CVE-2023-52511 – spi: sun6i: reduce DMA RX transfer width to single byte
https://notcve.org/view.php?id=CVE-2023-52511
In the Linux kernel, the following vulnerability has been resolved: spi: sun6i: reduce DMA RX transfer width to single byte Through empirical testing it has been determined that sometimes RX SPI transfers with DMA enabled return corrupted data. This is down to single or even multiple bytes lost during DMA transfer from SPI peripheral to memory. It seems the RX FIFO within the SPI peripheral can become confused when performing bus read accesses wider than a single byte to it during an active SPI transfer. This patch reduces the width of individual DMA read accesses to the RX FIFO to a single byte to mitigate that issue. • https://git.kernel.org/stable/c/ff05ed4ae214011464a0156f05cac1b0b46b5fbc https://git.kernel.org/stable/c/e15bb292b24630ee832bfc7fd616bd72c7682bbb https://git.kernel.org/stable/c/b3c21c9c7289692f4019f163c3b06d8bdf78b355 https://git.kernel.org/stable/c/171f8a49f212e87a8b04087568e1b3d132e36a18 •
CVE-2023-52510 – ieee802154: ca8210: Fix a potential UAF in ca8210_probe
https://notcve.org/view.php?id=CVE-2023-52510
In the Linux kernel, the following vulnerability has been resolved: ieee802154: ca8210: Fix a potential UAF in ca8210_probe If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock(). • https://git.kernel.org/stable/c/ded845a781a578dfb0b5b2c138e5a067aa3b1242 https://git.kernel.org/stable/c/28b68cba378e3e50a4082b65f262bc4f2c7c2add https://git.kernel.org/stable/c/cdb46be93c1f7bbf2c4649e9fc5fb147cfb5245d https://git.kernel.org/stable/c/85c2857ef90041f567ce98722c1c342c4d31f4bc https://git.kernel.org/stable/c/55e06850c7894f00d41b767c5f5665459f83f58f https://git.kernel.org/stable/c/84c6aa0ae5c4dc121f9996bb8fed46c80909d80e https://git.kernel.org/stable/c/217efe32a45249eb07dcd7197e8403de98345e66 https://git.kernel.org/stable/c/becf5c147198f4345243c5df0c4f03541 •
CVE-2023-52509 – ravb: Fix use-after-free issue in ravb_tx_timeout_work()
https://notcve.org/view.php?id=CVE-2023-52509
In the Linux kernel, the following vulnerability has been resolved: ravb: Fix use-after-free issue in ravb_tx_timeout_work() The ravb_stop() should call cancel_work_sync(). Otherwise, ravb_tx_timeout_work() is possible to use the freed priv after ravb_remove() was called like below: CPU0 CPU1 ravb_tx_timeout() ravb_remove() unregister_netdev() free_netdev(ndev) // free priv ravb_tx_timeout_work() // use priv unregister_netdev() will call .ndo_stop() so that ravb_stop() is called. And, after phy_stop() is called, netif_carrier_off() is also called. So that .ndo_tx_timeout() will not be called after phy_stop(). • https://git.kernel.org/stable/c/c156633f1353264634135dea86ffcae74f2122fc https://git.kernel.org/stable/c/65d34cfd4e347054eb4193bc95d9da7eaa72dee5 https://git.kernel.org/stable/c/db9aafa19547833240f58c2998aed7baf414dc82 https://git.kernel.org/stable/c/616761cf9df9af838c0a1a1232a69322a9eb67e6 https://git.kernel.org/stable/c/6f6fa8061f756aedb93af12a8a5d3cf659127965 https://git.kernel.org/stable/c/105abd68ad8f781985113aee2e92e0702b133705 https://git.kernel.org/stable/c/3971442870713de527684398416970cf025b4f89 •
CVE-2023-52508 – nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
https://notcve.org/view.php?id=CVE-2023-52508
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvme_fc_io_getuuid passing a pointer to an nvmefc_fcp_req for an AEN operation. Add validation of the request structure pointer before dereference. • https://git.kernel.org/stable/c/be90c9e29dd59b7d19a73297a1590ff3ec1d22ea https://git.kernel.org/stable/c/dd46b3ac7322baf3772b33b29726e94f98289db7 https://git.kernel.org/stable/c/8ae5b3a685dc59a8cf7ccfe0e850999ba9727a3c •
CVE-2023-52507 – nfc: nci: assert requested protocol is valid
https://notcve.org/view.php?id=CVE-2023-52507
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: assert requested protocol is valid The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones. • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 https://git.kernel.org/stable/c/2c231a247a1d1628e41fa1eefd1a5307c41c5f53 https://git.kernel.org/stable/c/a686f84101680b8442181a8846fbd3c934653729 https://git.kernel.org/stable/c/95733ea130e35ef9ec5949a5908dde3feaba92cb https://git.kernel.org/stable/c/a424807d860ba816aaafc3064b46b456361c0802 https://git.kernel.org/stable/c/25dd54b95abfdca423b65a4ee620a774777d8213 https://git.kernel.org/stable/c/853dda54ba59ea70d5580a298b7ede4707826848 https://git.kernel.org/stable/c/6584eba7688dcf999542778b07f63828c •