CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52759 – gfs2: ignore negated quota changes
https://notcve.org/view.php?id=CVE-2023-52759
In the Linux kernel, the following vulnerability has been resolved: gfs2: ignore negated quota changes When lots of quota changes are made, there may be cases in which an inode's quota information is increased and then decreased, such as when blocks are added to a file, then deleted from it. If the timing is right, function do_qc can add pending quota changes to a transaction, then later, another call to do_qc can negate those changes, resulting in a net gain of 0. The quota_change information is recorded in the qc buffer (and qd element of the inode as well). The buffer is added to the transaction by the first call to do_qc, but a subsequent call changes the value from non-zero back to zero. At that point it's too late to remove the buffer_head from the transaction. • https://git.kernel.org/stable/c/1c28dace66015b675a343b89b0c87abbfda05ff4 https://git.kernel.org/stable/c/b4deec69fe32b58dc5fb4ace52456ece85b75561 https://git.kernel.org/stable/c/2bb42a27a92ff3984c9fa5fbe128eced3ea693f2 https://git.kernel.org/stable/c/2a054b87a1b799b391e578597a42ee6e57a987ae https://git.kernel.org/stable/c/5bfda356e903633d16ae1bac1ee38364e12628a3 https://git.kernel.org/stable/c/53fc16c1ad84f5467ec24341670b63aa759335d3 https://git.kernel.org/stable/c/212f112fe5e90e98eb8d48585682880dae139f4c https://git.kernel.org/stable/c/119565e566f91ff3588ffcd5812f0c806 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52757 – smb: client: fix potential deadlock when releasing mids
https://notcve.org/view.php?id=CVE-2023-52757
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyways. By getting rid of such spinlock also fixes a potential deadlock as shown below CPU 0 CPU 1 ------------------------------------------------------------------ cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&server->mid_lock); spin_lock(&cifs_tcp_ses_lock) spin_lock(&server->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) *deadlock* En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: client: corrige un posible punto muerto al liberar mids. Todos los llamadores de release_mid() parecen tener una referencia de @mid, por lo que no hay necesidad de llamar a kref_put(&mid->refcount, __release_mid ) en @servidor->mid_lock spinlock. Si no lo hacen, de todos modos se habría producido un error de use after free. Al deshacerse de dicho bloqueo de giro, también se soluciona un posible punto muerto como se muestra a continuación CPU 0 CPU 1 -------------------------------- ---------------------------------- cifs_demultiplex_thread() cifs_debug_data_proc_show() release_mid() spin_lock(&servidor->mid_lock) ; spin_lock(&cifs_tcp_ses_lock) spin_lock(&servidor->mid_lock) __release_mid() smb2_find_smb_tcon() spin_lock(&cifs_tcp_ses_lock) *punto muerto* • https://git.kernel.org/stable/c/9eb44db68c5b7f5aa22b8fc7de74a3e2e08d1f29 https://git.kernel.org/stable/c/b9bb9607b1fc12fca51f5632da25b36975f599bf https://git.kernel.org/stable/c/c1a5962f1462b64fe7b69f20a4b6af8067bc2d26 https://git.kernel.org/stable/c/e6322fd177c6885a21dd4609dc5e5c973d1a2eb7 •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52755 – ksmbd: fix slab out of bounds write in smb_inherit_dacl()
https://notcve.org/view.php?id=CVE-2023-52755
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smb_inherit_dacl() slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige la escritura fuera de los límites de slab en smb_inherit_dacl(). La escritura fuera de los límites de slab se debe a que las compensaciones son mayores que el tamaño de asignación de pntsd. Este parche agrega la verificación para validar 3 compensaciones usando el tamaño de asignación. • https://git.kernel.org/stable/c/aaf0a07d60887d6c36fc46a24de0083744f07819 https://git.kernel.org/stable/c/8387c94d73ec66eb597c7a23a8d9eadf64bfbafa https://git.kernel.org/stable/c/09d9d8b40a3338193619c14ed4dc040f4f119e70 https://git.kernel.org/stable/c/712e01f32e577e7e48ab0adb5fe550646a3d93cb https://git.kernel.org/stable/c/eebff19acaa35820cb09ce2ccb3d21bee2156ffb • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52754 – media: imon: fix access to invalid resource for the second interface
https://notcve.org/view.php?id=CVE-2023-52754
In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the second interface, the driver assumes blindly that the first interface got bound with the same imon driver. It's usually true, but it's still possible that the first interface is bound with another driver via a malformed descriptor. Then it may lead to a memory corruption, as spotted by syzkaller; imon driver accesses the data from drvdata as struct imon_context object although it's a completely different one that was assigned by another driver. This patch adds a sanity check -- whether the first interface is really bound with the imon driver or not -- for avoiding the problem above at the probe time. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: imon: corrige el acceso a un recurso no válido para la segunda interfaz. El controlador imon prueba dos interfaces USB y, en la prueba de la segunda interfaz, el controlador asume ciegamente que la primera interfaz obtuvo atado con el mismo conductor imon. • https://git.kernel.org/stable/c/0f5068519f89d928d6c51100e4b274479123829f https://git.kernel.org/stable/c/5e0b788fb96be36d1baf1a5c88d09c7c82a0452a https://git.kernel.org/stable/c/b083aaf5db2eeca9e362723258e5d8698f7dd84e https://git.kernel.org/stable/c/10ec5a97f8f5a772a1a42b4eb27196b447cd3aa9 https://git.kernel.org/stable/c/2a493a34bd6e496c55fabedd82b957193ace178f https://git.kernel.org/stable/c/a1766a4fd83befa0b34d932d532e7ebb7fab1fa7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52753 – drm/amd/display: Avoid NULL dereference of timing generator
https://notcve.org/view.php?id=CVE-2023-52753
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: Evite la desreferencia NULL del generador de temporización [Por qué y cómo] Verifique si el generador de temporización asignado es NULL o no antes de acceder a sus funciones para evitar la desreferencia NULL. • https://git.kernel.org/stable/c/09909f515032fa80b921fd3118efe66b185d10fd https://git.kernel.org/stable/c/eac3e4760aa12159f7f5475d55a67b7933abc195 https://git.kernel.org/stable/c/79b6a90f4f2433312154cd68452b0ba501fa74db https://git.kernel.org/stable/c/4e497f1acd99075b13605b2e7fa0cba721a2cfd9 https://git.kernel.org/stable/c/8a06894666e0b462c9316b26ab615cefdd0d676c https://git.kernel.org/stable/c/6d8653b1a7a8dc938b566ae8c4f373b36e792c68 https://git.kernel.org/stable/c/df8bc953eed72371e43ca407bd063507f760cf89 https://git.kernel.org/stable/c/b1904ed480cee3f9f4036ea0e36d139cb • CWE-476: NULL Pointer Dereference •