CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49740 – wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
https://notcve.org/view.php?id=CVE-2022-49740
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buf... • https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49739 – gfs2: Always check inode size of inline inodes
https://notcve.org/view.php?id=CVE-2022-49739
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Always check inode size of inline inodes Check if the inode size of stuffed (inline) inodes is within the allowed range when reading inodes from disk (gfs2_dinode_in()). This prevents us from on-disk corruption. The two checks in stuffed_readpage() and gfs2_unstuffer_page() that just truncate inline data to the maximum allowed size don't actually make sense, and they can be removed now as well. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/45df749f827c286adbc951f2a4865b67f0442ba9 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49738 – f2fs: fix to do sanity check on i_extra_isize in is_alive()
https://notcve.org/view.php?id=CVE-2022-49738
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_extra_isize in is_alive() syzbot found a f2fs bug: BUG: KASAN: slab-out-of-bounds in data_blkaddr fs/f2fs/f2fs.h:2891 [inline] BUG: KASAN: slab-out-of-bounds in is_alive fs/f2fs/gc.c:1117 [inline] BUG: KASAN: slab-out-of-bounds in gc_data_segment fs/f2fs/gc.c:1520 [inline] BUG: KASAN: slab-out-of-bounds in do_garbage_collect+0x386a/0x3df0 fs/f2fs/gc.c:1734 Read of size 4 at addr ffff888076557568 by task kwo... • https://git.kernel.org/stable/c/e5142a4935c1f15841d06047b8130078fc4d7b8f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52939 – mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath()
https://notcve.org/view.php?id=CVE-2023-52939
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() As commit 18365225f044 ("hwpoison, memcg: forcibly uncharge LRU pages"), hwpoison will forcibly uncharg a LRU hwpoisoned page, the folio_memcg could be NULl, then, mem_cgroup_track_foreign_dirty_slowpath() could occurs a NULL pointer dereference, let's do not record the foreign writebacks for folio memcg is null in mem_cgroup_track_foreign_dirty() to fix it. In the Lin... • https://git.kernel.org/stable/c/97b27821b4854ca744946dae32a3f2fd55bcd5bc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52936 – kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2023-52936
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simpler, just call debugfs_lookup_and_remove() instead which handles all of the logic at once. In the Linux kernel, the following vulnerability has been resolved: kernel/irq/irqdomain.c: fix memory leak with using debugfs_lookup() When calling deb... • https://git.kernel.org/stable/c/066ecbf1a53eb0b92b10c8df7808666be6ea5681 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52935 – mm/khugepaged: fix ->anon_vma race
https://notcve.org/view.php?id=CVE-2023-52935
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the VMA is associated with a mapping); and so to be able to remove page tables, we must hold all three of them. retract_page_tables() bails out if an ->anon_vma is at... • https://git.kernel.org/stable/c/f3f0e1d2150b2b99da2cbdfaad000089efe9bf30 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52933 – Squashfs: fix handling and sanity checking of xattr_ids count
https://notcve.org/view.php?id=CVE-2023-52933
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these flaws cause computation overflow due to incorrect typing. In the corrupted filesystem the xattr_ids value is 4294967071, which stored in a signed variable becomes the negative number -225. Flaw 1 (64-bit systems only): The signed integer ... • https://git.kernel.org/stable/c/ff49cace7b8cf00d27665f7536a863d406963d06 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52932 – mm/swapfile: add cond_resched() in get_swap_pages()
https://notcve.org/view.php?id=CVE-2023-52932
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: add cond_resched() in get_swap_pages() The softlockup still occurs in get_swap_pages() under memory pressure. 64 CPU cores, 64GB memory, and 28 zram devices, the disksize of each zram device is 50MB with same priority as si. Use the stress-ng tool to increase memory pressure, causing the system to oom frequently. The plist_for_each_entry_safe() loops in get_swap_pages() could reach tens of thousands of times to find available s... • https://git.kernel.org/stable/c/29f0349c5c76b627fe06b87d4b13fa03a6ce8e64 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52930 – drm/i915: Fix potential bit_17 double-free
https://notcve.org/view.php?id=CVE-2023-52930
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_TILING_NONE could trigger a double free of the bit_17 bitmask. (Or conversely leak memory on the transition to tiled.) Move allocation/free'ing of the bitmask within the section protected by the obj lock. [tursulin: Correct fixes tag and added cc stable.] (cherry picked from commit 10e0cbaaf1104f449d695c80bcacf93... • https://git.kernel.org/stable/c/2850748ef8763ab46958e43a4d1c445f29eeb37d •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52928 – bpf: Skip invalid kfunc call in backtrack_insn
https://notcve.org/view.php?id=CVE-2023-52928
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrack_insn The verifier skips invalid kfunc call in check_kfunc_call(), which would be captured in fixup_kfunc_call() if such insn is not eliminated by dead code elimination. However, this can lead to the following warning in backtrack_insn(), also see [1]: ------------[ cut here ]------------ verifier backtracking bug WARNING: CPU: 6 PID: 8646 at kernel/bpf/verifier.c:2756 backtrack_insn kernel/bpf/verif... • https://git.kernel.org/stable/c/6e2fac197de2c4c041bdd8982cffb104689113f1 •