CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47679 – vfs: fix race between evice_inodes() and find_inode()&iput()
https://notcve.org/view.php?id=CVE-2024-47679
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between evice_inodes() and find_inode()&iput() Hi, all Recently I noticed a bug[1] in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode (ie ino 261) with i_count 1 is called by iput(), and there's a concurrent thread calling generic_shutdown_super(). cpu0: cpu1: iput() // i_count is 1 ->spin_lock(inode) ->dec i_count to 0 ->iput_final() generic_shutdown_super() ->__inode_add_lru() ->evict... • https://git.kernel.org/stable/c/63997e98a3be68d7cec806d22bf9b02b2e1daabb •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47678 – icmp: change the order of rate limits
https://notcve.org/view.php?id=CVE-2024-47678
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits ... • https://git.kernel.org/stable/c/4cdf507d54525842dfd9f6313fdafba039084046 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47677 – exfat: resolve memory leak from exfat_create_upcase_table()
https://notcve.org/view.php?id=CVE-2024-47677
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfat_create_upcase_table() If exfat_load_upcase_table reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfat_load_default_upcase_table allocates more memory, leading to a memory leak. Here's link to syzkaller crash report illustrating this issue: https://syzkaller.appspot.com/text?tag=CrashReport&x=1406c201980000 • https://git.kernel.org/stable/c/a13d1a4de3b0fe3c41d818697d691c886c5585fa •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47676 – mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
https://notcve.org/view.php?id=CVE-2024-47676
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read(). • https://git.kernel.org/stable/c/9acad7ba3e25d11f4c96df1b7312ae89e6faca5c •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47675 – bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
https://notcve.org/view.php?id=CVE-2024-47675
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. • https://git.kernel.org/stable/c/89ae89f53d201143560f1e9ed4bfa62eee34f88e • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47671 – USB: usbtmc: prevent kernel-usb-infoleak
https://notcve.org/view.php?id=CVE-2024-47671
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. Andy Nguyen discovered that the Bluetooth L2CAP implementation in th... • https://git.kernel.org/stable/c/4ddc645f40e90fa3bc7af3a3f3bd7d29e671a775 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46869 – Bluetooth: btintel_pcie: Allocate memory for driver private data
https://notcve.org/view.php?id=CVE-2024-46869
30 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. • https://git.kernel.org/stable/c/6e65a09f927566f257322358d429b267548473eb •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2785 – Arbitrary Memory read in BPF Linux Kernel
https://notcve.org/view.php?id=CVE-2022-2785
23 Sep 2022 — There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c Se presenta una lectura de memoria arbitraria dentro del BPF del Kernel de Linux - Las constantes proporcionadas para rellenar los punteros en los structs pasados a b... • https://git.kernel.org/bpf/bpf/c/86f44fcec22c • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
28 Feb 2014 — The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente opera... • http://article.gmane.org/gmane.linux.kernel.cifs/9401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2001-0886
https://notcve.org/view.php?id=CVE-2001-0886
21 Dec 2001 — Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character. Desbordamiento de buffer en la función glob de glibc para Red Hat Linux 6.2 a 7.2, y otros sistemas operativos, permite a atacantes causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrarios mediante un patrón de glob que acaba en una llave "{" • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447 •