Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-52681	efivarfs: Free s_fs_info on unmount Description: In the Linux kernel, the following vulnerability has been resolved: efivarfs: Free s_fs_info on unmount Now that we allocate a s_fs_info struct on fs context creation, we should ensure that we free it again when the superblock goes away. EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52680	ALSA: scarlett2: Add missing error checks to _ctl_get() Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to _ctl_get() The _ctl_get() functions which call scarlett2_update_() were not checking the return value. Fix to check the return value and pass to the caller. EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52679	of: Fix double free in of_parse_phandle_with_args_map Description: In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previous iteration of the inner loop. This assumes that the value of "new" is NULL on the first iteration of the inner loop. Make sure that this is true in all iterations of the outer loop by setting "new" to NULL after its value is assigned to "cur". Extend the unittest to detect the double free and add an additional test case that actually triggers this path. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52678	drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Description: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the below: drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1347 kfd_create_indirect_link_prop() warn: can 'gpu_link' even be NULL? drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1428 kfd_add_peer_prop() warn: can 'iolink1' even be NULL? drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_topology.c:1433 kfd_add_peer_prop() warn: can 'iolink2' even be NULL? EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52677	riscv: Check if the code to patch lies in the exit section Description: In the Linux kernel, the following vulnerability has been resolved: riscv: Check if the code to patch lies in the exit section Otherwise we fall through to vmalloc_to_page() which panics since the address does not lie in the vmalloc region. EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52676	bpf: Guard stack limits against 32bit overflow Description: In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in which case the caller checked it to be below 1<<29 [1]), or from the size of an argument to a kfunc (in which case it can be a u32 [2]). Between the register being inconsistently checked to be below 1<<29, and the offset being up to an u32, it appears that we were open to overflowing the `int`s which were currently used for arithmetic. [1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498 [2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904 EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52675	powerpc/imc-pmu: Add a null pointer check in update_events_in_group() Description: In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52674	ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Description: In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_values[]. EPSS Score: 0.05% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52673	drm/amd/display: Fix a debugfs null pointer error Description: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)
CVE-2023-52672	pipe: wakeup wr_wait after setting max_usage Description: In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if this isn't a watch queue. [Christian Brauner : rewrite to account for watch queues] EPSS Score: 0.04% Source: CVE December 20th, 2024 (5 months ago)