CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56626 – ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
https://notcve.org/view.php?id=CVE-2024-56626
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. • https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69ca https://git.kernel.org/stable/c/164d3597d26d9acff5d5b8bc3208bdcca942dd6a https://git.kernel.org/stable/c/c5797f195c67132d061d29c57a7c6d30530686f0 https://git.kernel.org/stable/c/313dab082289e460391c82d855430ec8a28ddf81 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56625 – can: dev: can_set_termination(): allow sleeping GPIOs
https://notcve.org/view.php?id=CVE-2024-56625
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason that patch uses gpiod_set_value() to set the GPIO. This leads to the following warning, if the systems uses a sleeping GPIO, i.e. behind an I2C port expander: | WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c | CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c Replace gpiod_set_value() by gpiod_set_value_cansleep() to allow the use of sleeping GPIOs. • https://git.kernel.org/stable/c/6e86a1543c378f2e8837ad88f361b7bf606c80f7 https://git.kernel.org/stable/c/faa0a1975a6fbce30616775216606eb8d6388ea1 https://git.kernel.org/stable/c/46637a608fb1ee871a0ad8bf70d917d5d95ac251 https://git.kernel.org/stable/c/1ac442f25c19953d2f33b92549628b0aeac83db6 https://git.kernel.org/stable/c/3b0c5bb437d31a9864f633b85cbc42d2f6c51c96 https://git.kernel.org/stable/c/ee1dfbdd8b4b6de85e96ae2059dc9c1bdb6b49b5 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56623 – scsi: qla2xxx: Fix use after free on unload
https://notcve.org/view.php?id=CVE-2024-56623
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? • https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e https://git.kernel.org/stable/c/ca36d9d53745d5ec8946ef85006d4da605ea7c54 https://git.kernel.org/stable/c/b3e6f25176f248762a24d25ab8cf8c5e90874f80 https://git.kernel.org/stable/c/15369e774f27ec790f207de87c0b541e3f90b22d https://git.kernel.org/stable/c/6abf16d3c915b2feb68c1c8b25fcb71b13f98478 https://git.kernel.org/stable/c/07c903db0a2ff84b68efa1a74a4de353ea591eb0 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56622 – scsi: ufs: core: sysfs: Prevent div by zero
https://notcve.org/view.php?id=CVE-2024-56622
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. • https://git.kernel.org/stable/c/1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f https://git.kernel.org/stable/c/87bf3ea841a5d77beae6bb85af36b2b3848407ee https://git.kernel.org/stable/c/7b21233e5f72d10f08310689f993c1dbdfde9f2c https://git.kernel.org/stable/c/0069928727c2e95ca26c738fbe6e4b241aeaaf08 https://git.kernel.org/stable/c/9c191055c7abea4912fdb83cb9b261732b25a0c8 https://git.kernel.org/stable/c/eb48e9fc0028bed94a40a9352d065909f19e333c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56619 – nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
https://notcve.org/view.php?id=CVE-2024-56619
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required. • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 https://git.kernel.org/stable/c/09d6d05579fd46e61abf6e457bb100ff11f3a9d3 https://git.kernel.org/stable/c/e3732102a9d638d8627d14fdf7b208462f0520e0 https://git.kernel.org/stable/c/48eb6e7404948032bbe811c5affbe39f6b316951 https://git.kernel.org/stable/c/5af8366625182f01f6d8465c9a3210574673af57 https://git.kernel.org/stable/c/c3afea07477baccdbdec4483f8d5e59d42a3f67f https://git.kernel.org/stable/c/31f7b57a77d4c82a34ddcb6ff35b5aa577ef153e https://git.kernel.org/stable/c/985ebec4ab0a28bb5910c3b1481a40fbf •