CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52476 – perf/x86/lbr: Filter vsyscall addresses
https://notcve.org/view.php?id=CVE-2023-52476
In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur (most recent at top): __insn_get_emulate_prefix() insn_get_emulate_prefix() insn_get_prefixes() insn_get_opcode() decode_branch_type() get_branch_type() intel_pmu_lbr_filter() intel_pmu_handle_irq() perf_event_nmi_handler() Within __insn_get_emulate_prefix() at frame 0, a macro is called: peek_nbyte_next(insn_byte_t, insn, i) Within this macro, this dereference occurs: (insn)->next_byte Inspecting registers at this point, the value of the next_byte field is the address of the vsyscall made, for example the location of the vsyscall version of gettimeofday() at 0xffffffffff600000. The access to an address in the vsyscall region will trigger an oops due to an unhandled page fault. To fix the bug, filtering for vsyscalls can be done when determining the branch type. This patch will return a "none" branch if a kernel address if found to lie in the vsyscall region. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: perf/x86/lbr: Filtrar direcciones vsyscall Descubrimos que puede ocurrir un pánico cuando se realiza una vsyscall mientras el muestreo LBR está activo. • https://git.kernel.org/stable/c/403d201d1fd144cb249836dafb222f6375871c6c https://git.kernel.org/stable/c/3863989497652488a50f00e96de4331e5efabc6c https://git.kernel.org/stable/c/f71edacbd4f99c0e12fe4a4007ab4d687d0688db https://git.kernel.org/stable/c/e53899771a02f798d436655efbd9d4b46c0f9265 https://access.redhat.com/security/cve/CVE-2023-52476 https://bugzilla.redhat.com/show_bug.cgi?id=2267041 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52475 – Input: powermate - fix use-after-free in powermate_config_complete
https://notcve.org/view.php?id=CVE-2023-52475
In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free from the powermate_device struct. When an asynchronous control message completes after the kfree and its callback is invoked, the lock does not exist anymore and hence the bug. Use usb_kill_urb() on pm->config to cancel any in-progress requests upon device disconnection. [1] https://syzkaller.appspot.com/bug?extid=0434ac83f907a1dbdd1e En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Entrada: powermate - corrige el use-after-free en powermate_config_complete syzbot ha encontrado un error de use-after-free [1] en el controlador powermate. Esto sucede cuando el dispositivo está desconectado, lo que genera una memoria libre de la estructura powermate_device. • https://git.kernel.org/stable/c/8677575c4f39d65bf0d719b5d20e8042e550ccb9 https://git.kernel.org/stable/c/67cace72606baf1758fd60feb358f4c6be92e1cc https://git.kernel.org/stable/c/5aa514100aaf59868d745196258269a16737c7bd https://git.kernel.org/stable/c/cd2fbfd8b922b7fdd50732e47d797754ab59cb06 https://git.kernel.org/stable/c/6a4a396386404e62fb59bc3bde48871a64a82b4f https://git.kernel.org/stable/c/2efe67c581a2a6122b328d4bb6f21b3f36f40d46 https://git.kernel.org/stable/c/e528b1b9d60743e0b26224e3fe7aa74c24b8b2f8 https://git.kernel.org/stable/c/5c15c60e7be615f05a45cd905093a54b1 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26606 – binder: signal epoll threads of self-work
https://notcve.org/view.php?id=CVE-2024-26606
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: carpeta: señal de epoll de subprocesos de autotrabajo En el modo (e)poll, los subprocesos a menudo dependen de eventos de E/S para determinar cuándo los datos están listos para el consumo. • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52473 – thermal: core: Fix NULL pointer dereference in zone registration error path
https://notcve.org/view.php?id=CVE-2023-52473
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_with_trips() returns an error, the tz variable is set to NULL and subsequently dereferenced in kfree(tz->tzp). Commit adc8749b150c ("thermal/drivers/core: Use put_device() if device_register() fails") added the tz = NULL assignment in question to avoid a possible double-free after dropping the reference to the zone device. However, after commit 4649620d9404 ("thermal: core: Make thermal_zone_device_unregister() return after freeing the zone"), that assignment has become redundant, because dropping the reference to the zone device does not cause the zone object to be freed any more. Drop it to address the NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal: Core: corrige la desreferencia del puntero NULL en la ruta del error de registro de zona. Si device_register() en Thermal_zone_device_register_with_trips() devuelve un error, la variable tz se establece en NULL y posteriormente se desreferencia en kfree( tz->tzp). el commit adc8749b150c ("thermal/drivers/core: use put_device() si falla el dispositivo_register()") agregó la asignación tz = NULL en cuestión para evitar una posible doble liberación después de eliminar la referencia al dispositivo de zona. Sin embargo, después de el commit 4649620d9404 ("thermal: core: Make Thermal_zone_device_unregister() return después de liberar la zona"), esa asignación se ha vuelto redundante, porque eliminar la referencia al dispositivo de zona ya no causa que el objeto de zona se libere más. • https://git.kernel.org/stable/c/3d439b1a2ad36c8b4ea151c8de25309d60d17407 https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea https://access.redhat.com/security/cve/CVE-2023-52473 https://bugzilla.redhat.com/show_bug.cgi?id=2266363 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52472 – crypto: rsa - add a check for allocation failure
https://notcve.org/view.php?id=CVE-2023-52472
In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: rsa: agregue una verificación para fallas en la asignación. Los verificadores estáticos insisten en que la asignación mpi_alloc() puede fallar, así que agregue una verificación para evitar una desreferencia NULL. Pequeñas asignaciones como esta en realidad no pueden fallar en los kernels actuales, pero agregar una verificación es muy simple y hace felices a los verificadores estáticos. • https://git.kernel.org/stable/c/6637e11e4ad22ff03183da0dbd36d65c98b81cf7 https://git.kernel.org/stable/c/2831f4d3bfa68e64c5f83e96688be779c87b3511 https://git.kernel.org/stable/c/95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a https://git.kernel.org/stable/c/d872ca165cb67112f2841ef9c37d51ef7e63d1e4 • CWE-476: NULL Pointer Dereference •