CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47681 – wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he
https://notcve.org/view.php?id=CVE-2024-47681
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he Fix the NULL pointer dereference in mt7996_mcu_sta_bfer_he routine adding an sta interface to the mt7996 driver. Found by code review. • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47680 – f2fs: check discard support for conventional zones
https://notcve.org/view.php?id=CVE-2024-47680
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: check discard support for conventional zones As the helper function f2fs_bdev_support_discard() shows, f2fs checks if the target block devices support discard by calling bdev_max_discard_sectors() and bdev_is_zoned(). This check works well for most cases, but it does not work for conventional zones on zoned block devices. F2fs assumes that zoned block devices support discard, and calls __submit_discard_cmd(). When __submit_discard_cmd... • https://git.kernel.org/stable/c/30f1e724142242a453f92d90b33e030014900bf0 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47679 – vfs: fix race between evice_inodes() and find_inode()&iput()
https://notcve.org/view.php?id=CVE-2024-47679
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: vfs: fix race between evice_inodes() and find_inode()&iput() Hi, all Recently I noticed a bug[1] in btrfs, after digged it into and I believe it'a race in vfs. Let's assume there's a inode (ie ino 261) with i_count 1 is called by iput(), and there's a concurrent thread calling generic_shutdown_super(). cpu0: cpu1: iput() // i_count is 1 ->spin_lock(inode) ->dec i_count to 0 ->iput_final() generic_shutdown_super() ->__inode_add_lru() ->evict... • https://git.kernel.org/stable/c/63997e98a3be68d7cec806d22bf9b02b2e1daabb •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47678 – icmp: change the order of rate limits
https://notcve.org/view.php?id=CVE-2024-47678
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: icmp: change the order of rate limits ICMP messages are ratelimited : After the blamed commits, the two rate limiters are applied in this order: 1) host wide ratelimit (icmp_global_allow()) 2) Per destination ratelimit (inetpeer based) In order to avoid side-channels attacks, we need to apply the per destination check first. This patch makes the following change : 1) icmp_global_allow() checks if the host wide limit is reached. But credits ... • https://git.kernel.org/stable/c/4cdf507d54525842dfd9f6313fdafba039084046 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47677 – exfat: resolve memory leak from exfat_create_upcase_table()
https://notcve.org/view.php?id=CVE-2024-47677
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: exfat: resolve memory leak from exfat_create_upcase_table() If exfat_load_upcase_table reaches end and returns -EINVAL, allocated memory doesn't get freed and while exfat_load_default_upcase_table allocates more memory, leading to a memory leak. Here's link to syzkaller crash report illustrating this issue: https://syzkaller.appspot.com/text?tag=CrashReport&x=1406c201980000 • https://git.kernel.org/stable/c/a13d1a4de3b0fe3c41d818697d691c886c5585fa •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47676 – mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway
https://notcve.org/view.php?id=CVE-2024-47676
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb.c: fix UAF of vma in hugetlb fault pathway Syzbot reports a UAF in hugetlb_fault(). This happens because vmf_anon_prepare() could drop the per-VMA lock and allow the current VMA to be freed before hugetlb_vma_unlock_read() is called. We can fix this by using a modified version of vmf_anon_prepare() that doesn't release the VMA lock on failure, and then release it ourselves after hugetlb_vma_unlock_read(). • https://git.kernel.org/stable/c/9acad7ba3e25d11f4c96df1b7312ae89e6faca5c •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47675 – bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()
https://notcve.org/view.php?id=CVE-2024-47675
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() If bpf_link_prime() fails, bpf_uprobe_multi_link_attach() goes to the error_free label and frees the array of bpf_uprobe's without calling bpf_uprobe_unregister(). This leaks bpf_uprobe->uprobe and worse, this frees bpf_uprobe->consumer without removing it from the uprobe->consumers list. • https://git.kernel.org/stable/c/89ae89f53d201143560f1e9ed4bfa62eee34f88e • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47671 – USB: usbtmc: prevent kernel-usb-infoleak
https://notcve.org/view.php?id=CVE-2024-47671
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. Andy Nguyen discovered that the Bluetooth L2CAP implementation in th... • https://git.kernel.org/stable/c/4ddc645f40e90fa3bc7af3a3f3bd7d29e671a775 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46869 – Bluetooth: btintel_pcie: Allocate memory for driver private data
https://notcve.org/view.php?id=CVE-2024-46869
30 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. • https://git.kernel.org/stable/c/6e65a09f927566f257322358d429b267548473eb •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2785 – Arbitrary Memory read in BPF Linux Kernel
https://notcve.org/view.php?id=CVE-2022-2785
23 Sep 2022 — There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c Se presenta una lectura de memoria arbitraria dentro del BPF del Kernel de Linux - Las constantes proporcionadas para rellenar los punteros en los structs pasados a b... • https://git.kernel.org/bpf/bpf/c/86f44fcec22c • CWE-125: Out-of-bounds Read •