Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0727
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Ubuntu 16.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 18.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 14.04 ESM",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
},
{
"description": "Ubuntu 20.04 LTS",
"product": {
"name": "N/A",
"vendor": {
"name": "Ubuntu",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-26654",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26654"
},
{
"name": "CVE-2023-52760",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52760"
},
{
"name": "CVE-2024-26830",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26830"
},
{
"name": "CVE-2024-39484",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39484"
},
{
"name": "CVE-2024-26600",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26600"
},
{
"name": "CVE-2021-46926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46926"
},
{
"name": "CVE-2024-26903",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26903"
},
{
"name": "CVE-2024-26921",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26921"
},
{
"name": "CVE-2023-52629",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52629"
},
{
"name": "CVE-2024-26679",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26679"
},
{
"name": "CVE-2024-35955",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35955"
},
{
"name": "CVE-2024-26929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26929"
},
{
"name": "CVE-2024-26680",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26680"
},
{
"name": "CVE-2024-24860",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24860"
},
{
"name": "CVE-2024-36901",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36901"
},
{
"name": "CVE-2023-52470",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52470"
},
{
"name": "CVE-2024-35835",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35835"
},
{
"name": "CVE-2024-22099",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22099"
},
{
"name": "CVE-2023-52806",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52806"
},
{
"name": "CVE-2024-26687",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26687"
},
{
"name": "CVE-2024-36940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36940"
},
{
"name": "CVE-2023-52644",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52644"
},
{
"name": "CVE-2024-39292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39292"
}
],
"links": [],
"reference": "CERTFR-2024-AVI-0727",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-08-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux d\u0027Ubuntu. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux d\u0027Ubuntu",
"vendor_advisories": [
{
"published_at": "2024-08-26",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6973-3",
"url": "https://ubuntu.com/security/notices/USN-6973-3"
},
{
"published_at": "2024-08-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6974-2",
"url": "https://ubuntu.com/security/notices/USN-6974-2"
},
{
"published_at": "2024-08-28",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6972-4",
"url": "https://ubuntu.com/security/notices/USN-6972-4"
},
{
"published_at": "2024-08-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6972-3",
"url": "https://ubuntu.com/security/notices/USN-6972-3"
},
{
"published_at": "2024-08-23",
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-6973-2",
"url": "https://ubuntu.com/security/notices/USN-6973-2"
}
]
}
CVE-2021-46926 (GCVE-0-2021-46926)
Vulnerability from cvelistv5 – Published: 2024-02-27 09:43 – Updated: 2026-05-11 13:44
VLAI
EPSS
Title
ALSA: hda: intel-sdw-acpi: harden detection of controller
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: intel-sdw-acpi: harden detection of controller
The existing code currently sets a pointer to an ACPI handle before
checking that it's actually a SoundWire controller. This can lead to
issues where the graph walk continues and eventually fails, but the
pointer was set already.
This patch changes the logic so that the information provided to
the caller is set when a controller is found.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
6f11586f4896ee448262747788a0a3faf0fe9066 , < cce476954401e3421afafb25bbaa926050688b1d
(git)
Affected: 6f11586f4896ee448262747788a0a3faf0fe9066 , < 385f287f9853da402d94278e59f594501c1d1dad (git) |
|
| Linux | Linux |
Affected:
5.3
Unaffected: 0 , < 5.3 (semver) Unaffected: 5.15.13 , ≤ 5.15.* (semver) Unaffected: 5.16 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:17:42.895Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-46926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:04.027406Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:24.369Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/hda/intel-sdw-acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "cce476954401e3421afafb25bbaa926050688b1d",
"status": "affected",
"version": "6f11586f4896ee448262747788a0a3faf0fe9066",
"versionType": "git"
},
{
"lessThan": "385f287f9853da402d94278e59f594501c1d1dad",
"status": "affected",
"version": "6f11586f4896ee448262747788a0a3faf0fe9066",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/hda/intel-sdw-acpi.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"lessThan": "5.3",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "5.16",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.13",
"versionStartIncluding": "5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.16",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: intel-sdw-acpi: harden detection of controller\n\nThe existing code currently sets a pointer to an ACPI handle before\nchecking that it\u0027s actually a SoundWire controller. This can lead to\nissues where the graph walk continues and eventually fails, but the\npointer was set already.\n\nThis patch changes the logic so that the information provided to\nthe caller is set when a controller is found."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T13:44:34.363Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d"
},
{
"url": "https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad"
}
],
"title": "ALSA: hda: intel-sdw-acpi: harden detection of controller",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2021-46926",
"datePublished": "2024-02-27T09:43:56.102Z",
"dateReserved": "2024-02-25T13:45:52.719Z",
"dateUpdated": "2026-05-11T13:44:34.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52470 (GCVE-0-2023-52470)
Vulnerability from cvelistv5 – Published: 2024-02-25 08:16 – Updated: 2026-05-11 19:27
VLAI
EPSS
Title
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
Summary
In the Linux kernel, the following vulnerability has been resolved:
drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()
check the alloc_workqueue return value in radeon_crtc_init()
to avoid null-ptr-deref.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < 21b1645660717d6126dd4866c850fcc5c4703a41
(git)
Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < 5d12c5d75f7c78b83a738025947651ec5c95b4d4 (git) Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < 57ca7984806d79b38af528de88fd803babf27feb (git) Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < 14bbfaa5df273b26cde6707f6e655585700e6fe1 (git) Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < c4ff55408187f2595066967047363ca84e76db85 (git) Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < 0b813a6a0087451cb702b6eb841f10856f49d088 (git) Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97 (git) Affected: fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337 , < 7a2464fac80d42f6f8819fed97a553e9c2f43310 (git) |
|
| Linux | Linux |
Affected:
3.16
Unaffected: 0 , < 3.16 (semver) Unaffected: 4.19.306 , ≤ 4.19.* (semver) Unaffected: 5.4.268 , ≤ 5.4.* (semver) Unaffected: 5.10.209 , ≤ 5.10.* (semver) Unaffected: 5.15.148 , ≤ 5.15.* (semver) Unaffected: 6.1.75 , ≤ 6.1.* (semver) Unaffected: 6.6.14 , ≤ 6.6.* (semver) Unaffected: 6.7.2 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:19.642Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/21b1645660717d6126dd4866c850fcc5c4703a41"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/5d12c5d75f7c78b83a738025947651ec5c95b4d4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/57ca7984806d79b38af528de88fd803babf27feb"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14bbfaa5df273b26cde6707f6e655585700e6fe1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c4ff55408187f2595066967047363ca84e76db85"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0b813a6a0087451cb702b6eb841f10856f49d088"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7a2464fac80d42f6f8819fed97a553e9c2f43310"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T16:02:26.709108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:45.635Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "21b1645660717d6126dd4866c850fcc5c4703a41",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "5d12c5d75f7c78b83a738025947651ec5c95b4d4",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "57ca7984806d79b38af528de88fd803babf27feb",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "14bbfaa5df273b26cde6707f6e655585700e6fe1",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "c4ff55408187f2595066967047363ca84e76db85",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "0b813a6a0087451cb702b6eb841f10856f49d088",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
},
{
"lessThan": "7a2464fac80d42f6f8819fed97a553e9c2f43310",
"status": "affected",
"version": "fa7f517cb26eb1a1a1f0baffcced39f6c3ec3337",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/gpu/drm/radeon/radeon_display.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.16"
},
{
"lessThan": "3.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.306",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.268",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.209",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.148",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.75",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.306",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.268",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.209",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.2",
"versionStartIncluding": "3.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/radeon: check the alloc_workqueue return value in radeon_crtc_init()\n\ncheck the alloc_workqueue return value in radeon_crtc_init()\nto avoid null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:27:56.242Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21b1645660717d6126dd4866c850fcc5c4703a41"
},
{
"url": "https://git.kernel.org/stable/c/5d12c5d75f7c78b83a738025947651ec5c95b4d4"
},
{
"url": "https://git.kernel.org/stable/c/57ca7984806d79b38af528de88fd803babf27feb"
},
{
"url": "https://git.kernel.org/stable/c/14bbfaa5df273b26cde6707f6e655585700e6fe1"
},
{
"url": "https://git.kernel.org/stable/c/c4ff55408187f2595066967047363ca84e76db85"
},
{
"url": "https://git.kernel.org/stable/c/0b813a6a0087451cb702b6eb841f10856f49d088"
},
{
"url": "https://git.kernel.org/stable/c/fb2d8bc9b5e55848b8a7c3c028e2ee8d49f28f97"
},
{
"url": "https://git.kernel.org/stable/c/7a2464fac80d42f6f8819fed97a553e9c2f43310"
}
],
"title": "drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52470",
"datePublished": "2024-02-25T08:16:33.636Z",
"dateReserved": "2024-02-20T12:30:33.297Z",
"dateUpdated": "2026-05-11T19:27:56.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52629 (GCVE-0-2023-52629)
Vulnerability from cvelistv5 – Published: 2024-03-29 09:13 – Updated: 2026-05-11 19:30
VLAI
EPSS
Title
sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
Summary
In the Linux kernel, the following vulnerability has been resolved:
sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
The original code puts flush_work() before timer_shutdown_sync()
in switch_drv_remove(). Although we use flush_work() to stop
the worker, it could be rescheduled in switch_timer(). As a result,
a use-after-free bug can occur. The details are shown below:
(cpu 0) | (cpu 1)
switch_drv_remove() |
flush_work() |
... | switch_timer // timer
| schedule_work(&psw->work)
timer_shutdown_sync() |
... | switch_work_handler // worker
kfree(psw) // free |
| psw->state = 0 // use
This patch puts timer_shutdown_sync() before flush_work() to
mitigate the bugs. As a result, the worker and timer will be
stopped safely before the deallocate operations.
Severity
8.4 (High)
CWE
- CWE-416 - Use After Free
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
9f5e8eee5cfe1328660c71812d87c2a67bda389f , < 610dbd8ac271aa36080aac50b928d700ee3fe4de
(git)
Affected: 9f5e8eee5cfe1328660c71812d87c2a67bda389f , < 246f80a0b17f8f582b2c0996db02998239057c65 (git) |
|
| Linux | Linux |
Affected:
2.6.20
Unaffected: 0 , < 2.6.20 (semver) Unaffected: 6.5.4 , ≤ 6.5.* (semver) Unaffected: 6.6 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "linux_kernel",
"vendor": "linux",
"versions": [
{
"lessThan": "610dbd8ac271",
"status": "affected",
"version": "9f5e8eee5cfe",
"versionType": "custom"
},
{
"lessThan": "246f80a0b17f",
"status": "affected",
"version": "9f5e8eee5cfe",
"versionType": "custom"
},
{
"status": "affected",
"version": "2.6.20"
},
{
"lessThan": "2.6.20",
"status": "unaffected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6",
"status": "unaffected",
"version": "6.54",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52629",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-01T17:41:22.649775Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T13:39:55.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.222Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/sh/drivers/push-switch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "610dbd8ac271aa36080aac50b928d700ee3fe4de",
"status": "affected",
"version": "9f5e8eee5cfe1328660c71812d87c2a67bda389f",
"versionType": "git"
},
{
"lessThan": "246f80a0b17f8f582b2c0996db02998239057c65",
"status": "affected",
"version": "9f5e8eee5cfe1328660c71812d87c2a67bda389f",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/sh/drivers/push-switch.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.20"
},
{
"lessThan": "2.6.20",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.6",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.4",
"versionStartIncluding": "2.6.20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6",
"versionStartIncluding": "2.6.20",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsh: push-switch: Reorder cleanup operations to avoid use-after-free bug\n\nThe original code puts flush_work() before timer_shutdown_sync()\nin switch_drv_remove(). Although we use flush_work() to stop\nthe worker, it could be rescheduled in switch_timer(). As a result,\na use-after-free bug can occur. The details are shown below:\n\n (cpu 0) | (cpu 1)\nswitch_drv_remove() |\n flush_work() |\n ... | switch_timer // timer\n | schedule_work(\u0026psw-\u003ework)\n timer_shutdown_sync() |\n ... | switch_work_handler // worker\n kfree(psw) // free |\n | psw-\u003estate = 0 // use\n\nThis patch puts timer_shutdown_sync() before flush_work() to\nmitigate the bugs. As a result, the worker and timer will be\nstopped safely before the deallocate operations."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:30:40.834Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/610dbd8ac271aa36080aac50b928d700ee3fe4de"
},
{
"url": "https://git.kernel.org/stable/c/246f80a0b17f8f582b2c0996db02998239057c65"
}
],
"title": "sh: push-switch: Reorder cleanup operations to avoid use-after-free bug",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52629",
"datePublished": "2024-03-29T09:13:45.848Z",
"dateReserved": "2024-03-06T09:52:12.092Z",
"dateUpdated": "2026-05-11T19:30:40.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52644 (GCVE-0-2023-52644)
Vulnerability from cvelistv5 – Published: 2024-04-17 10:27 – Updated: 2026-05-11 19:30
VLAI
EPSS
Title
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
Summary
In the Linux kernel, the following vulnerability has been resolved:
wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
When QoS is disabled, the queue priority value will not map to the correct
ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS
is disabled to prevent trying to stop/wake a non-existent queue and failing
to stop/wake the actual queue instantiated.
Log of issue before change (with kernel parameter qos=0):
[ +5.112651] ------------[ cut here ]------------
[ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]
[ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3
[ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common
[ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]
[ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS
[ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019
[ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]
[ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 <0f> 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00
[ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097
[ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000
[ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900
[ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0
[ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000
[ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40
[ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000
[ +0.000001] CS: 0010 DS: 0
---truncated---
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 1824f942527f784a19e01eac2d9679a21623d010
(git)
Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 31aaf17200c336fe258b70d39c40645ae19d0240 (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 49f067726ab01c87cf57566797a8a719badbbf08 (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455 (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < c67698325c68f8768db858f5c87c34823421746d (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < bc845e2e42cae95172c04bf29807c480f51a2a83 (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 4049a9f80513a6739c5677736a4c88f96df1b436 (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < f1cf77bb870046a6111a604f7f7fe83d1c8c9610 (git) Affected: e6f5b934fba8c44c87c551e066aa7ca6fde2939e , < 9636951e4468f02c72cc75a82dc65d003077edbc (git) |
|
| Linux | Linux |
Affected:
2.6.26
Unaffected: 0 , < 2.6.26 (semver) Unaffected: 4.19.311 , ≤ 4.19.* (semver) Unaffected: 5.4.273 , ≤ 5.4.* (semver) Unaffected: 5.10.214 , ≤ 5.10.* (semver) Unaffected: 5.15.153 , ≤ 5.15.* (semver) Unaffected: 6.1.83 , ≤ 6.1.* (semver) Unaffected: 6.6.23 , ≤ 6.6.* (semver) Unaffected: 6.7.11 , ≤ 6.7.* (semver) Unaffected: 6.8.2 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:03:21.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52644",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:48:35.399948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:27.141Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/b43/b43.h",
"drivers/net/wireless/broadcom/b43/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1824f942527f784a19e01eac2d9679a21623d010",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "31aaf17200c336fe258b70d39c40645ae19d0240",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "49f067726ab01c87cf57566797a8a719badbbf08",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "c67698325c68f8768db858f5c87c34823421746d",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "bc845e2e42cae95172c04bf29807c480f51a2a83",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "4049a9f80513a6739c5677736a4c88f96df1b436",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "f1cf77bb870046a6111a604f7f7fe83d1c8c9610",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
},
{
"lessThan": "9636951e4468f02c72cc75a82dc65d003077edbc",
"status": "affected",
"version": "e6f5b934fba8c44c87c551e066aa7ca6fde2939e",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/net/wireless/broadcom/b43/b43.h",
"drivers/net/wireless/broadcom/b43/dma.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.26"
},
{
"lessThan": "2.6.26",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.311",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.273",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.214",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.153",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.23",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.11",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.311",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.273",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.214",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.153",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.83",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.23",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.11",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.2",
"versionStartIncluding": "2.6.26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled\n\nWhen QoS is disabled, the queue priority value will not map to the correct\nieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS\nis disabled to prevent trying to stop/wake a non-existent queue and failing\nto stop/wake the actual queue instantiated.\n\nLog of issue before change (with kernel parameter qos=0):\n [ +5.112651] ------------[ cut here ]------------\n [ +0.000005] WARNING: CPU: 7 PID: 25513 at net/mac80211/util.c:449 __ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000067] Modules linked in: b43(O) snd_seq_dummy snd_hrtimer snd_seq snd_seq_device nft_chain_nat xt_MASQUERADE nf_nat xfrm_user xfrm_algo xt_addrtype overlay ccm af_packet amdgpu snd_hda_codec_cirrus snd_hda_codec_generic ledtrig_audio drm_exec amdxcp gpu_sched xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip6t_rpfilter ipt_rpfilter xt_pkttype xt_LOG nf_log_syslog xt_tcpudp nft_compat nf_tables nfnetlink sch_fq_codel btusb uinput iTCO_wdt ctr btrtl intel_pmc_bxt i915 intel_rapl_msr mei_hdcp mei_pxp joydev at24 watchdog btintel atkbd libps2 serio radeon btbcm vivaldi_fmap btmtk intel_rapl_common snd_hda_codec_hdmi bluetooth uvcvideo nls_iso8859_1 applesmc nls_cp437 x86_pkg_temp_thermal snd_hda_intel intel_powerclamp vfat videobuf2_vmalloc coretemp fat snd_intel_dspcfg crc32_pclmul uvc polyval_clmulni snd_intel_sdw_acpi loop videobuf2_memops snd_hda_codec tun drm_suballoc_helper polyval_generic drm_ttm_helper drm_buddy tap ecdh_generic videobuf2_v4l2 gf128mul macvlan ttm ghash_clmulni_intel ecc tg3\n [ +0.000044] videodev bridge snd_hda_core rapl crc16 drm_display_helper cec mousedev snd_hwdep evdev intel_cstate bcm5974 hid_appleir videobuf2_common stp mac_hid libphy snd_pcm drm_kms_helper acpi_als mei_me intel_uncore llc mc snd_timer intel_gtt industrialio_triggered_buffer apple_mfi_fastcharge i2c_i801 mei snd lpc_ich agpgart ptp i2c_smbus thunderbolt apple_gmux i2c_algo_bit kfifo_buf video industrialio soundcore pps_core wmi tiny_power_button sbs sbshc button ac cordic bcma mac80211 cfg80211 ssb rfkill libarc4 kvm_intel kvm drm irqbypass fuse backlight firmware_class efi_pstore configfs efivarfs dmi_sysfs ip_tables x_tables autofs4 dm_crypt cbc encrypted_keys trusted asn1_encoder tee tpm rng_core input_leds hid_apple led_class hid_generic usbhid hid sd_mod t10_pi crc64_rocksoft crc64 crc_t10dif crct10dif_generic ahci libahci libata uhci_hcd ehci_pci ehci_hcd crct10dif_pclmul crct10dif_common sha512_ssse3 sha512_generic sha256_ssse3 sha1_ssse3 aesni_intel usbcore scsi_mod libaes crypto_simd cryptd scsi_common\n [ +0.000055] usb_common rtc_cmos btrfs blake2b_generic libcrc32c crc32c_generic crc32c_intel xor raid6_pq dm_snapshot dm_bufio dm_mod dax [last unloaded: b43(O)]\n [ +0.000009] CPU: 7 PID: 25513 Comm: irq/17-b43 Tainted: G W O 6.6.7 #1-NixOS\n [ +0.000003] Hardware name: Apple Inc. MacBookPro8,3/Mac-942459F5819B171B, BIOS 87.0.0.0.0 06/13/2019\n [ +0.000001] RIP: 0010:__ieee80211_wake_queue+0xd5/0x180 [mac80211]\n [ +0.000046] Code: 00 45 85 e4 0f 85 9b 00 00 00 48 8d bd 40 09 00 00 f0 48 0f ba ad 48 09 00 00 00 72 0f 5b 5d 41 5c 41 5d 41 5e e9 cb 6d 3c d0 \u003c0f\u003e 0b 5b 5d 41 5c 41 5d 41 5e c3 cc cc cc cc 48 8d b4 16 94 00 00\n [ +0.000002] RSP: 0018:ffffc90003c77d60 EFLAGS: 00010097\n [ +0.000001] RAX: 0000000000000001 RBX: 0000000000000002 RCX: 0000000000000000\n [ +0.000001] RDX: 0000000000000000 RSI: 0000000000000002 RDI: ffff88820b924900\n [ +0.000002] RBP: ffff88820b924900 R08: ffffc90003c77d90 R09: 000000000003bfd0\n [ +0.000001] R10: ffff88820b924900 R11: ffffc90003c77c68 R12: 0000000000000000\n [ +0.000001] R13: 0000000000000000 R14: ffffc90003c77d90 R15: ffffffffc0fa6f40\n [ +0.000001] FS: 0000000000000000(0000) GS:ffff88846fb80000(0000) knlGS:0000000000000000\n [ +0.000001] CS: 0010 DS: 0\n---truncated---"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:30:57.278Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1824f942527f784a19e01eac2d9679a21623d010"
},
{
"url": "https://git.kernel.org/stable/c/31aaf17200c336fe258b70d39c40645ae19d0240"
},
{
"url": "https://git.kernel.org/stable/c/49f067726ab01c87cf57566797a8a719badbbf08"
},
{
"url": "https://git.kernel.org/stable/c/04a2b6eff2ae1c19cb7f41e803bcbfaf94c06455"
},
{
"url": "https://git.kernel.org/stable/c/c67698325c68f8768db858f5c87c34823421746d"
},
{
"url": "https://git.kernel.org/stable/c/bc845e2e42cae95172c04bf29807c480f51a2a83"
},
{
"url": "https://git.kernel.org/stable/c/4049a9f80513a6739c5677736a4c88f96df1b436"
},
{
"url": "https://git.kernel.org/stable/c/f1cf77bb870046a6111a604f7f7fe83d1c8c9610"
},
{
"url": "https://git.kernel.org/stable/c/9636951e4468f02c72cc75a82dc65d003077edbc"
}
],
"title": "wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52644",
"datePublished": "2024-04-17T10:27:23.053Z",
"dateReserved": "2024-03-06T09:52:12.094Z",
"dateUpdated": "2026-05-11T19:30:57.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52760 (GCVE-0-2023-52760)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:30 – Updated: 2026-05-11 19:32
VLAI
EPSS
Title
gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
Summary
In the Linux kernel, the following vulnerability has been resolved:
gfs2: Fix slab-use-after-free in gfs2_qd_dealloc
In gfs2_put_super(), whether withdrawn or not, the quota should
be cleaned up by gfs2_quota_cleanup().
Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu
callback) has run for all gfs2_quota_data objects, resulting in
use-after-free.
Also, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called
by gfs2_make_fs_ro(), so in gfs2_put_super(), after calling
gfs2_make_fs_ro(), there is no need to call them again.
Severity
No CVSS data available.
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
f66af88e33212b57ea86da2c5d66c0d9d5c46344 , < 08a28272faa750d4357ea2cb48d2baefd778ea81
(git)
Affected: f66af88e33212b57ea86da2c5d66c0d9d5c46344 , < bdcb8aa434c6d36b5c215d02a9ef07551be25a37 (git) |
|
| Linux | Linux |
Affected:
6.6
Unaffected: 0 , < 6.6 (semver) Unaffected: 6.6.3 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52760",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-22T18:26:22.936431Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:24:04.103Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:50:24.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7ad4e0a4f61c57c3ca291ee010a9d677d0199fba"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/08a28272faa750d4357ea2cb48d2baefd778ea81"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/bdcb8aa434c6d36b5c215d02a9ef07551be25a37"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"fs/gfs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "08a28272faa750d4357ea2cb48d2baefd778ea81",
"status": "affected",
"version": "f66af88e33212b57ea86da2c5d66c0d9d5c46344",
"versionType": "git"
},
{
"lessThan": "bdcb8aa434c6d36b5c215d02a9ef07551be25a37",
"status": "affected",
"version": "f66af88e33212b57ea86da2c5d66c0d9d5c46344",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"fs/gfs2/super.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.6"
},
{
"lessThan": "6.6",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "6.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "6.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix slab-use-after-free in gfs2_qd_dealloc\n\nIn gfs2_put_super(), whether withdrawn or not, the quota should\nbe cleaned up by gfs2_quota_cleanup().\n\nOtherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu\ncallback) has run for all gfs2_quota_data objects, resulting in\nuse-after-free.\n\nAlso, gfs2_destroy_threads() and gfs2_quota_cleanup() is already called\nby gfs2_make_fs_ro(), so in gfs2_put_super(), after calling\ngfs2_make_fs_ro(), there is no need to call them again."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:32:36.758Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/08a28272faa750d4357ea2cb48d2baefd778ea81"
},
{
"url": "https://git.kernel.org/stable/c/bdcb8aa434c6d36b5c215d02a9ef07551be25a37"
}
],
"title": "gfs2: Fix slab-use-after-free in gfs2_qd_dealloc",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52760",
"datePublished": "2024-05-21T15:30:46.427Z",
"dateReserved": "2024-05-21T15:19:24.237Z",
"dateUpdated": "2026-05-11T19:32:36.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-52806 (GCVE-0-2023-52806)
Vulnerability from cvelistv5 – Published: 2024-05-21 15:31 – Updated: 2026-05-11 19:33
VLAI
EPSS
Title
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda: Fix possible null-ptr-deref when assigning a stream
While AudioDSP drivers assign streams exclusively of HOST or LINK type,
nothing blocks a user to attempt to assign a COUPLED stream. As
supplied substream instance may be a stub, what is the case when
code-loading, such scenario ends with null-ptr-deref.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 7de25112de8222fd20564769e6c99dc9f9738a0b
(git)
Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 758c7733cb821041f5fd403b7b97c0b95d319323 (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 2527775616f3638f4fd54649eba8c7b84d5e4250 (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 25354bae4fc310c3928e8a42fda2d486f67745d7 (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 631a96e9eb4228ff75fce7e72d133ca81194797e (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 43b91df291c8802268ab3cfd8fccfdf135800ed4 (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0 (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < 4a320da7f7cbdab2098b103c47f45d5061f42edd (git) Affected: 14752412721c61d9ac1e8d8fb51d7148cb15f85b , < f93dc90c2e8ed664985e366aa6459ac83cdab236 (git) |
|
| Linux | Linux |
Affected:
4.2
Unaffected: 0 , < 4.2 (semver) Unaffected: 4.14.331 , ≤ 4.14.* (semver) Unaffected: 4.19.300 , ≤ 4.19.* (semver) Unaffected: 5.4.262 , ≤ 5.4.* (semver) Unaffected: 5.10.202 , ≤ 5.10.* (semver) Unaffected: 5.15.140 , ≤ 5.15.* (semver) Unaffected: 6.1.64 , ≤ 6.1.* (semver) Unaffected: 6.5.13 , ≤ 6.5.* (semver) Unaffected: 6.6.3 , ≤ 6.6.* (semver) Unaffected: 6.7 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:11:36.085Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-52806",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:36:47.089606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:32:54.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/hda/hdac_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "7de25112de8222fd20564769e6c99dc9f9738a0b",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "758c7733cb821041f5fd403b7b97c0b95d319323",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "2527775616f3638f4fd54649eba8c7b84d5e4250",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "25354bae4fc310c3928e8a42fda2d486f67745d7",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "631a96e9eb4228ff75fce7e72d133ca81194797e",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "43b91df291c8802268ab3cfd8fccfdf135800ed4",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "4a320da7f7cbdab2098b103c47f45d5061f42edd",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
},
{
"lessThan": "f93dc90c2e8ed664985e366aa6459ac83cdab236",
"status": "affected",
"version": "14752412721c61d9ac1e8d8fb51d7148cb15f85b",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/hda/hdac_stream.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"lessThan": "4.2",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.14.*",
"status": "unaffected",
"version": "4.14.331",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.300",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.262",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.202",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.140",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.64",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.*",
"status": "unaffected",
"version": "6.5.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.7",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.14.331",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.300",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.262",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.202",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.140",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.64",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.13",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.3",
"versionStartIncluding": "4.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7",
"versionStartIncluding": "4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: Fix possible null-ptr-deref when assigning a stream\n\nWhile AudioDSP drivers assign streams exclusively of HOST or LINK type,\nnothing blocks a user to attempt to assign a COUPLED stream. As\nsupplied substream instance may be a stub, what is the case when\ncode-loading, such scenario ends with null-ptr-deref."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T19:33:28.310Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7de25112de8222fd20564769e6c99dc9f9738a0b"
},
{
"url": "https://git.kernel.org/stable/c/758c7733cb821041f5fd403b7b97c0b95d319323"
},
{
"url": "https://git.kernel.org/stable/c/2527775616f3638f4fd54649eba8c7b84d5e4250"
},
{
"url": "https://git.kernel.org/stable/c/25354bae4fc310c3928e8a42fda2d486f67745d7"
},
{
"url": "https://git.kernel.org/stable/c/631a96e9eb4228ff75fce7e72d133ca81194797e"
},
{
"url": "https://git.kernel.org/stable/c/43b91df291c8802268ab3cfd8fccfdf135800ed4"
},
{
"url": "https://git.kernel.org/stable/c/fe7c1a0c2b25c82807cb46fc3aadbf2664a682b0"
},
{
"url": "https://git.kernel.org/stable/c/4a320da7f7cbdab2098b103c47f45d5061f42edd"
},
{
"url": "https://git.kernel.org/stable/c/f93dc90c2e8ed664985e366aa6459ac83cdab236"
}
],
"title": "ALSA: hda: Fix possible null-ptr-deref when assigning a stream",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2023-52806",
"datePublished": "2024-05-21T15:31:17.025Z",
"dateReserved": "2024-05-21T15:19:24.247Z",
"dateUpdated": "2026-05-11T19:33:28.310Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-22099 (GCVE-0-2024-22099)
Vulnerability from cvelistv5 – Published: 2024-01-25 07:02 – Updated: 2026-05-12 11:43
VLAI
EPSS
Title
NULL pointer deference in rfcomm_check_security in Linux kernel
Summary
NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.
This issue affects Linux kernel: v2.6.12-rc2.
Severity
6.3 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux kernel |
Affected:
v2.6.12-rc2 , < v6.8-rc1
(custom)
|
Date Public
2024-01-19 03:00
Credits
Yuxuan-Hu <20373622@buaa.edu.cn>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22099",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-29T19:53:29.673847Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-05T19:44:19.805Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:43:54.499Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mirrors.openanolis.cn/anolis/",
"defaultStatus": "unaffected",
"modules": [
"net",
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/release-5.10/net/bluetooth/rfcomm/core.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc1",
"status": "affected",
"version": "v2.6.12-rc2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yuxuan-Hu \u003c20373622@buaa.edu.cn\u003e"
}
],
"datePublic": "2024-01-19T03:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers.\u003cp\u003e This vulnerability is associated with program files \u003ctt\u003e/net/bluetooth/rfcomm/core.C\u003c/tt\u003e.\u003c/p\u003e\u003cp\u003eThis issue affects Linux kernel: v2.6.12-rc2.\u003c/p\u003e"
}
],
"value": "NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C.\n\nThis issue affects Linux kernel: v2.6.12-rc2."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:08:47.749Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=7956"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\"\u003ehttps://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=6ec00b0737fe https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/"
}
],
"source": {
"advisory": "Not yet",
"discovery": "INTERNAL"
},
"title": "NULL pointer deference in rfcomm_check_security in Linux kernel",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-22099",
"datePublished": "2024-01-25T07:02:59.928Z",
"dateReserved": "2024-01-15T09:44:45.533Z",
"dateUpdated": "2026-05-12T11:43:54.499Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-24860 (GCVE-0-2024-24860)
Vulnerability from cvelistv5 – Published: 2024-02-05 07:27 – Updated: 2025-02-13 17:40
VLAI
EPSS
Title
Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set()
Summary
A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
Severity
4.6 (Medium)
CWE
- CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux kernel |
Affected:
v5.6-rc1 , < v6.8-rc1
(custom)
|
Credits
白家驹 <baijiaju@buaa.edu.cn>
韩桂栋 <hanguidong@buaa.edu.cn>
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-24860",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-05T14:05:40.448336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:21:19.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:28:12.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://kernel.org/",
"defaultStatus": "unaffected",
"modules": [
"bluetooth"
],
"packageName": "kernel",
"platforms": [
"Linux",
"x86",
"ARM"
],
"product": "Linux kernel",
"programFiles": [
"https://gitee.com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/hci_debugfs.c"
],
"repo": "https://gitee.com/anolis/cloud-kernel.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "v6.8-rc1",
"status": "affected",
"version": "v5.6-rc1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u767d\u5bb6\u9a79 \u003cbaijiaju@buaa.edu.cn\u003e"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "\u97e9\u6842\u680b \u003changuidong@buaa.edu.cn\u003e"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\u003c/p\u003e"
}
],
"value": "A race condition was found in the Linux kernel\u0027s bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue."
}
],
"impacts": [
{
"capecId": "CAPEC-26",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-26 Leveraging Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T21:06:24.953Z",
"orgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"shortName": "Anolis"
},
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/torvalds/linux/commit/da9065caa594d\"\u003ehttps://github.com/torvalds/linux/commit/da9065caa594d\u003c/a\u003e\u003cbr\u003e"
}
],
"value": "https://github.com/torvalds/linux/commit/da9065caa594d https://github.com/torvalds/linux/commit/da9065caa594d"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Race condition vulnerability in Linux kernel bluetooth driver in {min,max}_key_size_set()",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "cb8f1db9-b4b1-487b-a760-f65c4f368d8e",
"assignerShortName": "Anolis",
"cveId": "CVE-2024-24860",
"datePublished": "2024-02-05T07:27:31.042Z",
"dateReserved": "2024-02-01T09:11:56.214Z",
"dateUpdated": "2025-02-13T17:40:34.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26600 (GCVE-0-2024-26600)
Vulnerability from cvelistv5 – Published: 2024-02-24 14:56 – Updated: 2026-05-11 20:00
VLAI
EPSS
Title
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
Summary
In the Linux kernel, the following vulnerability has been resolved:
phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
If the external phy working together with phy-omap-usb2 does not implement
send_srp(), we may still attempt to call it. This can happen on an idle
Ethernet gadget triggering a wakeup for example:
configfs-gadget.g1 gadget.0: ECM Suspend
configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup
...
Unable to handle kernel NULL pointer dereference at virtual address
00000000 when execute
...
PC is at 0x0
LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]
...
musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]
usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]
eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c
dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4
sch_direct_xmit from __dev_queue_xmit+0x334/0xd88
__dev_queue_xmit from arp_solicit+0xf0/0x268
arp_solicit from neigh_probe+0x54/0x7c
neigh_probe from __neigh_event_send+0x22c/0x47c
__neigh_event_send from neigh_resolve_output+0x14c/0x1c0
neigh_resolve_output from ip_finish_output2+0x1c8/0x628
ip_finish_output2 from ip_send_skb+0x40/0xd8
ip_send_skb from udp_send_skb+0x124/0x340
udp_send_skb from udp_sendmsg+0x780/0x984
udp_sendmsg from __sys_sendto+0xd8/0x158
__sys_sendto from ret_fast_syscall+0x0/0x58
Let's fix the issue by checking for send_srp() and set_vbus() before
calling them. For USB peripheral only cases these both could be NULL.
Severity
No CVSS data available.
Assigner
References
8 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 486218c11e8d1c8f515a3bdd70d62203609d4b6b
(git)
Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 8398d8d735ee93a04fb9e9f490e8cacd737e3bf5 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < be3b82e4871ba00e9b5d0ede92d396d579d7b3b3 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 8cc889b9dea0579726be9520fcc766077890b462 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 0430bfcd46657d9116a26cd377f112cbc40826a4 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 14ef61594a5a286ae0d493b8acbf9eac46fd04c4 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 396e17af6761b3cc9e6e4ca94b4de7f642bfece1 (git) Affected: 657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6 , < 7104ba0f1958adb250319e68a15eff89ec4fd36d (git) |
|
| Linux | Linux |
Affected:
3.7
Unaffected: 0 , < 3.7 (semver) Unaffected: 4.19.307 , ≤ 4.19.* (semver) Unaffected: 5.4.269 , ≤ 5.4.* (semver) Unaffected: 5.10.210 , ≤ 5.10.* (semver) Unaffected: 5.15.149 , ≤ 5.15.* (semver) Unaffected: 6.1.78 , ≤ 6.1.* (semver) Unaffected: 6.6.17 , ≤ 6.6.* (semver) Unaffected: 6.7.5 , ≤ 6.7.* (semver) Unaffected: 6.8 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T17:03:23.255963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T17:03:34.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-omap-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "486218c11e8d1c8f515a3bdd70d62203609d4b6b",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "8398d8d735ee93a04fb9e9f490e8cacd737e3bf5",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "be3b82e4871ba00e9b5d0ede92d396d579d7b3b3",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "8cc889b9dea0579726be9520fcc766077890b462",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "0430bfcd46657d9116a26cd377f112cbc40826a4",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "14ef61594a5a286ae0d493b8acbf9eac46fd04c4",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "396e17af6761b3cc9e6e4ca94b4de7f642bfece1",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
},
{
"lessThan": "7104ba0f1958adb250319e68a15eff89ec4fd36d",
"status": "affected",
"version": "657b306a7bdfca4ae1514b533a0e7c3c6d26dbc6",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/phy/ti/phy-omap-usb2.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.7"
},
{
"lessThan": "3.7",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.307",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.269",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.210",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.149",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.78",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.8",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.269",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.149",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.78",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.17",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.5",
"versionStartIncluding": "3.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8",
"versionStartIncluding": "3.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP\n\nIf the external phy working together with phy-omap-usb2 does not implement\nsend_srp(), we may still attempt to call it. This can happen on an idle\nEthernet gadget triggering a wakeup for example:\n\nconfigfs-gadget.g1 gadget.0: ECM Suspend\nconfigfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup\n...\nUnable to handle kernel NULL pointer dereference at virtual address\n00000000 when execute\n...\nPC is at 0x0\nLR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc]\n...\nmusb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core]\nusb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether]\neth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c\ndev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4\nsch_direct_xmit from __dev_queue_xmit+0x334/0xd88\n__dev_queue_xmit from arp_solicit+0xf0/0x268\narp_solicit from neigh_probe+0x54/0x7c\nneigh_probe from __neigh_event_send+0x22c/0x47c\n__neigh_event_send from neigh_resolve_output+0x14c/0x1c0\nneigh_resolve_output from ip_finish_output2+0x1c8/0x628\nip_finish_output2 from ip_send_skb+0x40/0xd8\nip_send_skb from udp_send_skb+0x124/0x340\nudp_send_skb from udp_sendmsg+0x780/0x984\nudp_sendmsg from __sys_sendto+0xd8/0x158\n__sys_sendto from ret_fast_syscall+0x0/0x58\n\nLet\u0027s fix the issue by checking for send_srp() and set_vbus() before\ncalling them. For USB peripheral only cases these both could be NULL."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:00:33.641Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b"
},
{
"url": "https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5"
},
{
"url": "https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3"
},
{
"url": "https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462"
},
{
"url": "https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4"
},
{
"url": "https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4"
},
{
"url": "https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1"
},
{
"url": "https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d"
}
],
"title": "phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26600",
"datePublished": "2024-02-24T14:56:55.674Z",
"dateReserved": "2024-02-19T14:20:24.128Z",
"dateUpdated": "2026-05-11T20:00:33.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-26654 (GCVE-0-2024-26654)
Vulnerability from cvelistv5 – Published: 2024-04-01 08:35 – Updated: 2026-05-11 20:01
VLAI
EPSS
Title
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
Summary
In the Linux kernel, the following vulnerability has been resolved:
ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
The dreamcastcard->timer could schedule the spu_dma_work and the
spu_dma_work could also arm the dreamcastcard->timer.
When the snd_pcm_substream is closing, the aica_channel will be
deallocated. But it could still be dereferenced in the worker
thread. The reason is that del_timer() will return directly
regardless of whether the timer handler is running or not and
the worker could be rescheduled in the timer handler. As a result,
the UAF bug will happen. The racy situation is shown below:
(Thread 1) | (Thread 2)
snd_aicapcm_pcm_close() |
... | run_spu_dma() //worker
| mod_timer()
flush_work() |
del_timer() | aica_period_elapsed() //timer
kfree(dreamcastcard->channel) | schedule_work()
| run_spu_dma() //worker
... | dreamcastcard->channel-> //USE
In order to mitigate this bug and other possible corner cases,
call mod_timer() conditionally in run_spu_dma(), then implement
PCM sync_stop op to cancel both the timer and worker. The sync_stop
op will be called from PCM core appropriately when needed.
Severity
No CVSS data available.
Assigner
References
9 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
198de43d758ca2700e2b52b49c0b189b4931466c , < eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2
(git)
Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 4206ad65a0ee76920041a755bd3c17c6ba59bba2 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < aa39e6878f61f50892ee2dd9d2176f72020be845 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 8c990221681688da34295d6d76cc2f5b963e83f5 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 9d66ae0e7bb78b54e1e0525456c6b54e1d132046 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 61d4787692c1fccdc268ffa7a891f9c149f50901 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 3c907bf56905de7d27b329afaf59c2fb35d17b04 (git) Affected: 198de43d758ca2700e2b52b49c0b189b4931466c , < 051e0840ffa8ab25554d6b14b62c9ab9e4901457 (git) |
|
| Linux | Linux |
Affected:
2.6.23
Unaffected: 0 , < 2.6.23 (semver) Unaffected: 4.19.312 , ≤ 4.19.* (semver) Unaffected: 5.4.274 , ≤ 5.4.* (semver) Unaffected: 5.10.215 , ≤ 5.10.* (semver) Unaffected: 5.15.154 , ≤ 5.15.* (semver) Unaffected: 6.1.84 , ≤ 6.1.* (semver) Unaffected: 6.6.24 , ≤ 6.6.* (semver) Unaffected: 6.7.12 , ≤ 6.7.* (semver) Unaffected: 6.8.3 , ≤ 6.8.* (semver) Unaffected: 6.9 , ≤ * (original_commit_for_fix) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:07:19.846Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04"
},
{
"tags": [
"x_transferred"
],
"url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26654",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T15:53:59.432754Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-11T17:33:42.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"sound/sh/aica.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "4206ad65a0ee76920041a755bd3c17c6ba59bba2",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "aa39e6878f61f50892ee2dd9d2176f72020be845",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "8c990221681688da34295d6d76cc2f5b963e83f5",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "9d66ae0e7bb78b54e1e0525456c6b54e1d132046",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "61d4787692c1fccdc268ffa7a891f9c149f50901",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "3c907bf56905de7d27b329afaf59c2fb35d17b04",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
},
{
"lessThan": "051e0840ffa8ab25554d6b14b62c9ab9e4901457",
"status": "affected",
"version": "198de43d758ca2700e2b52b49c0b189b4931466c",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"sound/sh/aica.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "2.6.23"
},
{
"lessThan": "2.6.23",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.312",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.274",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.215",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.154",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.84",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.7.*",
"status": "unaffected",
"version": "6.7.12",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.8.*",
"status": "unaffected",
"version": "6.8.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.9",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.312",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.274",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.215",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.154",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.84",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.24",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.12",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.8.3",
"versionStartIncluding": "2.6.23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"versionStartIncluding": "2.6.23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: sh: aica: reorder cleanup operations to avoid UAF bugs\n\nThe dreamcastcard-\u003etimer could schedule the spu_dma_work and the\nspu_dma_work could also arm the dreamcastcard-\u003etimer.\n\nWhen the snd_pcm_substream is closing, the aica_channel will be\ndeallocated. But it could still be dereferenced in the worker\nthread. The reason is that del_timer() will return directly\nregardless of whether the timer handler is running or not and\nthe worker could be rescheduled in the timer handler. As a result,\nthe UAF bug will happen. The racy situation is shown below:\n\n (Thread 1) | (Thread 2)\nsnd_aicapcm_pcm_close() |\n ... | run_spu_dma() //worker\n | mod_timer()\n flush_work() |\n del_timer() | aica_period_elapsed() //timer\n kfree(dreamcastcard-\u003echannel) | schedule_work()\n | run_spu_dma() //worker\n ... | dreamcastcard-\u003echannel-\u003e //USE\n\nIn order to mitigate this bug and other possible corner cases,\ncall mod_timer() conditionally in run_spu_dma(), then implement\nPCM sync_stop op to cancel both the timer and worker. The sync_stop\nop will be called from PCM core appropriately when needed."
}
],
"providerMetadata": {
"dateUpdated": "2026-05-11T20:01:35.213Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/eeb2a2ca0b8de7e1c66afaf719529154e7dc60b2"
},
{
"url": "https://git.kernel.org/stable/c/4206ad65a0ee76920041a755bd3c17c6ba59bba2"
},
{
"url": "https://git.kernel.org/stable/c/aa39e6878f61f50892ee2dd9d2176f72020be845"
},
{
"url": "https://git.kernel.org/stable/c/8c990221681688da34295d6d76cc2f5b963e83f5"
},
{
"url": "https://git.kernel.org/stable/c/9d66ae0e7bb78b54e1e0525456c6b54e1d132046"
},
{
"url": "https://git.kernel.org/stable/c/61d4787692c1fccdc268ffa7a891f9c149f50901"
},
{
"url": "https://git.kernel.org/stable/c/e955e8a7f38a856fc6534ba4e6bffd4d5cc80ac3"
},
{
"url": "https://git.kernel.org/stable/c/3c907bf56905de7d27b329afaf59c2fb35d17b04"
},
{
"url": "https://git.kernel.org/stable/c/051e0840ffa8ab25554d6b14b62c9ab9e4901457"
}
],
"title": "ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-26654",
"datePublished": "2024-04-01T08:35:19.763Z",
"dateReserved": "2024-02-19T14:20:24.144Z",
"dateUpdated": "2026-05-11T20:01:35.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…