Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-52692	ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing with an invalid value. EPSS Score: 0.05% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52691	drm/amd/pm: fix a double-free in si_dpm_init Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52690	powerpc/powernv: Add a null pointer check to scom_debug_init_one() Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52689	ALSA: scarlett2: Add missing mutex lock around get meter levels Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex should be locked while accessing it. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52688	wifi: ath12k: fix the error handler of rfkill config Description: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52687	crypto: safexcel - Add error handling for dma_map_sg() calls Description: In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg(). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. EPSS Score: 0.05% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52686	powerpc/powernv: Add a null pointer check in opal_event_init() Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52684	firmware: qcom: qseecom: fix memory leaks in error paths Description: In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: qseecom: fix memory leaks in error paths Fix instances of returning error codes directly instead of jumping to the relevant labels where memory allocated for the SCM calls would be freed. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52683	ACPI: LPIT: Avoid u32 multiplication overflow Description: In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2023-52682	f2fs: fix to wait on block writeback for post_read case Description: In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait on block writeback for post_read case If inode is compressed, but not encrypted, it missed to call f2fs_wait_on_block_writeback() to wait for GCed page writeback in IPU write path. Thread A GC-Thread - f2fs_gc - do_garbage_collect - gc_data_segment - move_data_block - f2fs_submit_page_write migrate normal cluster's block via meta_inode's page cache - f2fs_write_single_data_page - f2fs_do_write_data_page - f2fs_inplace_write_data - f2fs_submit_page_bio IRQ - f2fs_read_end_io IRQ old data overrides new data due to out-of-order GC and common IO. - f2fs_read_end_io EPSS Score: 0.05% Source: CVE December 20th, 2024 (4 months ago)