The Linux Kernel, the operating system core itself.
Security Fix(es):
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix use after free on context disconnection
Upon module load, a kthread is created targeting the pvr2contextthreadfunc function, which may call pvr2contextdestroy and thus call kfree() on the context object. However, that might happen before the usb hubevent handler is able to notify the driver. This patch adds a sanity check before the invalid read reported by syzbot, within the context disconnection call stack.(CVE-2023-52445)
In the Linux kernel, the following vulnerability has been resolved:
mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read().
ubigluebiinit ubiregistervolumenotifier ubienumeratevolumes ubinotifyall gluebinotify nb->notifiercall() gluebicreate mtddeviceregister mtddeviceparseregister addmtddevice blktransnotifyadd not->add() ftladdmtd tr->addmtd() scanheader mtdread mtdreadoob mtdreadoobstd gluebiread mtd->read() gluebi->desc - NULL
Detailed reproduction information available at the Link [1],
In the normal case, obtain gluebi->desc in the gluebigetdevice(), and access gluebi->desc in the gluebiread(). However, gluebigetdevice() is not executed in advance in the ftladd_mtd() process, which leads to NULL pointer dereference.
The solution for the gluebi module is to run jffs2 on the UBI volume without considering working with ftl or mtdblock [2]. Therefore, this problem can be avoided by preventing gluebi from creating the mtdblock device after creating mtd partition of the type MTD_UBIVOLUME.(CVE-2023-52449)
{ "severity": "High" }
{ "aarch64": [ "python3-perf-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "python2-perf-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-source-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-tools-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "perf-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "python2-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "bpftool-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "python3-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-devel-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-debugsource-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "bpftool-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-tools-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-tools-devel-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-debuginfo-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "perf-4.19.90-2403.3.0.0243.oe1.aarch64.rpm", "kernel-4.19.90-2403.3.0.0243.oe1.aarch64.rpm" ], "src": [ "kernel-4.19.90-2403.3.0.0243.oe1.src.rpm" ], "x86_64": [ "python2-perf-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-tools-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "perf-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-source-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-devel-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "bpftool-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "python3-perf-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "perf-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-tools-devel-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-debugsource-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "python3-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "python2-perf-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "bpftool-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm", "kernel-tools-debuginfo-4.19.90-2403.3.0.0243.oe1.x86_64.rpm" ] }