CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45000 – fs/netfs/fscache_cookie: add missing "n_accesses" check
https://notcve.org/view.php?id=CVE-2024-45000
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43 Hardware name: HP ProLiant DL380 Gen9/ProLi... • https://git.kernel.org/stable/c/12bb21a29c19aae50cfad4e2bb5c943108f34a7d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44999 – gtp: pull network headers in gtp_dev_xmit()
https://notcve.org/view.php?id=CVE-2024-44999
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Use pskb_inet_may_pull() to fix this issue. [1] BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline] BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline] BUG: KMSAN: uninit-value in gtp_dev_xmi... • https://git.kernel.org/stable/c/459aa660eb1d8ce67080da1983bb81d716aa5a69 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44998 – atm: idt77252: prevent use after free in dequeue_rx()
https://notcve.org/view.php?id=CVE-2024-44998
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released. In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeue_rx() We can't dereference "skb" after calling vcc->push() because the skb is released. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44997 – net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
https://notcve.org/view.php?id=CVE-2024-44997
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. Previously, cb_priv was freed in mtk_wed_setup_tc_block() without marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too. Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL in mtk_wed_setup_tc... • https://git.kernel.org/stable/c/799684448e3e1f57257a6155541e53510488f67b •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44995 – net: hns3: fix a deadlock problem when config TC during resetting
https://notcve.org/view.php?id=CVE-2024-44995
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start │ ▼ ...... setup tc │ │ ▼ ▼ DOWN: napi_disable() napi_disable()(skip) │ │ │ ▼ ▼ ...... ...... │ │ ▼ │ napi_enable() │ ▼ UINIT: netif_napi_del() │ ▼ ...... │ ▼ INIT: netif_napi_add() │ ▼ ...... global reset start │ │ ▼ ▼ UP: napi_enable()(skip) ...... │ │ ▼ ▼ ...... napi_disable... • https://git.kernel.org/stable/c/bb6b94a896d4dd4dcdeccca87c3fd22521c652c0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44991 – tcp: prevent concurrent execution of tcp_sk_exit_batch
https://notcve.org/view.php?id=CVE-2024-44991
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcp_sk_exit_batch Its possible that two threads call tcp_sk_exit_batch() concurrently, once from the cleanup_net workqueue, once from a task that failed to clone a new netns. In the latter case, error unwinding calls the exit handlers in reverse order for the 'failed' netns. tcp_sk_exit_batch() calls tcp_twsk_purge(). Problem is that since commit b099ce2602d8 ("net: Batch inet_twsk_purge"), this function... • https://git.kernel.org/stable/c/e9bd0cca09d13ac2f08d25e195203e42d4ad1ce8 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44990 – bonding: fix null pointer deref in bond_ipsec_offload_ok
https://notcve.org/view.php?id=CVE-2024-44990
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service ... • https://git.kernel.org/stable/c/18cb261afd7bf50134e5ccacc5ec91ea16efadd4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44989 – bonding: fix xfrm real_dev null pointer dereference
https://notcve.org/view.php?id=CVE-2024-44989
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 kernel: bond0: (slave eni0np1): making interface the new active one kernel: #PF: supervisor write access in kernel mode kernel: #PF: error_code(0x... • https://git.kernel.org/stable/c/18cb261afd7bf50134e5ccacc5ec91ea16efadd4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-44988 – net: dsa: mv88e6xxx: Fix out-of-bound access
https://notcve.org/view.php?id=CVE-2024-44988
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array). In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array)... • https://git.kernel.org/stable/c/27a2fa0098171199022affa76bdf15d77585457f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44987 – ipv6: prevent UAF in ip6_send_skb()
https://notcve.org/view.php?id=CVE-2024-44987
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/i... • https://git.kernel.org/stable/c/0625491493d9000e4556bf566d205c28c8e7dc4e •