CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50009 – cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value
https://notcve.org/view.php?id=CVE-2024-50009
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/5f250d44b8191d612355dd97b89b37bbc1b5d2cb https://git.kernel.org/stable/c/5493f9714e4cdaf0ee7cec15899a231400cb1a9f •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50008 – wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
https://notcve.org/view.php?id=CVE-2024-50008
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`. With this, fix the following warning: elo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------ elo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field "ext_scan->tlv_buffer" at drivers/net/wireless/marvell/mwifiex/scan.c:2239 (size 1) elo 16 17:51:58 surfacebook kernel: WARNING: CPU: 0 PID: 498 at drivers/net/wireless/marvell/mwifiex/scan.c:2239 mwifiex_cmd_802_11_scan_ext+0x83/0x90 [mwifiex] • https://git.kernel.org/stable/c/1756918f51e9ab247a0f4782cc28853c2bb457c1 https://git.kernel.org/stable/c/e59bdb1ba594104cd0ee0af3ee9e4435d842a8fe https://git.kernel.org/stable/c/17199b69a84798efffc475040fbef44374ef1de1 https://git.kernel.org/stable/c/fef7b51f22cf2049b0ca6740adeb0ba6f2e671dc https://git.kernel.org/stable/c/71267bd4e8c752d7af6c6b96bb83984a6a95273d https://git.kernel.org/stable/c/a3a12c30f9510f3753286fadbc6cdb7dad78c1d5 https://git.kernel.org/stable/c/498365e52bebcbc36a93279fe7e9d6aec8479cee •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50007 – ALSA: asihpi: Fix potential OOB array access
https://notcve.org/view.php?id=CVE-2024-50007
In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity check of the array index to fit in the array size. • https://git.kernel.org/stable/c/219587bca2678e31700ef09ecec178ba1f735674 https://git.kernel.org/stable/c/36ee4021bcc37b834996e79740d095d6f8dd948f https://git.kernel.org/stable/c/e658227d9d4f4e122d81690fdbc0d438b10288f5 https://git.kernel.org/stable/c/7a55740996701f7b2bc46dc988b60ef2e416a747 https://git.kernel.org/stable/c/ad7248a5e92587b9266c62db8bcc4e58de53e372 https://git.kernel.org/stable/c/876d04bf5a8ac1d6af5afd258cd37ab83ab2cf3d https://git.kernel.org/stable/c/7b986c7430a6bb68d523dac7bfc74cbd5b44ef96 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50006 – ext4: fix i_data_sem unlock order in ext4_ind_migrate()
https://notcve.org/view.php?id=CVE-2024-50006
In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system call. This problem only arises when CONFIG_PROVE_LOCKING is enabled. In this case, the jbd2_might_wait_for_commit macro locks jbd2_handle in the jbd2_journal_stop function while i_data_sem is locked. This triggers lockdep because the jbd2_journal_start function might also lock the same jbd2_handle simultaneously. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Rule: add • https://git.kernel.org/stable/c/53b1999cfd2c7addf2e581a32865fe8835467b44 https://git.kernel.org/stable/c/ef05572da0c0eb89614ed01cc17d3c882bdbd1ff https://git.kernel.org/stable/c/9fedf51ab8cf7b69bff08f37fe0989fec7f5d870 https://git.kernel.org/stable/c/d43776b907659affef1de888525847d64b244194 https://git.kernel.org/stable/c/6252cb6bde7fc76cb8dcb49d1def7c326b190820 https://git.kernel.org/stable/c/d58a00e981d3118b91d503da263e640b7cde6729 https://git.kernel.org/stable/c/cc749e61c011c255d81b192a822db650c68b313f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50005 – mac802154: Fix potential RCU dereference issue in mac802154_scan_worker
https://notcve.org/view.php?id=CVE-2024-50005
In the Linux kernel, the following vulnerability has been resolved: mac802154: Fix potential RCU dereference issue in mac802154_scan_worker In the `mac802154_scan_worker` function, the `scan_req->type` field was accessed after the RCU read-side critical section was unlocked. According to RCU usage rules, this is illegal and can lead to unpredictable behavior, such as accessing memory that has been updated or causing use-after-free issues. This possible bug was identified using a static analysis tool developed by myself, specifically designed to detect RCU-related issues. To address this, the `scan_req->type` value is now stored in a local variable `scan_req_type` while still within the RCU read-side critical section. The `scan_req_type` is then used after the RCU lock is released, ensuring that the type value is safely accessed without violating RCU rules. • https://git.kernel.org/stable/c/e2c3e6f53a7a8a00ffeed127cfd1b397c3b016f8 https://git.kernel.org/stable/c/e676e4ea76bbe7f1156d8c326b9b6753849481c2 https://git.kernel.org/stable/c/540138377b22f601f06f55ebfa3ca171dcab471a https://git.kernel.org/stable/c/d18f669461811dfe2915d5554ab2a9834f810013 https://git.kernel.org/stable/c/bff1709b3980bd7f80be6786f64cc9a9ee9e56da •