CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52912 – drm/amdgpu: Fixed bug on error when unloading amdgpu
https://notcve.org/view.php?id=CVE-2023-52912
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1 [ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021 [ 377.706238] RIP: 0010:drm_bud... • https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52907 – nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
https://notcve.org/view.php?id=CVE-2023-52907
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the skb data in pn533_send_async_complete() that is used as a transfer buffer of out_urb. Wait before sending in_urb until the callback of out_urb is called. To modify the callback of out_urb alone, separate the complete function of out_... • https://git.kernel.org/stable/c/c46ee38620a2aa2b25b16bc9738ace80dbff76a4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52903 – io_uring: lock overflowing for IOPOLL
https://notcve.org/view.php?id=CVE-2023-52903
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 ... • https://git.kernel.org/stable/c/de77faee280163ff03b7ab64af6c9d779a43d4c4 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52901 – usb: xhci: Check endpoint is valid before dereferencing it
https://notcve.org/view.php?id=CVE-2023-52901
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an invalid endpoint. Fix this by using xhci_get_virt_ep() helper to find the endpoint and checking if the endpoint is valid before dereferencing it. [233311.853271] xhci-hcd xhci-hcd.1.auto: xHCI host controller not responding, assume dead [... • https://git.kernel.org/stable/c/50e8725e7c429701e530439013f9681e1fa36b5d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52900 – nilfs2: fix general protection fault in nilfs_btree_insert()
https://notcve.org/view.php?id=CVE-2023-52900
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block address, it returns -ENOENT because conversion of the virtual block address to a disk block address fails. However, this return value is the same as the internal code that b-tree lookup routines return to indicate that the block being ... • https://git.kernel.org/stable/c/3c2a2ff67d46106715c2132021b98bd057c27545 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52899 – Add exception protection processing for vd in axi_chan_handle_err function
https://notcve.org/view.php?id=CVE-2023-52899
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of axi_chan_block_xfer_complete function The triggered kernel panic is as follows: [ 67.848444] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 67.848447] Mem abort info: [ 67.848449] ESR = 0x96000004 ... • https://git.kernel.org/stable/c/f534dc438828cc3f1f8c6895b8bdfbef079521fb •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52898 – xhci: Fix null pointer dereference when host dies
https://notcve.org/view.php?id=CVE-2023-52898
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev() which frees the xhci->devs[slot_id] virt device at the same time that xhci_kill_endpoint_urbs() tries to loop through all the device's endpoints, checking if there are any cancelled urbs left to give back. hold the xhci spinlock whi... • https://git.kernel.org/stable/c/6fac4b5cecb3928a0a81069aaa815a2edc8dd5a1 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52894 – usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate()
https://notcve.org/view.php?id=CVE-2023-52894
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. AFAICT the source code is at: https://android.googlesource.com/kernel/common/+/refs/tags/ASB-2022-12-05_13-5.10 The call stack is: ncm_close() -> ncm_notify() -> ncm_do_notify() with the crash at: ncm_do_notify+0x98/0x270 Code: 79000d0... • https://git.kernel.org/stable/c/fef6b29671b66dfb71f17e337c1ad14b5a2cedae •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52893 – gsmi: fix null-deref in gsmi_get_variable
https://notcve.org/view.php?id=CVE-2023-52893
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access layer") added a new get_variable call with attr=NULL, which triggers panic in gsmi. In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetchin... • https://git.kernel.org/stable/c/74c5b31c6618f01079212332b2e5f6c42f2d6307 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48899 – drm/virtio: Fix GEM handle creation UAF
https://notcve.org/view.php?id=CVE-2022-48899
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the handle's reference. For that reason, dropping the handle's reference must be done *after* we are done dereferencing the object. In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UA... • https://git.kernel.org/stable/c/62fb7a5e10962ac6ae2a2d2dbd3aedcb2a3e3257 •