmdbuf. De lo contrario, habrá fugas de memoria en lbs_allocate_cmd_buffer(). • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186 https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7 https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2 https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9 https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3 https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23ed •
CVE-2024-35827 – io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
https://notcve.org/view.php?id=CVE-2024-35827
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() The "controllen" variable is type size_t (unsigned long). Casting it to int could lead to an integer underflow. The check_add_overflow() function considers the type of the destination which is type int. If we add two positive values and the result cannot fit in an integer then that's counted as an overflow. However, if we cast "controllen" to an int and it turns negative, then negative values *can* fit into an int type so there is no overflow. Good: 100 + (unsigned long)-4 = 96 <-- overflow Bad: 100 + (int)-4 = 96 <-- no overflow I deleted the cast of the sizeof() as well. That's not a bug but the cast is unnecessary. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: io_uring/net: corregida la comprobación de desbordamiento en io_recvmsg_mshot_prep() La variable "controllen" es de tipo size_t (largo sin firmar). • https://git.kernel.org/stable/c/9b0fc3c054ff2eb13753104884f1045b5bb3a627 https://git.kernel.org/stable/c/868ec868616438df487b9e2baa5a99f8662cc47c https://git.kernel.org/stable/c/59a534690ecc3af72c6ab121aeac1237a4adae66 https://git.kernel.org/stable/c/0c8c74bb59e7d77554016efc34c2d10376985e5e https://git.kernel.org/stable/c/b6563ad0d599110bd5cf8f56c47d279c3ed796fe https://git.kernel.org/stable/c/8ede3db5061bb1fe28e2c9683329aafa89d2b1b4 https://access.redhat.com/security/cve/CVE-2024-35827 https://bugzilla.redhat.com/show_bug.cgi?id=2281183 •
CVE-2023-52663 – ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()
https://notcve.org/view.php?id=CVE-2023-52663
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak. Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: amd: corrige la pérdida de memoria en amd_sof_acp_probe() El controlador usa kasprintf() para inicializar los miembros fw_{code,data}_bin de la estructura acp_dev_data, pero kfree() nunca se llama para desasignar la memoria, lo que resulta en una pérdida de memoria. Solucione el problema cambiando a devm_kasprintf(). Además, asegúrese de que la asignación se haya realizado correctamente comprobando la validez del puntero. • https://git.kernel.org/stable/c/f7da88003c53cf0eedabe609324a047b1921dfcc https://git.kernel.org/stable/c/88028c45d5871dfc449b2b0a27abf6428453a5ec https://git.kernel.org/stable/c/be4760799c6a7c01184467287f0de41e0dd255f8 https://git.kernel.org/stable/c/7296152e58858f928db448826eb7ba5ae611297b https://git.kernel.org/stable/c/222be59e5eed1554119294edc743ee548c2371d0 https://access.redhat.com/security/cve/CVE-2023-52663 https://bugzilla.redhat.com/show_bug.cgi?id=2281358 •
CVE-2023-52662 – drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
https://notcve.org/view.php?id=CVE-2023-52662
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_resource_init. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/vmwgfx: soluciona un memleak en vmw_gmrid_man_get_node Cuando falla ida_alloc_max, se deben liberar los recursos asignados anteriormente, incluido *res asignado por kmalloc y ttm_resource_init. • https://git.kernel.org/stable/c/d3bcb4b02fe977d6b7a82dbb6288e9223b5b6732 https://git.kernel.org/stable/c/03b1072616a8f7d6e8594f643b416a9467c83fbf https://git.kernel.org/stable/c/40624af6674745e174c754a20d7c53c250e65e7a https://git.kernel.org/stable/c/83e0f220d1e992fa074157fcf14945bf170ffbc5 https://git.kernel.org/stable/c/6fc6233f6db1579b69b54b44571f1a7fde8186e6 https://git.kernel.org/stable/c/d1e546ab91c670e536a274a75481034ab7534876 https://git.kernel.org/stable/c/89709105a6091948ffb6ec2427954cbfe45358ce https://access.redhat.com/security/cve/CVE-2023-52662 •
CVE-2023-52661 – drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()
https://notcve.org/view.php?id=CVE-2023-52661
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must be undone. Add the missing clk_put and a new 'put_pll_d_out0' label in the error handling path, and use it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/tegra: rgb: corrige la falta de clk_put() en las rutas de manejo de errores de tegra_dc_rgb_probe(). Si clk_get_sys(..., "pll_d2_out0") falla, la llamada clk_get_sys() debe deshacerse. Agregue el clk_put que falta y una nueva etiqueta 'put_pll_d_out0' en la ruta de manejo de errores y úsela. • https://git.kernel.org/stable/c/0c921b6d4ba06bc899fd84d3ce1c1afd3d00bc1c https://git.kernel.org/stable/c/f3f407ccbe84a34de9be3195d22cdd5969f3fd9f https://git.kernel.org/stable/c/845322a9c06dd1dcf35b6c4e3af89684297c23cc https://git.kernel.org/stable/c/2388c36e028fff7f8ffd515681a14c6c2c07fea7 https://git.kernel.org/stable/c/fa74e4f5d0821829545b9f7034a0e577c205c101 https://git.kernel.org/stable/c/45c8034db47842b25a3ab6139d71e13b4e67b9b3 https://git.kernel.org/stable/c/5c8dc26e31b8b410ad1895e0d314def50c76eed0 https://access.redhat.com/security/cve/CVE-2023-52661 •