3 matches found
CVE-2023-52472
CVE-2023-52472 : Linux kernel vulnerability in crypto: rsa where a NULL dereference could occur if mpi_alloc() allocation fails. The fix adds a check for allocation failure to satisfy static analyzers; current small allocations are unlikely to fail, but the patch is implemented to prevent NULL de...
CVE-2023-52465
CVE-2023-52465 concerns the Linux kernel where the power: supply component fixed a null pointer dereference in smb2_probe. The root cause involved devm_kasprintf and devm_kzalloc potentially returning NULL on allocation failure. The vulnerability is documented with a local attack vector and a hig...
CVE-2023-52440
CVE-2023-52440 affects the ksmbd component of the Linux kernel. Root cause: a slub overflow in ksmbd_decode_ntlmssp_auth_blob() when authblob->SessionKey.Length exceeds CIFS_KEY_SIZE, enabling overflow during key exchange (cifs_arc4_crypt copies from SessionKey). The fix introduces bounds prot...