CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48901 – btrfs: do not start relocation until in progress drops are done
https://notcve.org/view.php?id=CVE-2022-48901
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into snapshot delete with balance running at the same time. This presented as an error while looking up an extent item WARNING: CPU: 5 PID: 1501 at fs/btrfs/extent-tree.c:866 lookup_inline_extent_backref+0x647/0x680 CPU: 5 PID: 1501 Comm: b... • https://git.kernel.org/stable/c/6599d5e8bd758d897fd2ef4dc388ae50278b1f7e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-4441 – spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op()
https://notcve.org/view.php?id=CVE-2021-4441
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kzalloc(). Fix this bug by adding a check of tmpbuf. This bug was found by a static analyzer. The analysis employs differential checking to identify inconsistent security operations (e.g., checks or kfrees) between two code paths and con... • https://git.kernel.org/stable/c/67dca5e580f1e93a66177389981541cac208c817 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52913 – drm/i915: Fix potential context UAFs
https://notcve.org/view.php?id=CVE-2023-52913
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that nothing uses the ctx ptr after this. And we need to ensure that adding the ctx to the xarray is the *last* thing that gem_context_register() does with the ctx pointer. [tursulin: Stable and fixes tags add/tidy.] (cherry picked from comm... • https://git.kernel.org/stable/c/eb4dedae920a07c485328af3da2202ec5184fb17 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52912 – drm/amdgpu: Fixed bug on error when unloading amdgpu
https://notcve.org/view.php?id=CVE-2023-52912
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI [ 377.706222] CPU: 4 PID: 8610 Comm: modprobe Tainted: G IOE 6.0.0-thomas #1 [ 377.706231] Hardware name: ASUS System Product Name/PRIME Z390-A, BIOS 2004 11/02/2021 [ 377.706238] RIP: 0010:drm_bud... • https://git.kernel.org/stable/c/9196eb7c52e55749a332974f0081f77d53d60199 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52910 – iommu/iova: Fix alloc iova overflows issue
https://notcve.org/view.php?id=CVE-2023-52910
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when iovad->cached_node is iovad->anchor, curr_iova->pfn_hi + 1 will overflow. As a result, if the retry logic is executed, low_pfn is updated to 0, and then new_pfn < low_pfn returns false to make the allocation successful. This issue occurs in the following two situations:... • https://git.kernel.org/stable/c/4e89dce725213d3d0b0475211b500eda4ef4bf2f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52907 – nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame()
https://notcve.org/view.php?id=CVE-2023-52907
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the skb data in pn533_send_async_complete() that is used as a transfer buffer of out_urb. Wait before sending in_urb until the callback of out_urb is called. To modify the callback of out_urb alone, separate the complete function of out_... • https://git.kernel.org/stable/c/c46ee38620a2aa2b25b16bc9738ace80dbff76a4 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52906 – net/sched: act_mpls: Fix warning during failed attribute validation
https://notcve.org/view.php?id=CVE-2023-52906
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid combination according to the comment above 'struct nla_policy': " Meaning of `validate' field, use via NLA_POLICY_VALIDATE_FN: NLA_BINARY Validation function called for the attribute. All other Unused - but note that it's a union " This can trigger t... • https://git.kernel.org/stable/c/2a2ea50870baa3fb4de0872c5b60828138654ca7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52905 – octeontx2-pf: Fix resource leakage in VF driver unbind
https://notcve.org/view.php?id=CVE-2023-52905
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch fixes the issue. In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc ... • https://git.kernel.org/stable/c/2da48943274712fc3204089d9a97078350765635 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52904 – ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()
https://notcve.org/view.php?id=CVE-2023-52904
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth... • https://git.kernel.org/stable/c/bfd36b1d1869859af7ba94dc95ec05e74f40d0b7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52903 – io_uring: lock overflowing for IOPOLL
https://notcve.org/view.php?id=CVE-2023-52903
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: lock overflowing for IOPOLL syzbot reports an issue with overflow filling for IOPOLL: WARNING: CPU: 0 PID: 28 at io_uring/io_uring.c:734 io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 CPU: 0 PID: 28 Comm: kworker/u4:1 Not tainted 6.2.0-rc3-syzkaller-16369-g358a161a6a9e #0 Workqueue: events_unbound io_ring_exit_work Call trace: io_cqring_event_overflow+0x1c0/0x230 io_uring/io_uring.c:734 io_req_cqe_overflow+0x5c/0x70 ... • https://git.kernel.org/stable/c/de77faee280163ff03b7ab64af6c9d779a43d4c4 •