CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52811 – scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool
https://notcve.org/view.php?id=CVE-2023-52811
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the code asserts a BUG_ON, and in the case that the kernel is not configured to crash on panic returns a junk event pointer from the empty event list causing things to spiral from there. This BUG_ON is a historical artifact of the ibmvfc driver first being upstreamed, and it is well known now that the use of BUG_ON is bad practice except in the most unrecoverable scenario. There is nothing about this scenario that prevents the driver from recovering and carrying on. Remove the BUG_ON in question from ibmvfc_get_event() and return a NULL pointer in the case of an empty event pool. Update all call sites to ibmvfc_get_event() to check for a NULL pointer and perfrom the appropriate failure or recovery action. • https://git.kernel.org/stable/c/e1d1f79b1929dce470a5dc9281c574cd58e8c6c0 https://git.kernel.org/stable/c/88984ec4792766df5a9de7a2ff2b5f281f94c7d4 https://git.kernel.org/stable/c/d2af4ef80601224b90630c1ddc7cd2c7c8ab4dd8 https://git.kernel.org/stable/c/8bbe784c2ff28d56ca0c548aaf3e584edc77052d https://git.kernel.org/stable/c/b39f2d10b86d0af353ea339e5815820026bca48f https://access.redhat.com/security/cve/CVE-2023-52811 https://bugzilla.redhat.com/show_bug.cgi?id=2282743 • CWE-476: NULL Pointer Dereference •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52810 – fs/jfs: Add check for negative db_l2nbperpage
https://notcve.org/view.php?id=CVE-2023-52810
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur when subsequently used as shift exponent. Syzbot reported this bug: UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:799:12 shift exponent -16777216 is negative En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/jfs: agregue verificación para db_l2nbperpage negativo, l2nbperpage es log2 (número de bloques por página) y el valor mínimo legal debe ser 0, no negativo. En el caso de que l2nbperpage sea negativo, se producirá un error cuando se utilice posteriormente como exponente de desplazamiento. Syzbot informó este error: UBSAN: desplazamiento fuera de los límites en fs/jfs/jfs_dmap.c:799:12 el exponente de desplazamiento -16777216 es negativo • https://git.kernel.org/stable/c/cc61fcf7d1c99f148fe8ddfb5c6ed0bb75861f01 https://git.kernel.org/stable/c/8f2964df6bfce9d92d81ca552010b8677af8d9dc https://git.kernel.org/stable/c/a81a56b4cbe3142cc99f6b98e8f9b3a631c768e1 https://git.kernel.org/stable/c/524b4f203afcf87accfe387e846f33f916f0c907 https://git.kernel.org/stable/c/5f148b16972e5f4592629b244d5109b15135f53f https://git.kernel.org/stable/c/0cb567e727339a192f9fd0db00781d73a91d15a6 https://git.kernel.org/stable/c/491085258185ffc4fb91555b0dba895fe7656a45 https://git.kernel.org/stable/c/1a7c53fdea1d189087544d9a606d249e9 • CWE-1335: Incorrect Bitwise Shift of Integer •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52809 – scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
https://notcve.org/view.php?id=CVE-2023-52809
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() fc_lport_ptp_setup() did not check the return value of fc_rport_create() which can return NULL and would cause a NULL pointer dereference. Address this issue by checking return value of fc_rport_create() and log error message on fc_rport_create() failed. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: libfc: corrigió la posible desreferencia del puntero NULL en fc_lport_ptp_setup() fc_lport_ptp_setup() no verificó el valor de retorno de fc_rport_create() que puede devolver NULL y causaría una desreferencia del puntero NULL. Solucione este problema verificando el valor de retorno de fc_rport_create() y el mensaje de error de registro en fc_rport_create() falló. • https://git.kernel.org/stable/c/930f0aaba4820d6362de4e6ed569eaf444f1ea4e https://git.kernel.org/stable/c/77072ec41d6ab3718c3fc639bc149b8037caedfa https://git.kernel.org/stable/c/b549acf999824d4f751ca57965700372f2f3ad00 https://git.kernel.org/stable/c/bb83f79f90e92f46466adcfd4fd264a7ae0f0f01 https://git.kernel.org/stable/c/56d78b5495ebecbb9395101f3be177cd0a52450b https://git.kernel.org/stable/c/442fd24d7b6b29e4a9cd9225afba4142d5f522ba https://git.kernel.org/stable/c/f6fe7261b92b21109678747f36df9fdab1e30c34 https://git.kernel.org/stable/c/6b9ecf4e1032e645873933e5b43cbb84c • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52808 – scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs
https://notcve.org/view.php?id=CVE-2023-52808
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs If init debugfs failed during device registration due to memory allocation failure, debugfs_remove_recursive() is called, after which debugfs_dir is not set to NULL. debugfs_remove_recursive() will be called again during device removal. As a result, illegal pointer is accessed. [ 1665.467244] hisi_sas_v3_hw 0000:b4:02.0: failed to init debugfs! ... [ 1669.836708] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [ 1669.872669] pc : down_write+0x24/0x70 [ 1669.876315] lr : down_write+0x1c/0x70 [ 1669.879961] sp : ffff000036f53a30 [ 1669.883260] x29: ffff000036f53a30 x28: ffffa027c31549f8 [ 1669.888547] x27: ffffa027c3140000 x26: 0000000000000000 [ 1669.893834] x25: ffffa027bf37c270 x24: ffffa027bf37c270 [ 1669.899122] x23: ffff0000095406b8 x22: ffff0000095406a8 [ 1669.904408] x21: 0000000000000000 x20: ffffa027bf37c310 [ 1669.909695] x19: 00000000000000a0 x18: ffff8027dcd86f10 [ 1669.914982] x17: 0000000000000000 x16: 0000000000000000 [ 1669.920268] x15: 0000000000000000 x14: ffffa0274014f870 [ 1669.925555] x13: 0000000000000040 x12: 0000000000000228 [ 1669.930842] x11: 0000000000000020 x10: 0000000000000bb0 [ 1669.936129] x9 : ffff000036f537f0 x8 : ffff80273088ca10 [ 1669.941416] x7 : 000000000000001d x6 : 00000000ffffffff [ 1669.946702] x5 : ffff000008a36310 x4 : ffff80273088be00 [ 1669.951989] x3 : ffff000009513e90 x2 : 0000000000000000 [ 1669.957276] x1 : 00000000000000a0 x0 : ffffffff00000001 [ 1669.962563] Call trace: [ 1669.965000] down_write+0x24/0x70 [ 1669.968301] debugfs_remove_recursive+0x5c/0x1b0 [ 1669.972905] hisi_sas_debugfs_exit+0x24/0x30 [hisi_sas_main] [ 1669.978541] hisi_sas_v3_remove+0x130/0x150 [hisi_sas_v3_hw] [ 1669.984175] pci_device_remove+0x48/0xd8 [ 1669.988082] device_release_driver_internal+0x1b4/0x250 [ 1669.993282] device_release_driver+0x28/0x38 [ 1669.997534] pci_stop_bus_device+0x84/0xb8 [ 1670.001611] pci_stop_and_remove_bus_device_locked+0x24/0x40 [ 1670.007244] remove_store+0xfc/0x140 [ 1670.010802] dev_attr_store+0x44/0x60 [ 1670.014448] sysfs_kf_write+0x58/0x80 [ 1670.018095] kernfs_fop_write+0xe8/0x1f0 [ 1670.022000] __vfs_write+0x60/0x190 [ 1670.025472] vfs_write+0xac/0x1c0 [ 1670.028771] ksys_write+0x6c/0xd8 [ 1670.032071] __arm64_sys_write+0x24/0x30 [ 1670.035977] el0_svc_common+0x78/0x130 [ 1670.039710] el0_svc_handler+0x38/0x78 [ 1670.043442] el0_svc+0x8/0xc To fix this, set debugfs_dir to NULL after debugfs_remove_recursive(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: hisi_sas: establezca el puntero debugfs_dir en NULL después de eliminar debugfs. Si init debugfs falló durante el registro del dispositivo debido a un fallo en la asignación de memoria, se llama a debugfs_remove_recursive(), después de lo cual debugfs_dir no se configura en NULO. • https://git.kernel.org/stable/c/f0bfc8a5561fb0b2c48183dcbfe00bdd6d973bd3 https://git.kernel.org/stable/c/33331b265aac9441ac0c1a5442e3f05d038240ec https://git.kernel.org/stable/c/75a2656260fe8c7eeabda6ff4600b29e183f48db https://git.kernel.org/stable/c/b4465009e7d60c6111946db4c8f1e50d401ed7be https://git.kernel.org/stable/c/6de426f9276c448e2db7238911c97fb157cb23be •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52806 – ALSA: hda: Fix possible null-ptr-deref when assigning a stream
https://notcve.org/view.php?id=CVE-2023-52806
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied substream instance may be a stub, what is the case when code-loading, such scenario ends with null-ptr-deref. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: hda: Corrige posible null-ptr-deref al asignar un flujo. Si bien los controladores AudioDSP asignan flujos exclusivamente de tipo HOST o LINK, nada impide que un usuario intente asignar un flujo ACOPLADO. Como la instancia de subsecuencia proporcionada puede ser un código auxiliar, cuál es el caso cuando se carga el código, dicho escenario termina con null-ptr-deref. • https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323 https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250 https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7 https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4 https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0 https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d506 • CWE-476: NULL Pointer Dereference •