CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47727 – x86/tdx: Fix "in-kernel MMIO" check
https://notcve.org/view.php?id=CVE-2024-47727
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #... • https://git.kernel.org/stable/c/31d58c4e557d46fa7f8557714250fb6f89c941ae •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47726 – f2fs: fix to wait dio completion
https://notcve.org/view.php?id=CVE-2024-47726
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may ... • https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47724 – wifi: ath11k: use work queue to process beacon tx event
https://notcve.org/view.php?id=CVE-2024-47724
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: use work queue to process beacon tx event Commit 3a415daa3e8b ("wifi: ath11k: add P2P IE in beacon template") from Feb 28, 2024 (linux-next), leads to the following Smatch static checker warning: drivers/net/wireless/ath/ath11k/wmi.c:1742 ath11k_wmi_p2p_go_bcn_ie() warn: sleeping in atomic context The reason is that ath11k_bcn_tx_status_event() will directly call might sleep function ath11k_wmi_cmd_send() during RCU read-side ... • https://git.kernel.org/stable/c/3a415daa3e8ba65f1cc976c172a5ab69bdc17e69 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47723 – jfs: fix out-of-bounds in dbNextAG() and diAlloc()
https://notcve.org/view.php?id=CVE-2024-47723
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount(). And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented. Additionally, a check for the cas... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52917 – ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
https://notcve.org/view.php?id=CVE-2023-52917
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. • https://git.kernel.org/stable/c/e26a5843f7f5014ae4460030ca4de029a3ac35d3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47721 – wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading
https://notcve.org/view.php?id=CVE-2024-47721
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: remove unused C2H event ID RTW89_MAC_C2H_FUNC_READ_WOW_CAM to prevent out-of-bounds reading The handler of firmware C2H event RTW89_MAC_C2H_FUNC_READ_WOW_CAM isn't implemented, but driver expects number of handlers is NUM_OF_RTW89_MAC_C2H_FUNC_WOW causing out-of-bounds access. Fix it by removing ID. Addresses-Coverity-ID: 1598775 ("Out-of-bounds read") In the Linux kernel, the following vulnerability has been resolved: wifi: rt... • https://git.kernel.org/stable/c/ff53fce5c78ba27ec7eb0baff7ef9648fde7ad8e •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47720 – drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
https://notcve.org/view.php?id=CVE-2024-47720
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn30_set_output_transfer_func function. Previously, set_output_gamma was being checked for nullity at line 386, but then it was being dereferenced without any nullity check at line 401. This could potentially lead to a null pointer dereference error if set_output_gamma is inde... • https://git.kernel.org/stable/c/d99f13878d6f9c286b13860d8bf0b4db9ffb189a •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47719 – iommufd: Protect against overflow of ALIGN() during iova allocation
https://notcve.org/view.php?id=CVE-2024-47719
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. CONFIG_IOMMUFD_TEST can detect this: WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] WARNING: CPU: 1 PID: 509... • https://git.kernel.org/stable/c/51fe6141f0f64ae0bbc096a41a07572273e8c0ef •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47718 – wifi: rtw88: always wait for both firmware loading attempts
https://notcve.org/view.php?id=CVE-2024-47718
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()' has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue 'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/c8e5695eae9959fc5774c0f490f2450be8bad3de •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47717 – RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data
https://notcve.org/view.php?id=CVE-2024-47717
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the guest and the guest is forcefully powered-off. Unable to handle kernel NULL pointer dereference at virtual address 0000000000000508 Oops [#1] Modules linked in: kvm CPU: 0 UID: 0 PID: 61 Comm: term-poll Not tainted 6.11.0-rc3-00018-g44d7178dd77a #3 Hardware name: ... • https://git.kernel.org/stable/c/c2f41ddbcdd75689d9f512638a40263e3127be93 •