CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46828 – sched: sch_cake: fix bulk flow accounting logic for host fairness
https://notcve.org/view.php?id=CVE-2024-46828
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows. The count of active bulk flows is updated whenever a flow changes state. This has a peculiar interaction with the hash collision handling: when a hash collision occurs (after the set-associativ... • https://git.kernel.org/stable/c/712639929912c5eefb09facccb48d55b3f72c9f8 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46827 – wifi: ath12k: fix firmware crash due to invalid peer nss
https://notcve.org/view.php?id=CVE-2024-46827
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. This issue arises when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros and due to this, driver obtains peer_nss as 0 and sending this value to... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46826 – ELF: fix kernel.randomize_va_space double read
https://notcve.org/view.php?id=CVE-2024-46826
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is s... • https://git.kernel.org/stable/c/1f81d51141a234ad0a3874b4d185dc27a521cd27 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46825 – wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check
https://notcve.org/view.php?id=CVE-2024-46825
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware, so it should use IWL_FW_CHECK() instead of WARN_ON(). In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check The lookup function iwl_mvm_rcu_fw_link_id_to_link_conf() is normally called with input from the firmware... • https://git.kernel.org/stable/c/415f3634d53c7fb4cf07d2f5a0be7f2e15e6da33 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46823 – kunit/overflow: Fix UB in overflow_allocation_test
https://notcve.org/view.php?id=CVE-2024-46823
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string. In the... • https://git.kernel.org/stable/c/d1207f07decc66546a7fa463d2f335a856c986ef •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46822 – arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
https://notcve.org/view.php?id=CVE-2024-46822
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This func... • https://git.kernel.org/stable/c/f57769ff6fa7f97f1296965f20e8a2bb3ee9fd0f •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46821 – drm/amd/pm: Fix negative array index read
https://notcve.org/view.php?id=CVE-2024-46821
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) Ubuntu Security ... • https://git.kernel.org/stable/c/60f4a4bc3329e5cb8c4df0cc961f0d5ffd96e22d •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46819 – drm/amdgpu: the warning dereferencing obj for nbio_v7_4
https://notcve.org/view.php?id=CVE-2024-46819
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of se... • https://git.kernel.org/stable/c/614564a5b28983de53b23a358ebe6c483a2aa21e •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46818 – drm/amd/display: Check gpio_id before used as array index
https://notcve.org/view.php?id=CVE-2024-46818
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be ch... • https://git.kernel.org/stable/c/8520fdc8ecc38f240a8e9e7af89cca6739c3e790 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46817 – drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6
https://notcve.org/view.php?id=CVE-2024-46817
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. • https://git.kernel.org/stable/c/d619b91d3c4af60ac422f1763ce53d721fb91262 •