CVE-2023-52502

In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock should happen before releasing the lock. nfc_llcp_sock_get_sn() has a similar problem. Finally nfc_llcp_recv_snl() needs to make sure the socket found by nfc_llcp_sock_from_sn() does not disappear.

This update for the Linux Kernel 5.14.21-150400_24_111 fixes several issues. The following security issues were fixed. Fixed int overflow for stack access size. Sch_cake: do not call cake_destroy from cake_init. Fixed potential UAF in is_valid_oplock_break. Smb: client: fix use-after-free bug in cifs_debug_data_proc_show. Fixed potential UAF in smb2_is_network_name_deleted. Fixed potential UAF in cifs_stats_proc_show. Fixed potential UAF in smb2_is_valid_lease_break. Intermittent nfs mount failures. Fixed potential UAF in cifs_signal_cifsd_for_reconnect. Gpiolib: cdev: Fix use after free in lineinfo_changed_notify. Net: do not leave a dangling sk pointer, when socket creation fails hfsplus: fix uninit-value in copy_name. Fs/9p: only translate RWX permissions for plain 9P2000. Hsr: Prevent use after free in prp_create_tagged_frame. Fixed a general protection fault in i915_perf_open_ioctl. Set gtt bound flag in amdgpu_ttm_gart_bind. Fixed use-after-free bugs caused by sco_sock_timeout. Drm/client: Fully protect modes with dev->mode_config.mutex. Fixed false-positive lockdep splat for spin_lock in __unix_gc. Fixed double free of the ha->vp_map pointer. Fixed underflow in parse_server_interfaces. Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules. Fixed use-after-free in ip6_route_mpath_notify. Fixed memory corruption in wifi/iwlwifi. Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header. Fixed SDMA off-by-one error in _pad_sdma_tx_descs. Fixed a race condition in nfc_llcp_sock_get and nfc_llcp_sock_get_sn. Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation.