CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48626 – moxart: fix potential use-after-free on remove path
https://notcve.org/view.php?id=CVE-2022-48626
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: moxart: corrige el posible use-after-free en la ruta de eliminación. Se informó que se podía acceder a la estructura del host mmc después de que se liberó en moxart_remove(), así que solucione este problema guardando el registro base del dispositivo y usarlo en lugar de la desreferencia del puntero. • https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552 https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156 https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323 https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5 https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a5 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52470 – drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
https://notcve.org/view.php?id=CVE-2023-52470
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/radeon: verifique el valor de retorno de alloc_workqueue en radeon_crtc_init() verifique el valor de retorno de alloc_workqueue en radeon_crtc_init() para evitar null-ptr-deref. A NULL pointer dereference flaw was found in alloc_workqueue in the Linux Kernel. Check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref. • https://git.kernel.org/stable/c/fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 https://git.kernel.org/stable/c/21b1645660717d6126dd4866c850fcc5c4703a41 https://git.kernel.org/stable/c/5d12c5d75f7c78b83a738025947651ec5c95b4d4 https://git.kernel.org/stable/c/57ca7984806d79b38af528de88fd803babf27feb https://git.kernel.org/stable/c/14bbfaa5df273b26cde6707f6e655585700e6fe1 https://git.kernel.org/stable/c/c4ff55408187f2595066967047363ca84e76db85 https://git.kernel.org/stable/c/0b813a6a0087451cb702b6eb841f10856f49d088 https://git.kernel.org/stable/c/fb2d8bc9b5e55848b8a7c3c028e2ee8d4 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52469 – drivers/amd/pm: fix a use-after-free in kv_parse_power_table
https://notcve.org/view.php?id=CVE-2023-52469
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes through the following call chains: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini The adev->pm.dpm.ps is used in the for loop of kv_dpm_fini after its first free in kv_parse_power_table and causes a use-after-free bug. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/amd/pm: corrige un use-after-free en kv_parse_power_table Cuando ps asignado por kzalloc es igual a NULL, kv_parse_power_table libera adev->pm.dpm.ps que se asignó antes. Sin embargo, después de que el flujo de control pasa por las siguientes cadenas de llamadas: kv_parse_power_table |-> kv_dpm_init |-> kv_dpm_sw_init |-> kv_dpm_fini El adev->pm.dpm.ps se usa en el bucle for de kv_dpm_fini después de su primera liberación en kv_parse_power_table y provoca un error de use-after-free. A use-after-free flaw was found in kv_parse_power_table in drivers/amd/pm in the Linux kernel. • https://git.kernel.org/stable/c/a2e73f56fa6282481927ec43aa9362c03c2e2104 https://git.kernel.org/stable/c/8a27d9d9fc9b5564b8904c3a77a7dea482bfa34e https://git.kernel.org/stable/c/8b55b06e737feb2a645b0293ea27e38418876d63 https://git.kernel.org/stable/c/520e213a0b97b64735a13950e9371e0a5d7a5dc3 https://git.kernel.org/stable/c/b6dcba02ee178282e0d28684d241e0b8462dea6a https://git.kernel.org/stable/c/35fa2394d26e919f63600ce631e6aefc95ec2706 https://git.kernel.org/stable/c/95084632a65d5c0d682a83b55935560bdcd2a1e3 https://git.kernel.org/stable/c/3426f059eacc33ecc676b0d66539297e1 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52467 – mfd: syscon: Fix null pointer dereference in of_syscon_register()
https://notcve.org/view.php?id=CVE-2023-52467
In the Linux kernel, the following vulnerability has been resolved: mfd: syscon: Fix null pointer dereference in of_syscon_register() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mfd: syscon: corrige la desreferencia del puntero nulo en of_syscon_register() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de falla. • https://git.kernel.org/stable/c/e15d7f2b81d2e7d93115d46fa931b366c1cdebc2 https://git.kernel.org/stable/c/927626a2073887ee30ba00633260d4d203f8e875 https://git.kernel.org/stable/c/c3e3a2144bf50877551138ffce9f7aa6ddfe385b https://git.kernel.org/stable/c/527e8c5f3d00299822612c495d5adf1f8f43c001 https://git.kernel.org/stable/c/3ef1130deee98997275904d9bfc37af75e1e906c https://git.kernel.org/stable/c/7f2c410ac470959b88e03dadd94b7a0b71df7973 https://git.kernel.org/stable/c/41673c66b3d0c09915698fec5c13b24336f18dd1 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26605 – PCI/ASPM: Fix deadlock when enabling ASPM
https://notcve.org/view.php?id=CVE-2024-26605
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] The deadlock can easily be reproduced on machines like the Lenovo ThinkPad X13s by adding a delay to increase the race window during asynchronous probe where another thread can take a write lock. Add a new pci_set_power_state_locked() and associated helper functions that can be called with the PCI bus semaphore held to avoid taking the read lock twice. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: PCI/ASPM: solucionó el punto muerto al habilitar ASPM. Una reversión de último minuto en 6.7-final introdujo un posible punto muerto al habilitar ASPM durante la prueba de los controladores PCIe de Qualcomm, según lo informado por lockdep: === ========================================= ADVERTENCIA: posible bloqueo recursivo detectado 6.7.0 #40 No contaminado -------------------------------------------- kworker/ u16:5/90 está intentando adquirir el bloqueo: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, en: pcie_aspm_pm_state_change+0x58/0xdc pero la tarea ya mantiene el bloqueo: ffffacfa78ced000 (pci_bus_sem){+++ +}-{3:3}, en: pci_walk_bus+0x34/0xbc otra información que podría ayudarnos a depurar esto: Posible escenario de bloqueo inseguro: CPU0 ---- lock(pci_bus_sem); bloquear(pci_bus_sem); *** DEADLOCK *** Rastreo de llamadas: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_ set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] El punto muerto se puede reproducir fácilmente en máquinas como la Lenovo ThinkPad X13s agregando un retraso para aumentar la ventana de carrera durante la prueba asíncrona donde otro hilo puede tomar un bloqueo de escritura. Agregue un nuevo pci_set_power_state_locked() y funciones auxiliares asociadas que se pueden llamar con el semáforo del bus PCI retenido para evitar tomar el bloqueo de lectura dos veces. • https://git.kernel.org/stable/c/b9c370b61d735a0e5390c42771e7eb21413f7868 https://git.kernel.org/stable/c/8cc22ba3f77c59df5f1ac47d62df51efb28cd868 https://git.kernel.org/stable/c/f93e71aea6c60ebff8adbd8941e678302d377869 https://git.kernel.org/stable/c/1f2f662c8bec75d1311e063efaa9107435cf16c8 https://git.kernel.org/stable/c/0f7908a016c092cfdaa16d785fa5099d867bc1a3 https://git.kernel.org/stable/c/b0f4478838be1f1d330061201898fef65bf8fd7c https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70 https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a180 • CWE-667: Improper Locking •