CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42145 – IB/core: Implement a limit on UMAD receive List
https://notcve.org/view.php?id=CVE-2024-42145
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such... • https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42144 – thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
https://notcve.org/view.php?id=CVE-2024-42144
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could p... • https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42140 – riscv: kexec: Avoid deadlock in kexec crash path
https://notcve.org/view.php?id=CVE-2024-42140
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use... • https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42139 – ice: Fix improper extts handling
https://notcve.org/view.php?id=CVE-2024-42139
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause a kernel crash. As a side effect, when the driver is reloaded and application is started again, remaining extts event for the channel from a previous run will keep firing and the message "extts on unexpected channel... • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42137 – Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
https://notcve.org/view.php?id=CVE-2024-42137
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown(... • https://git.kernel.org/stable/c/e84ec6e25df9bb0968599e92eacedaf3a0a5b587 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42136 – cdrom: rearrange last_media_change check to avoid unintentional overflow
https://notcve.org/view.php?id=CVE-2024-42136
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please conver... • https://git.kernel.org/stable/c/0c97527e916054acc4a46ffb02842988acb2e92b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42135 – vhost_task: Handle SIGKILL by flushing work and exiting
https://notcve.org/view.php?id=CVE-2024-42135
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flush operations. 2. setting the virtqueue to worker mapping so no new works are queued. 3. running all the exiting works. In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL ... • https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42134 – virtio-pci: Check if is_avq is NULL
https://notcve.org/view.php?id=CVE-2024-42134
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq. [fix] Check whether it is vp_dev->is_avq before use. [test] Test with virsh Attach device Before this patch, the following command would crash the guest sys... • https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42131 – mm: avoid overflows in dirty throttling logic
https://notcve.org/view.php?id=CVE-2024-42131
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes inter... • https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42130 – nfc/nci: Add the inconsistency check between the input data length and count
https://notcve.org/view.php?id=CVE-2024-42130
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc/nci: Add the inconsistency check between the input data length and count write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf) Syzbot constructed a write() call with a data length of 3 bytes but a count value of 15, which passed too little data to meet the basic requirements of the function nci_rf_intf_activated_ntf_packet(). Therefore, increasing the comparison between data length and count value to avoid problems caused by inc... • https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f •