CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41048 – skmsg: Skip zero length skb in sk_msg_recvmsg
https://notcve.org/view.php?id=CVE-2024-41048
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18 Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018 ... ... ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560 ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0 CRMD: 000000b0 (P... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41046 – net: ethernet: lantiq_etop: fix double free in detach
https://notcve.org/view.php?id=CVE-2024-41046
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times. Ubuntu S... • https://git.kernel.org/stable/c/504d4721ee8e432af4b5f196a08af38bc4dac5fe •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41044 – ppp: reject claimed-as-LCP but actually malformed packets
https://notcve.org/view.php?id=CVE-2024-41044
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise. In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'p... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41042 – netfilter: nf_tables: prefer nft_chain_validate
https://notcve.org/view.php?id=CVE-2024-41042
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps via ->validate callback in nft_lookup, so there appears no reason to iterate the maps again. nf_tables_check_loops() and all its helper functions can be removed. This improves ruleset load time significantly, from 23s down to 12s. Thi... • https://git.kernel.org/stable/c/20a69341f2d00cd042e81c82289fba8a13c05a25 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41041 – udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
https://notcve.org/view.php?id=CVE-2024-41041
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk and use sock_pfree() as skb->destructor, so we check SOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace period. Currently, SOCK_RCU_FREE is flagged for a bound socket after being put into the hash table. Moreover... • https://git.kernel.org/stable/c/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-41035 – USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
https://notcve.org/view.php?id=CVE-2024-41035
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even th... • https://git.kernel.org/stable/c/0a8fd1346254974c3a852338508e4a4cddbb35f1 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41034 – nilfs2: fix kernel bug on rename operation of broken directory
https://notcve.org/view.php?id=CVE-2024-41034
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return locat... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41027 – Fix userfaultfd_api to return EINVAL as expected
https://notcve.org/view.php?id=CVE-2024-41027
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNIN... • https://git.kernel.org/stable/c/e06f1e1dd4998ffc9da37f580703b55a93fc4de4 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41023 – sched/deadline: Fix task_struct reference leak
https://notcve.org/view.php?id=CVE-2024-41023
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the task_struct: unreferenced object 0xffff8881305b8000 (size 16136): comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s) object hex dump (first 32 bytes): 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@............ • https://git.kernel.org/stable/c/feff2e65efd8d84cf831668e182b2ce73c604bbb • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41022 – drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
https://notcve.org/view.php?id=CVE-2024-41022
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of ser... • https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8 •