CVE-2019-25162 – i2c: Fix a potential use after free
https://notcve.org/view.php?id=CVE-2019-25162
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, added Fixes tag] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i2c: corrige un use after free que libera la estructura adap solo después de que hayamos terminado de usarla. Este parche simplemente mueve put_device() un poco hacia abajo para evitar el use after free. [wsa: comentario agregado al código, etiqueta de correcciones agregada] An out-of-bounds (OOB) memory access flaw was found in the i2c driver module in the Linux kernel. • https://git.kernel.org/stable/c/611e12ea0f121a31d9e9c4ce2a18a77abc2f28d6 https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829 https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87 https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9 https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7 https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4 https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c7484 • CWE-416: Use After Free •
CVE-2024-26606 – binder: signal epoll threads of self-work
https://notcve.org/view.php?id=CVE-2024-26606
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: carpeta: señal de epoll de subprocesos de autotrabajo En el modo (e)poll, los subprocesos a menudo dependen de eventos de E/S para determinar cuándo los datos están listos para el consumo. • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240 •
CVE-2022-48626 – moxart: fix potential use-after-free on remove path
https://notcve.org/view.php?id=CVE-2022-48626
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: moxart: corrige el posible use-after-free en la ruta de eliminación. Se informó que se podía acceder a la estructura del host mmc después de que se liberó en moxart_remove(), así que solucione este problema guardando el registro base del dispositivo y usarlo en lugar de la desreferencia del puntero. • https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552 https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156 https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323 https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5 https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a5 • CWE-416: Use After Free •
CVE-2021-46905 – net: hso: fix NULL-deref on disconnect regression
https://notcve.org/view.php?id=CVE-2021-46905
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: hso: corrige NULL-deref durante la regresión de desconexión. El Commit 8a12f8836145 ("net: hso: corrige null-ptr-deref durante la cancelación del registro del dispositivo tty") corrigió la asignación menor picante reportada por syzbot, pero en su lugar introdujo una desreferencia de puntero NULL incondicional en cada desconexión. Específicamente, ya no se debe acceder a la tabla de dispositivos serie después de que hso_serial_tty_unregister() haya liberado al menor. A vulnerability was found in the Linux kernel. • https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66 https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d96 • CWE-476: NULL Pointer Dereference •
CVE-2021-46904 – net: hso: fix null-ptr-deref during tty device unregistration
https://notcve.org/view.php?id=CVE-2021-46904
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. • https://git.kernel.org/stable/c/72dc1c096c7051a48ab1dbb12f71976656b55eb5 https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449 https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4 https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1 • CWE-476: NULL Pointer Dereference •