CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49953 – net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice
https://notcve.org/view.php?id=CVE-2024-49953
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. ... kthread_park+0x80/0x80 ret_from_fork_asm+0x11/0x20 </TASK> In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. • https://git.kernel.org/stable/c/b2f7b01d36a9b94fbd7489bd1228025ea7e7a2f4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49952 – netfilter: nf_tables: prevent nf_skb_duplicated corruption
https://notcve.org/view.php?id=CVE-2024-49952
21 Oct 2024 — [1] BUG: using __this_cpu_write() in preemptible [00000000] code: syz.4.282/6316 caller is nf_dup_ipv4+0x651/0x8f0 net/ipv4/netfilter/nf_dup_ipv4.c:87 CPU: 0 UID: 0 PID: 6316 Comm: syz.4.282 Not tainted 6.11.0-rc7-syzkaller-00104-g7052622fccb1 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49951 – Bluetooth: MGMT: Fix possible crash on mgmt_index_removed
https://notcve.org/view.php?id=CVE-2024-49951
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entry_valid_or_report+0x98/0xdc 0x0000053D: mgmt_pending_remove+0x18/0x58 [bluetooth] 0x0000053E: mgmt_remove_adv_monitor_complete+0x80/0x108 [bluetooth] 0x0000053E: hci_cmd_sync_work+0xbc/0x164 [bluetooth] So while handling mgmt_in... • https://git.kernel.org/stable/c/7cf5c2978f23fdbb2dd7b4e8b07e362ae2d8211c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49950 – Bluetooth: L2CAP: Fix uaf in l2cap_connect
https://notcve.org/view.php?id=CVE-2024-49950
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/54 CPU: 0 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-00268-g788220eee30d #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci2 hc... • https://git.kernel.org/stable/c/7b064edae38d62d8587a8c574f93b53ce75ae749 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-49949 – net: avoid potential underflow in qdisc_pkt_len_init() with UFO
https://notcve.org/view.php?id=CVE-2024-49949
21 Oct 2024 — [1] [ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 70.724561] #PF: supervisor read access in kernel mode [ 70.724561] #PF: error_code(0x0000) - not-present page [ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0 [ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI [ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991 [ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.724561] RIP: 00... • https://git.kernel.org/stable/c/960b360ca7463921c1a6b72e7066a706d6406223 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49948 – net: add more sanity checks to qdisc_pkt_len_init()
https://notcve.org/view.php?id=CVE-2024-49948
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. • https://git.kernel.org/stable/c/1def9238d4aa2146924994aa4b7dc861f03b9362 •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49947 – net: test for not too small csum_start in virtio_net_hdr_to_skb()
https://notcve.org/view.php?id=CVE-2024-49947
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csum_start in virtio_net_hdr_to_skb() syzbot was able to trigger this warning [1], after injecting a malicious packet through af_packet, setting skb->csum_start and thus the transport header to an incorrect value. ... /include/linux/skbuff.h:1146 .... /include/net/l3mdev.h:213 ne ---truncated--- In the Linux kernel, the following vulnerability has been resolved: net: test for not too small cs... • https://git.kernel.org/stable/c/342c88f406c2acd3dd00767aeacafe883cebb374 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49946 – ppp: do not assume bh is held in ppp_channel_bridge_input()
https://notcve.org/view.php?id=CVE-2024-49946
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input() Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the socket was owned by a user process. ... -{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff0000db7f11e0 (&pch->downl){+.?.}... -{2:2}, at: spin_lock include/linux/spinlock.h:35... • https://git.kernel.org/stable/c/4cf476ced45d7f12df30a68e833b263e7a2202d1 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49945 – net/ncsi: Disable the ncsi work before freeing the associated structure
https://notcve.org/view.php?id=CVE-2024-49945
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic. In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic. • https://git.kernel.org/stable/c/2d283bdd079c0ad4da020bbc9e9c2a4280823098 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49944 – sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
https://notcve.org/view.php?id=CVE-2024-49944
21 Oct 2024 — KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace: