CVE-2021-46905 – net: hso: fix NULL-deref on disconnect regression
https://notcve.org/view.php?id=CVE-2021-46905
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unconditional NULL-pointer dereference on every disconnect instead. Specifically, the serial device table must no longer be accessed after the minor has been released by hso_serial_tty_unregister(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: hso: corrige NULL-deref durante la regresión de desconexión. El Commit 8a12f8836145 ("net: hso: corrige null-ptr-deref durante la cancelación del registro del dispositivo tty") corrigió la asignación menor picante reportada por syzbot, pero en su lugar introdujo una desreferencia de puntero NULL incondicional en cada desconexión. Específicamente, ya no se debe acceder a la tabla de dispositivos serie después de que hso_serial_tty_unregister() haya liberado al menor. A vulnerability was found in the Linux kernel. • https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1a44152a https://git.kernel.org/stable/c/8a12f8836145ffe37e9c8733dce18c22fb668b66 https://git.kernel.org/stable/c/5c17cfe155d21954b4c7e2a78fa771cebcd86725 https://git.kernel.org/stable/c/d7fad2ce15bdbbd0fec3ebe999fd7cab2267f53e https://git.kernel.org/stable/c/90642ee9eb581a13569b1c0bd57e85d96 • CWE-476: NULL Pointer Dereference •
CVE-2021-46904 – net: hso: fix null-ptr-deref during tty device unregistration
https://notcve.org/view.php?id=CVE-2021-46904
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the next one results in a null-ptr-deref. The get_free_serial_index() function returns an available minor number but doesn't assign it immediately. The assignment is done by the caller later. But before this assignment, calls to get_free_serial_index() would return the same minor number. Fix this by modifying get_free_serial_index to assign the minor number immediately after one is found to be and rename it to obtain_minor() to better reflect what it does. Similary, rename set_serial_by_index() to release_minor() and modify it to free up the minor number of the given hso_serial. • https://git.kernel.org/stable/c/72dc1c096c7051a48ab1dbb12f71976656b55eb5 https://git.kernel.org/stable/c/a462067d7c8e6953a733bf5ade8db947b1bb5449 https://git.kernel.org/stable/c/145c89c441d27696961752bf51b323f347601bee https://git.kernel.org/stable/c/caf5ac93b3b5d5fac032fc11fbea680e115421b4 https://git.kernel.org/stable/c/92028d7a31e55d53e41cff679156b9432cffcb36 https://git.kernel.org/stable/c/4a2933c88399c0ebc738db39bbce3ae89786d723 https://git.kernel.org/stable/c/dc195928d7e4ec7b5cfc6cd10dc4c8d87a7c72ac https://git.kernel.org/stable/c/388d05f70f1ee0cac4a2068fd295072f1 • CWE-476: NULL Pointer Dereference •
CVE-2023-52473 – thermal: core: Fix NULL pointer dereference in zone registration error path
https://notcve.org/view.php?id=CVE-2023-52473
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix NULL pointer dereference in zone registration error path If device_register() in thermal_zone_device_register_with_trips() returns an error, the tz variable is set to NULL and subsequently dereferenced in kfree(tz->tzp). Commit adc8749b150c ("thermal/drivers/core: Use put_device() if device_register() fails") added the tz = NULL assignment in question to avoid a possible double-free after dropping the reference to the zone device. However, after commit 4649620d9404 ("thermal: core: Make thermal_zone_device_unregister() return after freeing the zone"), that assignment has become redundant, because dropping the reference to the zone device does not cause the zone object to be freed any more. Drop it to address the NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal: Core: corrige la desreferencia del puntero NULL en la ruta del error de registro de zona. Si device_register() en Thermal_zone_device_register_with_trips() devuelve un error, la variable tz se establece en NULL y posteriormente se desreferencia en kfree( tz->tzp). el commit adc8749b150c ("thermal/drivers/core: use put_device() si falla el dispositivo_register()") agregó la asignación tz = NULL en cuestión para evitar una posible doble liberación después de eliminar la referencia al dispositivo de zona. Sin embargo, después de el commit 4649620d9404 ("thermal: core: Make Thermal_zone_device_unregister() return después de liberar la zona"), esa asignación se ha vuelto redundante, porque eliminar la referencia al dispositivo de zona ya no causa que el objeto de zona se libere más. • https://git.kernel.org/stable/c/3d439b1a2ad36c8b4ea151c8de25309d60d17407 https://git.kernel.org/stable/c/335176dd8ebaca6493807dceea33c478305667fa https://git.kernel.org/stable/c/02871710b93058eb1249d5847c0b2d1c2c3c98ae https://git.kernel.org/stable/c/04e6ccfc93c5a1aa1d75a537cf27e418895e20ea https://access.redhat.com/security/cve/CVE-2023-52473 https://bugzilla.redhat.com/show_bug.cgi?id=2266363 • CWE-476: NULL Pointer Dereference •
CVE-2023-52472 – crypto: rsa - add a check for allocation failure
https://notcve.org/view.php?id=CVE-2023-52472
In the Linux kernel, the following vulnerability has been resolved: crypto: rsa - add a check for allocation failure Static checkers insist that the mpi_alloc() allocation can fail so add a check to prevent a NULL dereference. Small allocations like this can't actually fail in current kernels, but adding a check is very simple and makes the static checkers happy. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: rsa: agregue una verificación para fallas en la asignación. Los verificadores estáticos insisten en que la asignación mpi_alloc() puede fallar, así que agregue una verificación para evitar una desreferencia NULL. Pequeñas asignaciones como esta en realidad no pueden fallar en los kernels actuales, pero agregar una verificación es muy simple y hace felices a los verificadores estáticos. • https://git.kernel.org/stable/c/6637e11e4ad22ff03183da0dbd36d65c98b81cf7 https://git.kernel.org/stable/c/2831f4d3bfa68e64c5f83e96688be779c87b3511 https://git.kernel.org/stable/c/95ad8b6879e2e49d02e3bfc0e1fb46421633fe2a https://git.kernel.org/stable/c/d872ca165cb67112f2841ef9c37d51ef7e63d1e4 • CWE-476: NULL Pointer Dereference •
CVE-2023-52471 – ice: Fix some null pointer dereference issues in ice_ptp.c
https://notcve.org/view.php?id=CVE-2023-52471
In the Linux kernel, the following vulnerability has been resolved: ice: Fix some null pointer dereference issues in ice_ptp.c devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ice: soluciona algunos problemas de desreferencia de puntero nulo en ice_ptp.c devm_kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de falla. A null pointer dereference problem was found in ice_ptp.c in ice in the Linux Kernel. This issue occurs when devm_kasprintf() returns a pointer to dynamically allocated memory, which can be NULL upon failure. • https://git.kernel.org/stable/c/d938a8cca88a5f02f523f95fe3d2d1214f4b4a8d https://git.kernel.org/stable/c/3cd9b9bee33f39f6c6d52360fe381b89a7b12695 https://git.kernel.org/stable/c/3027e7b15b02d2d37e3f82d6b8404f6d37e3b8cf https://access.redhat.com/security/cve/CVE-2023-52471 https://bugzilla.redhat.com/show_bug.cgi?id=2266347 • CWE-476: NULL Pointer Dereference •