CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35935 – btrfs: send: handle path ref underflow in header iterate_inode_ref()
https://notcve.org/view.php?id=CVE-2024-35935
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: enviar: manejar el desbordamiento de la referencia de ruta en el encabezado iterate_inode_ref() Cambie BUG_ON al manejo adecuado de errores si falla l... • https://git.kernel.org/stable/c/be2b6bcc936ae17f42fff6494106a5660b35d8d3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35934 – net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
https://notcve.org/view.php?id=CVE-2024-35934
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Many syzbot reports show extreme rtnl pressure, and many of them hint that smc acquires rtnl in netns creation for no good reason [1] This patch returns early from smc_pnet_net_init() if there is no netdevice yet. I am not even sure why smc_pnet_create_pnetids_list() even exists, because smc_pnet_netdev_event() is also calling smc_pnet_add_base_pnetid() when handling NETDEV_UP ... • https://git.kernel.org/stable/c/bc4d1ebca11b4f194e262326bd45938e857c59d2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35933 – Bluetooth: btintel: Fix null ptr deref in btintel_read_version
https://notcve.org/view.php?id=CVE-2024-35933
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: btintel: corrija el ptr deref nulo en btintel_read_version Si se activa hci_cmd_sync_complete() y skb es NULL, entonces hdev->req_skb es NULL, lo que causará este problema. A NULL pointer d... • https://git.kernel.org/stable/c/ec2049fb2b8be3e108fe2ef1f1040f91e72c9990 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35932 – drm/vc4: don't check if plane->state->fb == state->fb
https://notcve.org/view.php?id=CVE-2024-35932
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_... • https://git.kernel.org/stable/c/48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35931 – drm/amdgpu: Skip do PCI error slot reset during RAS recovery
https://notcve.org/view.php?id=CVE-2024-35931
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC multi times, this caused system hang. [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume [ 557.373718] [drm] PCIE GART of 512M enabled. [ 557.373722] [drm] PTB located at 0x0000031FED700000 [ 557.373788] [drm] VRAM is lost due to GPU reset! [ 557.373789] [drm] PSP is resuming... [ 55... • https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35929 – rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
https://notcve.org/view.php?id=CVE-2024-35929
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sys... • https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35925 – block: prevent division by zero in blk_rq_stat_sum()
https://notcve.org/view.php?id=CVE-2024-35925
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloquear: evitar la división por cero en blk_rq_stat_sum() La expresión dst->nr_samples + src->nr_samples puede ... • https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35922 – fbmon: prevent division by zero in fb_videomode_from_videomode()
https://notcve.org/view.php?id=CVE-2024-35922
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode(). Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fbmon: evita la división por cero en fb_videomode_from_videomode() La expresión htotal * vtotal puede tene... • https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52699 – sysv: don't call sb_bread() with pointers_lock held
https://notcve.org/view.php?id=CVE-2023-52699
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux ... • https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35896 – netfilter: validate user input for expected length
https://notcve.org/view.php?id=CVE-2024-35896
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt() @optlen argument should be taken into account before copying data. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •