CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58237 – bpf: consider that tail calls invalidate packet pointers
https://notcve.org/view.php?id=CVE-2024-58237
05 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packet pointers. Making the change in bpf_helper_changes_pkt_data() automatically makes use of check_cfg() logic that computes 'changes_pkt_data' effect for global sub-programs, such that the following program could be rejected: int tail_c... • https://git.kernel.org/stable/c/51c39bb1d5d105a02e29aa7960f0a395086e6342 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58100 – bpf: check changes_pkt_data property for extension programs
https://notcve.org/view.php?id=CVE-2024-58100
05 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt_data property of the global sub-program. Because of this, an extension program replacing a global sub-program must be compatible with changes_pkt_data property of the sub-program being replaced. This commit: - adds changes_pkt_data f... • https://git.kernel.org/stable/c/be8704ff07d2374bcc5c675526f95e70c6459683 •
CVSS: 9.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58098 – bpf: track changes_pkt_data property for global functions
https://notcve.org/view.php?id=CVE-2024-58098
05 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program: __attribute__((__noinline__)) long skb_pull_data(struct __sk_buff *sk, __u32 len) { return bpf_skb_pull_data(sk, len); } SEC("tc") int test_invalidate_checks(struct __sk_buff *sk) { int *p = (void *)(long)sk->data; if ((void *)(p + 1) > (... • https://git.kernel.org/stable/c/51c39bb1d5d105a02e29aa7960f0a395086e6342 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53143 – ext4: fix another off-by-one fsmap error on 1k block filesystems
https://notcve.org/view.php?id=CVE-2023-53143
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = { .fmh_count = ...; .fmh_keys = { { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, { .fmr_device = /* ext4 dev */, .fmr_physical = 0, }, }, ... }; ret = ioctl(fd, FS_IOC_GETFSMAP, &cmd); Produces this crash if the underlying filesystem is a 1k-block ext4 filesystem: kernel BUG at fs/ext4/e... • https://git.kernel.org/stable/c/4a4956249dac0b9b0027949907bff0cd1a9b57fa •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53141 – ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()
https://notcve.org/view.php?id=CVE-2023-53141
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() ila_xlat_nl_cmd_get_mapping() generates an empty skb, triggerring a recent sanity check [1]. Instead, return an error code, so that user space can get it. [1] skb_assert_len WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 skb_assert_len include/linux/skbuff.h:2527 [inline] WARNING: CPU: 0 PID: 5923 at include/linux/skbuff.h:2527 __dev_queue_xmit+0x1bc0/0x3488 net/... • https://git.kernel.org/stable/c/7f00feaf107645d95a6d87e99b4d141ac0a08efd •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-53140 – scsi: core: Remove the /proc/scsi/${proc_name} directory earlier
https://notcve.org/view.php?id=CVE-2023-53140
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug introduced in 2009 by commit 77c019768f06 ("[SCSI] fix /proc memory leak in the SCSI core"). Fix the following kernel warning: proc_dir_entry 'scsi/scsi_debug' already registered WARNING: CPU: 19 PID: 27986 at fs/proc/generic.c:376 proc_... • https://git.kernel.org/stable/c/77c019768f0607c36e25bec11ce3e1eabef09277 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53139 – nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties
https://notcve.org/view.php?id=CVE-2023-53139
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds ... • https://git.kernel.org/stable/c/a06347c04c13e380afce0c9816df51f00b83faf1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-53138 – net: caif: Fix use-after-free in cfusbl_device_notify()
https://notcve.org/view.php?id=CVE-2023-53138
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: caif: Fix use-after-free in cfusbl_device_notify() syzbot reported use-after-free in cfusbl_device_notify() [1]. This causes a stack trace like below: BUG: KASAN: use-after-free in cfusbl_device_notify+0x7c9/0x870 net/caif/caif_usb.c:138 Read of size 8 at addr ffff88807ac4e6f0 by task kworker/u4:6/1214 CPU: 0 PID: 1214 Comm: kworker/u4:6 Not tainted 5.19.0-rc3-syzkaller-00146-g92f20ff72066 #0 Hardware name: Google Google Compute Engine... • https://git.kernel.org/stable/c/7ad65bf68d705b445ef10b77ab50dab22be185ee •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53137 – ext4: Fix possible corruption when moving a directory
https://notcve.org/view.php?id=CVE-2023-53137
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: Fix possible corruption when moving a directory When we are renaming a directory to a different directory, we need to update '..' entry in the moved directory. However nothing prevents moved directory from being modified and even converted from the inline format to the normal format. When such race happens the rename code gets confused and we crash. Fix the problem by locking the moved directory. In the Linux kernel, the following vul... • https://git.kernel.org/stable/c/32f7f22c0b52e8189fef83986b16dc7abe95f2c4 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-53135 – riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode
https://notcve.org/view.php?id=CVE-2023-53135
02 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Use READ_ONCE_NOCHECK in imprecise unwinding stack mode When CONFIG_FRAME_POINTER is unset, the stack unwinding function walk_stackframe randomly reads the stack and then, when KASAN is enabled, it can lead to the following backtrace: [ 0.000000] ================================================================== [ 0.000000] BUG: KASAN: stack-out-of-bounds in walk_stackframe+0xa6/0x11a [ 0.000000] Read of size 8 at addr ffffffff81807c... • https://git.kernel.org/stable/c/5d8544e2d0075a5f3c9a2cf27152354d54360da1 •