CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36909 – Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
https://notcve.org/view.php?id=CVE-2024-36909
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus ring buff... • https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36905 – tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
https://notcve.org/view.php?id=CVE-2024-36905
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by zero in tcp_rcv_space_adjust() A socket makes the following state transitions, without ever calling tcp_init_transfer(), meaning tcp_init_buffer_space() is also not called. TCP_CLOSE connect() TCP_SYN_SENT TCP_SYN_... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36902 – ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()
https://notcve.org/view.php?id=CVE-2024-36902
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 31648 Comm:... • https://git.kernel.org/stable/c/5e5f3f0f801321078c897a5de0b4b4304f234da0 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36901 – ipv6: prevent NULL dereference in ip6_output()
https://notcve.org/view.php?id=CVE-2024-36901
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output(). Most places in IPv6 stack deal with a NULL idev just fine, but not here. syzbot reported: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 9775 Comm: syz-executo... • https://git.kernel.org/stable/c/778d80be52699596bf70e0eb0761cf5e1e46088d • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36897 – drm/amd/display: Atom Integrated System Info v2_2 for DCN35
https://notcve.org/view.php?id=CVE-2024-36897
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Atom Integr... • https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36024 – drm/amd/display: Disable idle reallow as part of command/gpint execution
https://notcve.org/view.php?id=CVE-2024-36024
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution [Why] Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and touch the INBOX1 RPTR causing a HW hang. [How] Disable the reallow to ensure that we have enough of a gap between entry and exit and we're not seeing back-to-back wake_and_executes. En el kernel de Linux, se resol... • https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52880 – tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc
https://notcve.org/view.php?id=CVE-2023-52880
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: requiere CAP_NET_ADMIN para adjuntar el ldisc N_GSM0710. Cualquier usuario sin privilegios puede adjuntar el ldisc N_GSM0710, pero de todos m... • https://git.kernel.org/stable/c/7d303dee473ba3529d75b63491e9963342107bed • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47552 – blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release()
https://notcve.org/view.php?id=CVE-2021-47552
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to cancel dispatch work in blk_release_queue(). However, this way has caused kernel oops[1], reported by Changhui. The log shows that scsi_device can be freed before running blk_release_queue(), which is expected too since scsi_device is rel... • https://git.kernel.org/stable/c/e03513f58919d9e2bc6df765ca2c9da863d03d90 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47549 – sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl
https://notcve.org/view.php?id=CVE-2021-47549
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sata_fsl: fix UAF in sata_fsl_port_stop when rmmod sata_fsl When the `rmmod sata_fsl.ko` command is executed in the PPC64 GNU/Linux, a bug is reported: ================================================================== BUG: Unable to handle kernel data access on read at 0x80000800805b502c Oops: Kernel access of bad area, sig: 11 [#1] NIP [c0000000000388a4] .ioread32+0x4/0x20 LR [80000000000c6034] .sata_fsl_port_stop+0x44/0xe0 [sata_fsl] Cal... • https://git.kernel.org/stable/c/faf0b2e5afe7dae072d2715763c7f992b612b628 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47548 – ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()
https://notcve.org/view.php?id=CVE-2021-47548
24 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of port less than DSAF_GE_NUM (i.e., 8). However, if the value of port is 6 or 7, an array overflow could occur: port_rst_off = dsaf_dev->mac_cb[port]->port_rst_off; because the length of dsaf_dev->mac_cb is DSAF_MAX_PORT_NUM (i.e., 6). To fix this possible array overflow, w... • https://git.kernel.org/stable/c/948968f8747650447c8f21c9fdba0e1973be040b • CWE-129: Improper Validation of Array Index •