CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42322 – ipvs: properly dereference pe in ip_vs_add_service
https://notcve.org/view.php?id=CVE-2024-42322
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux ... • https://git.kernel.org/stable/c/39b9722315364121c6e2524515a6e95d52287549 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42321 – net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2024-42321
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net") but this complementary fix has been also suggested by Willem de Bruijn and it can be easily backported to -stable kernel which consists in using DEBUG_NET_WARN_ON_ONCE instead to silence the following spl... • https://git.kernel.org/stable/c/9b52e3f267a6835efd50ed9002d530666d16a411 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42320 – s390/dasd: fix error checks in dasd_copy_pair_store()
https://notcve.org/view.php?id=CVE-2024-42320
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocation fails. However, two callsites in dasd_copy_pair_store() do not check the result, potentially resulting in a NULL pointer dereference. Fix this by checking the result with IS_ERR() and returning the error up the stack. In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_... • https://git.kernel.org/stable/c/a91ff09d39f9b6545254839ac91f1ff7bd21d39e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42319 – mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
https://notcve.org/view.php?id=CVE-2024-42319
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ... The root cause can be deduced to be calling pm_runtime_get_sync() after calling pm_runtime_disable() as observed below: 1. CMDQ d... • https://git.kernel.org/stable/c/623a6143a845bd485b00ba684f0ccef11835edab •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42318 – landlock: Don't lose track of restrictions on cred_transfer
https://notcve.org/view.php?id=CVE-2024-42318
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PARENT updates the parent's credentials), the cred_transfer LSM hook is used instead. Landlock only implements the cred_prepare hook, not cred_transfer, so KEYCTL_SESSION_TO_PARENT causes all information on Landlock restrictions to be lost... • https://git.kernel.org/stable/c/385975dca53eb41031d0cbd1de318eb1bc5d6bb9 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42315 – exfat: fix potential deadlock on __exfat_get_dentry_set
https://notcve.org/view.php?id=CVE-2024-42315
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_r... • https://git.kernel.org/stable/c/bd3bdb9e0d656f760b11d0c638d35d7f7068144d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42313 – media: venus: fix use after free in vdec_close
https://notcve.org/view.php?id=CVE-2024-42313
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/af2c3834c8ca7cc65d15592ac671933df8848115 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-42312 – sysctl: always initialize i_uid/i_gid
https://notcve.org/view.php?id=CVE-2024-42312
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value fail... • https://git.kernel.org/stable/c/5ec27ec735ba0477d48c80561cc5e856f0c5dfaf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42311 – hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
https://notcve.org/view.php?id=CVE-2024-42311
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk... • https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42310 – drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
https://notcve.org/view.php?id=CVE-2024-42310
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the re... • https://git.kernel.org/stable/c/6a227d5fd6c4abe6a9226a40f6981825e9da5fbe •