CVE-2023-52596 – sysctl: Fix out of bounds access for empty sysctl registers
https://notcve.org/view.php?id=CVE-2023-52596
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories. The function register_sysctl_mount_point now passes a ctl_table of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register. Make sure that the ctl_table has at least one element before testing for permanent emptiness. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sysctl: corrige el acceso fuera de los límites para registros sysctl vacíos. • https://git.kernel.org/stable/c/15893975e9e382f8294ea8d926f08dc2d8d39ede https://git.kernel.org/stable/c/2ae7081bc10123b187e36a4f3a8e53768de31489 https://git.kernel.org/stable/c/315552310c7de92baea4e570967066569937a843 •
CVE-2023-52595 – wifi: rt2x00: restart beacon queue when hardware reset
https://notcve.org/view.php?id=CVE-2023-52595
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rt2x00: reinicia la cola de baliza cuando se reinicia el hardware Cuando se activa un reinicio de hardware, todos los registros se reinician, por lo que todas las colas se ven obligadas a detenerse en la interfaz de hardware. Sin embargo, mac80211 no detendrá automáticamente la cola. • https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48 https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957 https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83 https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-20: Improper Input Validation •
CVE-2023-52594 – wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
https://notcve.org/view.php?id=CVE-2023-52594
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath9k: corrige una posible lectura de índice de matriz fuera de los límites en ath9k_htc_txstatus(). Corrige una lectura de índice de matriz fuera de los límites en ath9k_htc_txstatus(). • https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225 https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1 https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9 https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234 https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1 https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6e • CWE-125: Out-of-bounds Read •
CVE-2023-52593 – wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
https://notcve.org/view.php?id=CVE-2023-52593
In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()' should check the return value before examining skb data. So convert the latter to return an appropriate error code and propagate it to return from 'wfx_start_ap()' as well. Compile tested only. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: wfx: corrige la posible desreferencia del puntero NULL en wfx_set_mfp_ap() Dado que 'ieee80211_beacon_get()' puede devolver NULL, 'wfx_set_mfp_ap()' debe verificar el valor de retorno antes de examinar los datos de skb. Así que convierta este último para que devuelva un código de error apropiado y propáguelo para que regrese también desde 'wfx_start_ap()'. • https://git.kernel.org/stable/c/574dcd3126aa2eed75437137843f254b1190dd03 https://git.kernel.org/stable/c/9ab224744a47363f74ea29c6894c405e3bcf5132 https://git.kernel.org/stable/c/3739121443f5114c6bcf6d841a5124deb006b878 https://git.kernel.org/stable/c/fe0a7776d4d19e613bb8dd80fe2d78ae49e8b49d •
CVE-2023-52591 – reiserfs: Avoid touching renamed directory if parent does not change
https://notcve.org/view.php?id=CVE-2023-52591
In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does not change as without locking that can corrupt the filesystem. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: reiserfs: evite tocar el directorio renombrado si el padre no cambia. El VFS no bloqueará el directorio movido si su padre no cambia. Cambie el código de cambio de nombre de reiserfs para evitar tocar el directorio renombrado si su padre no cambia, sin bloquearlo, lo que puede dañar el sistema de archivos. • https://git.kernel.org/stable/c/17e1361cb91dc1325834da95d2ab532959d2debc https://git.kernel.org/stable/c/c04c162f82ac403917780eb6d1654694455d4e7c https://git.kernel.org/stable/c/49db9b1b86a82448dfaf3fcfefcf678dee56c8ed •