CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52805 – jfs: fix array-index-out-of-bounds in diAlloc
https://notcve.org/view.php?id=CVE-2023-52805
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: corrige el índice de matriz fuera de los límites en diAlloc. Actualmente no se verifica el agno del iag al asignar nuevos inodos para evitar problemas de fragmentación. Se ag... • https://git.kernel.org/stable/c/2308d0fb0dc32446b4e6ca37cd09c30374bb64e9 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52804 – fs/jfs: Add validity check for db_maxag and db_agpref
https://notcve.org/view.php?id=CVE-2023-52804
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for db_maxag and db_agpref Both db_maxag and db_agpref are used as the index of the db_agfree array, but there is currently no validity check for db_maxag and db_agpref, which can lead to errors. The following is related bug reported by Syzbot: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:639:20 index 7936 is out of range for type 'atomic_t[128]' Add checking that the values of db_maxag and db_agpref are ... • https://git.kernel.org/stable/c/a0649e2dd4a3595b5595a29d0064d047c2fae2fb •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52803 – SUNRPC: Fix RPC client cleaned up the freed pipefs dentries
https://notcve.org/view.php?id=CVE-2023-52803
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix RPC client cleaned up the freed pipefs dentries RPC client pipefs dentries cleanup is in separated rpc_remove_pipedir() workqueue,which takes care about pipefs superblock locking. In some special scenarios, when kernel frees the pipefs sb of the current client and immediately alloctes a new pipefs sb, rpc_remove_pipedir function would misjudge the existence of pipefs sb which is not the one it used to hold. As a result, the rpc_... • https://git.kernel.org/stable/c/0157d021d23a087eecfa830502f81cfe843f0d16 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52799 – jfs: fix array-index-out-of-bounds in dbFindLeaf
https://notcve.org/view.php?id=CVE-2023-52799
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required check for out of bound we first need to determine the type of dmtree. Thus added an extra parameter to dbFindLeaf so that the type of tree can be determined and the required check can be applied. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/20f9310a18e3e99fc031e036fcbed67105ae1859 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52789 – tty: vcc: Add check for kstrdup() in vcc_probe()
https://notcve.org/view.php?id=CVE-2023-52789
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vcc: Agregar verificación para kstrdup() en vcc_probe(). Agregar verificación para el valor de retorno de kstrdup() y devolver el error, si falla, para evitar la desreferencia de puntero NULL . In the ... • https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3 •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52784 – bonding: stop the device in bond_setup_by_slave()
https://notcve.org/view.php?id=CVE-2023-52784
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. In the following splat [1], the issue is that a lapbether device has been created on a bonding device without members. Then adding a non ARPHRD_ETHER member forced the bonding master to change its type. The fix is to make sure we call dev_close() in bond_setup_b... • https://git.kernel.org/stable/c/872254dd6b1f80cb95ee9e2e22980888533fc293 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0CVE-2023-52781 – usb: config: fix iteration issue in 'usb_get_bos_descriptor()'
https://notcve.org/view.php?id=CVE-2023-52781
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usb_get_bos_descriptor()' encounters an iteration issue when skipping the 'USB_DT_DEVICE_CAPABILITY' descriptor type. This results in the same descriptor being read repeatedly. To address this issue, a 'goto' statement is introduced to ensure that the ... • https://git.kernel.org/stable/c/3dd550a2d36596a1b0ee7955da3b611c031d3873 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52774 – s390/dasd: protect device queue against concurrent access
https://notcve.org/view.php?id=CVE-2023-52774
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasd_profile_start() the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel I/O, especially with alias devices enabled, the device queue can change while dasd_profile_start() is accessing the queue. In the worst case this leads to a kernel panic due to incorrect pointer accesses. Fix t... • https://git.kernel.org/stable/c/4fa52aa7a82f9226b3874a69816bda3af821f002 •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52764 – media: gspca: cpia1: shift-out-of-bounds in set_flicker
https://notcve.org/view.php?id=CVE-2023-52764
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit type 'int' When the value of the variable "sd->params.exposure.gain" exceeds the number of bits in an integer, a shift-out-of-bounds error is reported. It is triggered because the variable "currentexp" cannot be left-shifted by more th... • https://git.kernel.org/stable/c/69bba62600bd91d6b7c1e8ca181faf8ac64f7060 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52762 – virtio-blk: fix implicit overflow on virtio_max_dma_size
https://notcve.org/view.php?id=CVE-2023-52762
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_t)4G -> (u32)0. Once virtio_max_dma_size() has a larger size than U32_MAX, use U32_MAX instead. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: virtio-blk: corrige el desbordamiento implícito en virtio_max_dma_size. L... • https://git.kernel.org/stable/c/72775cad7f572bb2501f9ea609e1d20e68f0b38b • CWE-121: Stack-based Buffer Overflow •