CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49995 – tipc: guard against string buffer overrun
https://notcve.org/view.php?id=CVE-2024-49995
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. ...... • https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49994 – block: fix integer overflow in BLKSECDISCARD
https://notcve.org/view.php?id=CVE-2024-49994
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. • https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49992 – drm/stm: Avoid use-after-free issues with crtc and plane
https://notcve.org/view.php?id=CVE-2024-49992
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). ... Found by Linux Verification Center (linuxtesting.org). Found by Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/ In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49991 – drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
https://notcve.org/view.php?id=CVE-2024-49991
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to cl... • https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49990 – drm/xe/hdcp: Check GSC structure validity
https://notcve.org/view.php?id=CVE-2024-49990
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capability check. ... In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capability check. • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49989 – drm/amd/display: fix double free issue during amdgpu module unload
https://notcve.org/view.php?id=CVE-2024-49989
21 Oct 2024 — dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191469] kfree+0x260/0x2b0 [ 279.191474] dcn10_link_encoder_destroy+0x19/0x30 [amdgpu] [ 279.191821] link_destroy+0xd7/0x130 [amdgpu] [ 279.192248] dc_destruct+0x90/0x270 [amdgpu] [ 279.192666] dc_destroy+0x19/0x40 [amdgpu] [ 279.193020] amdgpu_dm_fini+0x16e/0x200 [amdgpu] [ 279.193432] dm_hw_fini+0x26/0x40 [amdgpu] [ 279.193795] amdgpu_device_fini_hw+0x24c/0x400 [amdgpu] [ 279.194108] amdgpu_driver_unload_kms+0x4f/0x70 [amdgpu] [ 279.194436] amdgpu_pci_rem... • https://git.kernel.org/stable/c/cf6f3ebd6312d465fee096d1f58089b177c7c67f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49988 – ksmbd: add refcnt to ksmbd_conn struct
https://notcve.org/view.php?id=CVE-2024-49988
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49987 – bpftool: Fix undefined behavior in qsort(NULL, 0, ...)
https://notcve.org/view.php?id=CVE-2024-49987
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) ... In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) • https://git.kernel.org/stable/c/c2d9f9a7837ab29ccae0c42252f17d436bf0a501 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49986 – platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors
https://notcve.org/view.php?id=CVE-2024-49986
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should not be used after calling x86_android_tablet_remove(). In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it ... • https://git.kernel.org/stable/c/5eba0141206ea521bbcfcf5067c174e825e943dd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49985 – i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
https://notcve.org/view.php?id=CVE-2024-49985
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex. In the Linux kernel, the following vulnerability has been resolved: i2c:... • https://git.kernel.org/stable/c/4e7bca6fc07bf9526d797b9787dcb21e40cd10cf •