Showing 1 - 2 of 2

CVE-2023-52457

Status Candidate

Overview

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed Returning an error code from .remove() makes the driver core emit the little helpful error message: remove callback returned a non-zero value. This will be ignored. and then remove the device anyhow. So all resources that were not freed are leaked in this case. Skipping serial8250_unregister_port() has the potential to keep enough of the UART around to trigger a use-after-free. So replace the error return (and with it the little helpful error message) by a more useful error message and continue to cleanup.

Related Files

Ubuntu Security Notice USN-6765-1: Posted May 9, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6765-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.; tags | advisory, remote, denial of service, kernel, local, tcp; systems | linux, ubuntu; advisories | CVE-2022-0001, CVE-2023-52443, CVE-2023-52444, CVE-2023-52447, CVE-2023-52449, CVE-2023-52451, CVE-2023-52452, CVE-2023-52455, CVE-2023-52456, CVE-2023-52457, CVE-2023-52462, CVE-2023-52465, CVE-2023-52467, CVE-2023-52469; SHA-256 | 42046ab3e597891b35376f855bb093f99f7b85199aebb9184d7401f3b4fa1f10; Download | Favorite | View

Ubuntu Security Notice USN-6688-1: Posted Mar 12, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6688-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.; tags | advisory, denial of service, kernel, local; systems | linux, ubuntu; advisories | CVE-2023-46838, CVE-2023-50431, CVE-2023-52436, CVE-2023-52438, CVE-2023-52439, CVE-2023-52443, CVE-2023-52444, CVE-2023-52445, CVE-2023-52447, CVE-2023-52448, CVE-2023-52449, CVE-2023-52454, CVE-2023-52457, CVE-2023-52462; SHA-256 | 14e46adfe602e3381472cca2694960e60b4f66b2adf1e14c5cefabbd3a423e8c; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 298 files
Ubuntu 66 files
Debian 25 files
Gentoo 16 files
Ahmet Umit Bayram 10 files
Apple 9 files
malvuln 8 files
Google Security Research 5 files
Jann Horn 5 files
nu11secur1ty 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,054)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,500)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,920)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (16,008)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,547)
UNIX (9,413)
UnixWare (187)
Windows (6,661)
Other

CVE-2023-52457

Overview

Related Files

File Archive:

June 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems