CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26771 – dmaengine: ti: edma: Add some null pointer checks to the edma_probe
https://notcve.org/view.php?id=CVE-2024-26771
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dmaengine: ti: edma: agregue algunas comprobaciones de puntero nulo a edma_probe devm_kasprintf() devuelve un puntero a la memoria asignada di... • https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26769 – nvmet-fc: avoid deadlock on delete association path
https://notcve.org/view.php?id=CVE-2024-26769
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: avoid deadlock on delete association path When deleting an association the shutdown path is deadlocking because we try to flush the nvmet_wq nested. Avoid this by deadlock by deferring the put work into its own work item. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet-fc: evita el punto muerto al eliminar la ruta de asociación Al eliminar una asociación, la ruta de cierre se bloquea porque intentamos vaci... • https://git.kernel.org/stable/c/5e0bc09a52b6169ce90f7ac6e195791adb16cec4 • CWE-833: Deadlock •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26767 – drm/amd/display: fixed integer types and null check locations
https://notcve.org/view.php?id=CVE-2024-26767
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: tipos de enteros fijos y ubicaciones de verificación nula [por qué]: problemas solucionados: - comparación con un tipo de entero más amplio en condició... • https://git.kernel.org/stable/c/71783d1ff65204d69207fd156d4b2eb1d3882375 • CWE-170: Improper Null Termination •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26764 – fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
https://notcve.org/view.php?id=CVE-2024-26764
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio If kiocb_set_cancel_fn() is called for I/O submitted via io_uring, the following kernel warning appears: WARNING: CPU: 3 PID: 368 at fs/aio.c:598 kiocb_set_cancel_fn+0x9c/0xa8 Call trace: kiocb_set_cancel_fn+0x9c/0xa8 ffs_epfile_read_iter+0x144/0x1d0 io_read+0x19c/0x498 io_issue_sqe+0x118/0x27c io_submit_sqes+0x25c/0x5fc __arm64_sys_io_uring_enter+0x104/0xab0 invoke_syscall+... • https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26763 – dm-crypt: don't modify the data when using authenticated encryption
https://notcve.org/view.php?id=CVE-2024-26763
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them inside the clone bio. This may reduce performance, but it is needed to prevent the user from corrupting the device by writing data with O_DIRECT and modifying them a... • https://git.kernel.org/stable/c/43a202bd552976497474ae144942e32cc5f34d7e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26758 – md: Don't ignore suspended array in md_check_recovery()
https://notcve.org/view.php?id=CVE-2024-26758
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't be unregistered. After commit f52f5c71f3d4 ("md: fix stopping sync thread"), following hang can be triggered by test shell/integrity-caching.sh: 1) suspend the array: raid_postsuspend mddev_suspend 2) stop the array: raid_dtr md_stop ... • https://git.kernel.org/stable/c/68866e425be2ef2664aa5c691bb3ab789736acf5 • CWE-20: Improper Input Validation CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26756 – md: Don't register sync_thread for reshape directly
https://notcve.org/view.php?id=CVE-2024-26756
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: md: Don't register sync_thread for reshape directly Currently, if reshape is interrupted, then reassemble the array will register sync_thread directly from pers->run(), in this case 'MD_RECOVERY_RUNNING' is set directly, however, there is no guarantee that md_do_sync() will be executed, hence stop_sync_thread() will hang because 'MD_RECOVERY_RUNNING' can't be cleared. Last patch make sure that md_do_sync() will set MD_RECOVERY_DONE, however... • https://git.kernel.org/stable/c/f67055780caac6a99f43834795c43acf99eba6a6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26744 – RDMA/srpt: Support specifying the srpt_service_guid parameter
https://notcve.org/view.php?id=CVE-2024-26744
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash: BUG: kernel NULL pointer dereference, address: 0000000000000000 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26733 – arp: Prevent overflow in arp_req_get().
https://notcve.org/view.php?id=CVE-2024-26733
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26726 – btrfs: don't drop extent_map for free space inode on write error
https://notcve.org/view.php?id=CVE-2024-26726
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6... • https://git.kernel.org/stable/c/02f2b95b00bf57d20320ee168b30fb7f3db8e555 •