CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52633 – um: time-travel: fix time corruption
https://notcve.org/view.php?id=CVE-2023-52633
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timer_read(), which pushes time forward just a little bit. Then, if we happen to get the interrupt after calculating the new time to push to, but before actually finishing that, the interrupt will set the time to a value that's incompatible with the forward, a... • https://git.kernel.org/stable/c/0c7478a2da3f5fe106b4658338873d50c86ac7ab •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26659 – xhci: handle isoc Babble and Buffer Overrun events properly
https://notcve.org/view.php?id=CVE-2024-26659
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior e... • https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26656 – drm/amdgpu: fix use-after-free bug
https://notcve.org/view.php?id=CVE-2024-26656
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung
CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26654 – ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
https://notcve.org/view.php?id=CVE-2024-26654
01 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is closing, the aica_channel will be deallocated. But it could still be dereferenced in the worker thread. The reason is that del_timer() will return directly regardless of whether the timer handler is running or not and the worker could... • https://git.kernel.org/stable/c/198de43d758ca2700e2b52b49c0b189b4931466c •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52629 – sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
https://notcve.org/view.php?id=CVE-2023-52629
29 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: push-switch: Reorder cleanup operations to avoid use-after-free bug The original code puts flush_work() before timer_shutdown_sync() in switch_drv_remove(). Although we use flush_work() to stop the worker, it could be rescheduled in switch_timer(). As a result, a use-after-free bug can occur. The details are shown below: (cpu 0) | (cpu 1) switch_drv_remove() | flush_work() | ... | switch_timer // timer | schedule_work(&psw->work) timer_... • https://git.kernel.org/stable/c/9f5e8eee5cfe1328660c71812d87c2a67bda389f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52622 – ext4: avoid online resizing failures due to oversized flex bg
https://notcve.org/view.php?id=CVE-2023-52622
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir resize2fs $dev 16G the following WARN_ON is triggered: ================================================================== WARNING: CPU: 0 PID: 427 at mm/page_alloc.c:4402 __alloc_pages+0x411/0x550 Modules linked in: sg(E) CPU: 0 PID: 427 Comm: resize2f... • https://git.kernel.org/stable/c/cd1f93ca97a9136989f3bd2bf90696732a2ed644 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52621 – bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
https://notcve.org/view.php?id=CVE-2023-52621
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers These three bpf_map_{lookup,update,delete}_elem() helpers are also available for sleepable bpf program, so add the corresponding lock assertion for sleepable bpf program, otherwise the following warning will be reported when a sleepable bpf program manipulates bpf map under interpreter mode (aka bpf_jit_enable=0): WARNING: CPU: 3 PID: 4985 at kernel/bpf/helpers.c:40 ......... • https://git.kernel.org/stable/c/82f2df94dac1aa9b879e74d1f82ba1b631bdc612 • CWE-413: Improper Resource Locking •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26644 – btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
https://notcve.org/view.php?id=CVE-2024-26644
26 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't abort filesystem when attempting to snapshot deleted subvolume If the source file descriptor to the snapshot ioctl refers to a deleted subvolume, we get the following abort: BTRFS: Transaction aborted (error -2) WARNING: CPU: 0 PID: 833 at fs/btrfs/transaction.c:1875 create_pending_snapshot+0x1040/0x1190 [btrfs] Modules linked in: pata_acpi btrfs ata_piix libata scsi_mod virtio_net blake2b_generic xor net_failover virtio_rng fa... • https://git.kernel.org/stable/c/c06941564027bdbc01d2df7f41e333c11cb0482d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47173 – misc/uss720: fix memory leak in uss720_probe
https://notcve.org/view.php?id=CVE-2021-47173
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 0... • https://git.kernel.org/stable/c/0f36163d3abefbda1b21a330b3fdf3c2dc076d94 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47170 – USB: usbfs: Don't WARN about excessively large memory allocations
https://notcve.org/view.php?id=CVE-2021-47170
25 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous tr... • https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb •