Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-52696	powerpc/powernv: Add a null pointer check in opal_powercap_init() Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52695	drm/amd/display: Check writeback connectors in create_validate_stream_for_sink Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check writeback connectors in create_validate_stream_for_sink [WHY & HOW] This is to check connector type to avoid unhandled null pointer for writeback connectors. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52694	drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function Description: In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled as a built-in. The result is that when the driver unbinds there is no cleanup done which results in resource leakage or worse. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52693	ACPI: video: check for error while searching for backlight device parent Description: In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by Linux Verification Center (linuxtesting.org) with SVACE. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52692	ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing with an invalid value. EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52691	drm/amd/pm: fix a double-free in si_dpm_init Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. However, when the control flow returns to si_dpm_sw_init, it goes to label dpm_failed and calls si_dpm_fini, which calls amdgpu_free_extended_power_table again and free those fields again. Thus a double-free is triggered. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52690	powerpc/powernv: Add a null pointer check to scom_debug_init_one() Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52689	ALSA: scarlett2: Add missing mutex lock around get meter levels Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing mutex lock around get meter levels As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex should be locked while accessing it. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52688	wifi: ath12k: fix the error handler of rfkill config Description: In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix the error handler of rfkill config When the core rfkill config throws error, it should free the allocated resources. Currently it is not freeing the core pdev create resources. Avoid this issue by calling the core pdev destroy in the error handler of core rfkill config. Found this issue in the code review and it is compile tested only. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52687	crypto: safexcel - Add error handling for dma_map_sg() calls Description: In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Add error handling for dma_map_sg() calls Macro dma_map_sg() may return 0 on error. This patch enables checks in case of the macro failure and ensures unmapping of previously mapped buffers with dma_unmap_sg(). Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)