CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-36954 – tipc: fix a possible memleak in tipc_buf_append
https://notcve.org/view.php?id=CVE-2024-36954
In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tipc: soluciona un posible memleak en tipc_buf_append __skb_linearize() no libera el skb cuando falla, así que mueve '*buf = NULL' después de __skb_linearize(), para que el skb se puede liberar en la ruta de error. • https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966 https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026 https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f3 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36953 – KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
https://notcve.org/view.php?id=CVE-2024-36953
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: KVM: arm64: vgic-v2: Verifique vCPU que no sea NULL en vgic_v2_parse_attr() vgic_v2_parse_attr() es responsable de encontrar la vCPU que coincida con el CPUID proporcionado por el usuario, que (de curso) puede no ser válido. Si el ID no es válido, kvm_get_vcpu_by_id() devuelve NULL, que no se maneja correctamente. De manera similar al flujo de uaccess de GICv3, verifique que kvm_get_vcpu_by_id() realmente devuelva algo y falle el ioctl si no. • https://git.kernel.org/stable/c/7d450e2821710718fd6703e9c486249cee913bab https://git.kernel.org/stable/c/4404465a1bee3607ad90a4c5f9e16dfd75b85728 https://git.kernel.org/stable/c/17db92da8be5dd3bf63c01f4109fe47db64fc66f https://git.kernel.org/stable/c/3a5b0378ac6776c7c31b18e0f3c1389bd6005e80 https://git.kernel.org/stable/c/8d6a1c8e3de36cb0f5e866f1a582b00939e23104 https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487 https://git.kernel.org/stable/c/6ddb4f372fc63210034b903d96ebbeb3c7195adb https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36952 – scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
https://notcve.org/view.php?id=CVE-2024-36952
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rport object. This sometimes causes the race condition where the final DA_ID and LOGO are skipped from being sent to the fabric switch. Fix by moving the fc_remove_host() and scsi_remove_host() calls after DA_ID and LOGO are sent. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: lpfc: Mover la anulación del registro de transporte de NPIV a después de la limpieza de recursos. Hay casos después de la eliminación de NPIV en los que el conmutador de tejido todavía cree que el NPIV está registrado en el tejido. • https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0 https://git.kernel.org/stable/c/0936809d968ecf81e0726fbd02ff2a5732d960c3 https://git.kernel.org/stable/c/76337eb8daee32bcc67742efab3168ed4ca299d0 https://git.kernel.org/stable/c/718602cd15f4c5710850090ea3066a89eeb46278 https://git.kernel.org/stable/c/4ddf01f2f1504fa08b766e8cfeec558e9f8eef6c https://access.redhat.com/security/cve/CVE-2024-36952 https://bugzilla.redhat.com/show_bug.cgi?id=2284598 • CWE-459: Incomplete Cleanup •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36951 – drm/amdkfd: range check cp bad op exception interrupts
https://notcve.org/view.php?id=CVE-2024-36951
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api to guard exception code type checking as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: interrupciones de excepción de operación incorrecta de cp de verificación de rango debido a un error de interrupción de CP, se generan códigos de excepción de basura de paquetes incorrectos. Realice una verificación de rango para que el depurador y el tiempo de ejecución no reciban códigos basura. Actualice la API del usuario para proteger también la verificación del tipo de código de excepción. • https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2 https://git.kernel.org/stable/c/b6735bfe941486c5dfc9c3085d2d75d4923f9449 https://git.kernel.org/stable/c/0cac183b98d8a8c692c98e8dba37df15a9e9210d •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36950 – firewire: ohci: mask bus reset interrupts between ISR and bottom half
https://notcve.org/view.php?id=CVE-2024-36950
In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008 in a007bb857e0b26f5d8b73c2ff90782d9c0972620: If OHCI_PARAM_DEBUG_BUSRESETS (8) is set in the debug parameter bitmask, we will unmask bus reset interrupts so we can log them. irq_handler logs the bus reset interrupt. However, we can't clear the bus reset event flag in irq_handler, because we won't service the event until later. irq_handler exits with the event flag still set. If the corresponding interrupt is still unmasked, the first bus reset will usually freeze the system due to irq_handler being called again each time it exits. • https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130 https://git.kernel.org/stable/c/31279bbca40d2f40cb3bbb6d538ec9620a645dec https://git.kernel.org/stable/c/fa273f312334246c909475c5868e6daab889cc8c https://git.kernel.org/stable/c/4f9cc355c328fc4f41cbd9c4cd58b235184fa420 https://git.kernel.org/stable/c/6fafe3661712b143d9c69a7322294bd53f559d5d https://git.kernel.org/stable/c/5982887de60c1b84f9c0ca07c835814d07fd1da0 https://git.kernel.org/stable/c/8643332aac0576581cfdf01798ea3e4e0d624b61 https://git.kernel.org/stable/c/752e3c53de0fa3b7d817a83050b6699b8 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •