CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46821 – drm/amd/pm: Fix negative array index read
https://notcve.org/view.php?id=CVE-2024-46821
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang) Michael Randrian... • https://git.kernel.org/stable/c/befd1dc693c98bad69a701ede3a298698f0f9436 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46810 – drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
https://notcve.org/view.php?id=CVE-2024-46810
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hotplug_event(), otherwise this may lead to NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initia... • https://git.kernel.org/stable/c/adc5674c23b8191e596ed0dbaa9600265ac896a8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46806 – drm/amdgpu: Fix the warning division or modulo by zero
https://notcve.org/view.php?id=CVE-2024-46806
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero Checks the partition mode and returns an error for an invalid mode. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compro... • https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46805 – drm/amdgpu: fix the waring dereferencing hive
https://notcve.org/view.php?id=CVE-2024-46805
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possibly execute arbitrary cod... • https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46804 – drm/amd/display: Add array index check for hdcp ddc access
https://notcve.org/view.php?id=CVE-2024-46804
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. [How] Check msg_id valid and valid array index. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. • https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48945 – media: vivid: fix compose size exceed boundary
https://notcve.org/view.php?id=CVE-2022-48945
23 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0... • https://git.kernel.org/stable/c/ef834f7836ec0502f49f20bbc42f1240577a9c83 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46800 – sch/netem: fix use after free in netem_dequeue
https://notcve.org/view.php?id=CVE-2024-46800
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set du... • https://git.kernel.org/stable/c/50612537e9ab29693122fab20fc1eed235054ffe • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46787 – userfaultfd: fix checks for huge PMDs
https://notcve.org/view.php?id=CVE-2024-46787
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race ... • https://git.kernel.org/stable/c/c1a4de99fada21e2e9251e52cbb51eff5aadc757 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46781 – nilfs2: fix missing cleanup on rollforward recovery error
https://notcve.org/view.php?id=CVE-2024-46781
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log writer to create a recovered checkpoint, the inodes whose data had been recovered were left in the ns_dirty_files list of the nilfs object and were... • https://git.kernel.org/stable/c/0f3e1c7f23f8a6f8224fa1d275381f6d9279ad4b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46780 – nilfs2: protect references to superblock parameters exposed in sysfs
https://notcve.org/view.php?id=CVE-2024-46780
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing, and even abandoned when degrading to one side due to backing device issues. So, accessing them requires mutual exclusion using the reader/writer semaphore "nilfs->ns_sem". Some sysfs attribute show methods read th... • https://git.kernel.org/stable/c/da7141fb78db915680616e15677539fc8140cf53 •