CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36883 – net: fix out-of-bounds access in ops_init
https://notcve.org/view.php?id=CVE-2024-36883
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then... • https://git.kernel.org/stable/c/073862ba5d249c20bd5c49fc6d904ff0e1f6a672 • CWE-787: Out-of-bounds Write •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36880 – Bluetooth: qca: add missing firmware sanity checks
https://notcve.org/view.php?id=CVE-2024-36880
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: agregar comprobaciones de integridad del firmware faltantes Agregue las comprobaciones de integridad del firmware faltantes al analizar los archivos de firmw... • https://git.kernel.org/stable/c/83e81961ff7ef75f97756f316caea5aa6bcc19cc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36029 – mmc: sdhci-msm: pervent access to suspended controller
https://notcve.org/view.php?id=CVE-2024-36029
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-msm: pervent access to suspended controller Generic sdhci code registers LED device and uses host->runtime_suspended flag to protect access to it. The sdhci-msm driver doesn't set this flag, which causes a crash when LED is accessed while controller is runtime suspended. Fix this by setting the flag correctly. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: sdhci-msm: acceso prohibido al controlador suspen... • https://git.kernel.org/stable/c/67e6db113c903f2b8af924400b7b43ade4b9ac5c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36026 – drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
https://notcve.org/view.php?id=CVE-2024-36026
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 While doing multiple S4 stress tests, GC/RLC/PMFW get into an invalid state resulting into hard hangs. Adding a GFX reset as workaround just before sending the MP1_UNLOAD message avoids this failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/pm: corrige un bloqueo aleatorio en S4 para SMU v13.0.4/11 Al realizar múltiples pruebas de estrés de S4, GC/RLC/PM... • https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36024 – drm/amd/display: Disable idle reallow as part of command/gpint execution
https://notcve.org/view.php?id=CVE-2024-36024
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution [Why] Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and touch the INBOX1 RPTR causing a HW hang. [How] Disable the reallow to ensure that we have enough of a gap between entry and exit and we're not seeing back-to-back wake_and_executes. En el kernel de Linux, se resol... • https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36023 – Julia Lawall reported this null pointer dereference, this should fix it.
https://notcve.org/view.php?id=CVE-2024-36023
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference, this should fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Julia Lawall informó esta desreferencia de puntero nulo, esto debería solucionarlo. • https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e • CWE-476: NULL Pointer Dereference •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36022 – drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
https://notcve.org/view.php?id=CVE-2024-36022
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload In passthrough environment, when amdgpu is reloaded after unload, mode-1 is triggered after initializing the necessary IPs, That init does not include KFD, and KFD init waits until the reset is completed. KFD init is called in the reset handler, but in this case, the zone device and drm client is not initialized, causing app to create kernel panic. v2: Removing the ini... • https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6 • CWE-908: Use of Uninitialized Resource •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36017 – rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation
https://notcve.org/view.php?id=CVE-2024-36017
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct ifla_vf_vlan_info) which is 14 bytes. The current size validation in do_setvfinfo is against NLA_HDRLEN (4 bytes) which is less than sizeof(struct ifla_vf_vlan_info) so this validation is not enough and a too small att... • https://git.kernel.org/stable/c/79aab093a0b5370d7fc4e99df75996f4744dc03f • CWE-125: Out-of-bounds Read •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36016 – tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
https://notcve.org/view.php?id=CVE-2024-36016
29 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes p... • https://git.kernel.org/stable/c/e1eaea46bb4020b38a141b84f88565d4603f8dd0 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.1EPSS: 0%CPEs: 11EXPL: 0CVE-2023-52881 – tcp: do not accept ACK of bytes we never sent
https://notcve.org/view.php?id=CVE-2023-52881
29 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The ACK value is considered acceptable only if it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <= SND.NXT). All incoming segments whose ACK value doesn't satisfy the above condition MUST be discarded and an ACK sent back. It needs t... • https://git.kernel.org/stable/c/354e4aa391ed50a4d827ff6fc11e0667d0859b25 •