CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-39482 – bcache: fix variable length array abuse in btree_iter
https://notcve.org/view.php?id=CVE-2024-39482
En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bcache: corrige el abuso de matriz de longitud variable en btree_iter btree_iter se usa de dos maneras: ya sea asignado en la pila con un tamaño fijo MAX_BSETS, o desde un mempool con un tamaño dinámico basado en el conjunto de caché específico. • https://git.kernel.org/stable/c/2c3d7b03b658dc8bfa6112b194b67b92a87e081b https://git.kernel.org/stable/c/5a1922adc5798b7ec894cd3f197afb6f9591b023 https://git.kernel.org/stable/c/934e1e4331859183a861f396d7dfaf33cb5afb02 https://git.kernel.org/stable/c/6479b9f41583b013041943c4602e1ad61cec8148 https://git.kernel.org/stable/c/0c31344e22dd8d6b1394c6e4c41d639015bdc671 https://git.kernel.org/stable/c/3a861560ccb35f2a4f0a4b8207fa7c2a35fc7f31 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39479 – drm/i915/hwmon: Get rid of devm
https://notcve.org/view.php?id=CVE-2024-39479
Sin embargo, en i915 hay dos rutas de código independientes, que liberan drvdata o hwmon y cualquiera de ellas puede publicarse antes que la otra. • https://git.kernel.org/stable/c/cfa73607eb21a4ce1d6294a2c5733628897b48a2 https://git.kernel.org/stable/c/ce5a22d22db691d14516c3b8fdbf69139eb2ea8f https://git.kernel.org/stable/c/5bc9de065b8bb9b8dd8799ecb4592d0403b54281 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2024-39476 – md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
https://notcve.org/view.php?id=CVE-2024-39476
This flaw can cause a deadlock when handling I/O operations due to a conflict between the reconfig_mutex and the MD_SB_CHANGE_PENDING flag, leading to excessive CPU usage and denial of service. • https://git.kernel.org/stable/c/f3d55bd5b7b928ad82f8075d89c908702f3593ab https://git.kernel.org/stable/c/1c00bb624cd084e2006520ad0edacaff0fb941c4 https://git.kernel.org/stable/c/782b3e71c957991ac8ae53318bc369049d49bb53 https://git.kernel.org/stable/c/9e86dffd0b02594d2e7c60c6db9e889c0395414b https://git.kernel.org/stable/c/5e2cf333b7bd5d3e62595a44d598a254c697cd74 https://git.kernel.org/stable/c/7d808fe6af8409cf9f46ed2b10840e5788985e9b https://git.kernel.org/stable/c/1e8c1c2a92692881ac7ec92dcf1c8a846584251b https://git.kernel.org/stable/c/7f71d9817cea3582daa2e903596461f5f • CWE-667: Improper Locking CWE-833: Deadlock •
CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-33862
https://notcve.org/view.php?id=CVE-2024-33862
This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system. ... Esto podría conducir potencialmente a una condición de denegación de servicio (DoS), interrumpiendo el funcionamiento normal del sistema. • https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3904
https://notcve.org/view.php?id=CVE-2024-3904
As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product. ... Como resultado, el atacante puede revelar, alterar, destruir o eliminar información del producto, o provocar una condición de denegación de servicio (DoS) en el producto. • https://jvn.jp/vu/JVNVU91215350/index.html https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02 https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf • CWE-276: Incorrect Default Permissions •