CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49943 – drm/xe/guc_submit: add missing locking in wedged_fini
https://notcve.org/view.php?id=CVE-2024-49943
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be running concurrently with an async queue destroy, therefore dereferencing the queue ptr to check wedge status after the lookup can trigger UAF if queue is not wedged. ... (cherry picked from commit d28af0b6b9580b9f90c265a7da0315b0ad20bbfd) In the Linux kernel, the following vulnerability has been resolved: drm/xe... • https://git.kernel.org/stable/c/8ed9aaae39f39130b7a3eb2726be05d7f64b344c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49942 – drm/xe: Prevent null pointer access in xe_migrate_copy
https://notcve.org/view.php?id=CVE-2024-49942
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. ... _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku ---truncated--- In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. • https://git.kernel.org/stable/c/266c85885263022954928b125d46ab7a78c77a69 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49941 – gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
https://notcve.org/view.php?id=CVE-2024-49941
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may return a NULL pointer, leading to a scenario where `label->str` is accessed without verifying if `label` itself is NULL. In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In `gpiod_get_label()`, it i... • https://git.kernel.org/stable/c/a86d27693066a34a29be86f394bbad847b2d1749 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49940 – l2tp: prevent possible tunnel refcount underflow
https://notcve.org/view.php?id=CVE-2024-49940
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. ... In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. • https://git.kernel.org/stable/c/f7415e60c25a6108cd7955a20b2e66b6251ffe02 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49939 – wifi: rtw89: avoid to add interface to list twice when SER
https://notcve.org/view.php?id=CVE-2024-49939
21 Oct 2024 — kthread_associate_blkcg+0xa0/0xa0 ret_from_fork_asm+0x11/0x20 Modules linked in: dm_integrity async_xor xor async_tx lz4 lz4_compress zstd zstd_compress zram zsmalloc rfcomm cmac uinput algif_hash algif_skcipher af_alg btusb btrtl iio_trig_hrtimer industrialio_sw_trigger btmtk industrialio_configfs btbcm btintel uvcvideo videobuf2_vmalloc iio_trig_sysfs videobuf2_memops videobuf2_v4l2 videobuf2_common uvc snd_hda_codec_hdmi veth snd_hda_intel snd_intel_dspcfg acpi_als snd_hda_codec industrialio_trig... • https://git.kernel.org/stable/c/e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49938 – wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit
https://notcve.org/view.php?id=CVE-2024-49938
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of... • https://git.kernel.org/stable/c/e6b9bf32e0695e4f374674002de0527d2a6768eb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49937 – wifi: cfg80211: Set correct chandef when starting CAC
https://notcve.org/view.php?id=CVE-2024-49937
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]" caused by the chandef.chan being null at the end of CAC. ... ret_from_fork+0x19/0x24 [shorten subject, remove OCB, reorder cases to match previous list] In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: S... • https://git.kernel.org/stable/c/95f32191e50b75e0f75fae1bb925cdf51d8df0a3 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49936 – net/xen-netback: prevent UAF in xenvif_flush_hash()
https://notcve.org/view.php?id=CVE-2024-49936
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free. In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF ... • https://git.kernel.org/stable/c/a7f0073fcd12ed7de185ef2c0af9d0fa1ddef22c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49935 – ACPI: PAD: fix crash in exit_round_robin()
https://notcve.org/view.php?id=CVE-2024-49935
21 Oct 2024 — /include/linux/cpumask.h: 114 0xffffffffc0726918
CVSS: 4.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49934 – fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
https://notcve.org/view.php?id=CVE-2024-49934
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. ... In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. • https://git.kernel.org/stable/c/1a4159138e718db6199f0abf376ad52f726dcc5c •