CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42281 – bpf: Fix a segment issue when downgrading gso_size
https://notcve.org/view.php?id=CVE-2024-42281
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. Andy Ngu... • https://git.kernel.org/stable/c/2be7e212d5419a400d051c84ca9fdd083e5aacac •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42280 – mISDN: Fix a use after free in hfcmulti_tx()
https://notcve.org/view.php?id=CVE-2024-42280
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service ... • https://git.kernel.org/stable/c/af69fb3a8ffa37e986db00ed93099dc44babeef4 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42277 – iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
https://notcve.org/view.php?id=CVE-2024-42277
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is eq... • https://git.kernel.org/stable/c/92c089a931fd3939cd32318cf4f54e69e8f51a19 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42276 – nvme-pci: add missing condition check for existence of mapped data
https://notcve.org/view.php?id=CVE-2024-42276
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have s... • https://git.kernel.org/stable/c/4aedb705437f6f98b45f45c394e6803ca67abd33 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52889 – apparmor: Fix null pointer deref when receiving skb during sock creation
https://notcve.org/view.php?id=CVE-2023-52889
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: 0000000... • https://git.kernel.org/stable/c/ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42274 – Revert "ALSA: firewire-lib: operate for period elapse event in process context"
https://notcve.org/view.php?id=CVE-2024-42274
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with event... • https://git.kernel.org/stable/c/7ba5ca32fe6e8d2e153fb5602997336517b34743 •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42273 – f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid
https://notcve.org/view.php?id=CVE-2024-42273
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: assign CURSEG_ALL_DATA_ATGC if blkaddr is valid mkdir /mnt/test/comp f2fs_io setflags compression /mnt/test/comp dd if=/dev/zero of=/mnt/test/comp/testfile bs=16k count=1 truncate --size 13 /mnt/test/comp/testfile In the above scenario, we can get a BUG_ON. kernel BUG at fs/f2fs/segment.c:3589! Call Trace: do_write_page+0x78/0x390 [f2fs] f2fs_outplace_write_data+0x62/0xb0 [f2fs] f2fs_do_write_data_page+0x275/0x740 [f2fs] f2fs_write_si... • https://git.kernel.org/stable/c/7c972c89457511007dfc933814c06786905e515c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42272 – sched: act_ct: take care of padding in struct zones_ht_key
https://notcve.org/view.php?id=CVE-2024-42272
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zones_ht_key got a struct net pointer. Make sure rhashtable_lookup() is not using the padding bytes which are not initialized. BUG: KMSAN: uninit-value in rht_ptr_rcu include/linux/rhashtable.h:376 [inline] BUG: KMSAN: uninit-value in __rhashtable_lookup include/linux/rhashtable.h:607 [inline] BUG: KMSAN: unin... • https://git.kernel.org/stable/c/03f625505e27f709390a86c9b78d3707f4c23df8 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42271 – net/iucv: fix use after free in iucv_sock_close()
https://notcve.org/view.php?id=CVE-2024-42271
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_cal... • https://git.kernel.org/stable/c/7d316b9453523498246e9e19a659c423d4c5081e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42270 – netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().
https://notcve.org/view.php?id=CVE-2024-42270
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). We had a report that iptables-restore sometimes triggered null-ptr-deref at boot time. [0] The problem is that iptable_nat_table_init() is exposed to user space before the kernel fully initialises netns. In the small race window, a user could call iptable_nat_table_init() that accesses net_generic(net, iptable_nat_net_id), which is available only after registering iptable_... • https://git.kernel.org/stable/c/fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 •