CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48870 – tty: fix possible null-ptr-defer in spk_ttyio_release
https://notcve.org/view.php?id=CVE-2022-48870
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speakup_audptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node (MAJOR 10, MINOR 125) speakup 3.1.6: initialized synth name on entry is: (null) synth probe spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned failed (errno -16), then remove the module, we will get a n... • https://git.kernel.org/stable/c/4f2a81f3a88217e7340b2cab5c0a5ebd0112514c •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48869 – USB: gadgetfs: Fix race between mounting and unmounting
https://notcve.org/view.php?id=CVE-2022-48869
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super() can race with gadgetfs_kill_sb(), causing the latter to deallocate the_device while the former is using it. The output from KASAN says, in part: BUG: KASAN: use-after-free in ... • https://git.kernel.org/stable/c/e5d82a7360d124ae1a38c2a5eac92ba49b125191 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48868 – dmaengine: idxd: Let probe fail when workqueue cannot be enabled
https://notcve.org/view.php?id=CVE-2022-48868
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. When the driver is removed it assumes that the workqueue was enabled successfully and proceeds to free allocations made during workqueue enabling. Failure during workqueue enabling does not prevent the driver from being loaded. This is because the error path within drv_enabl... • https://git.kernel.org/stable/c/1f2bb40337f0df1d9af80793e9fdacff7706e654 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48867 – dmaengine: idxd: Prevent use after free on completion memory
https://notcve.org/view.php?id=CVE-2022-48867
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Prevent use after free on completion memory On driver unload any pending descriptors are flushed at the time the interrupt is freed: idxd_dmaengine_drv_remove() -> drv_disable_wq() -> idxd_wq_free_irq() -> idxd_flush_pending_descs(). If there are any descriptors present that need to be flushed this flow triggers a "not present" page fault as below: BUG: unable to handle page fault for address: ff391c97c70c9040 #PF: supervis... • https://git.kernel.org/stable/c/63c14ae6c161dec8ff3be49277edc75a769e054a •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43882 – exec: Fix ToCToU between perm check and set-uid/gid usage
https://notcve.org/view.php?id=CVE-2024-43882
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning ... • https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43881 – wifi: ath12k: change DMA direction while mapping reinjected packets
https://notcve.org/view.php?id=CVE-2024-43881
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: change DMA direction while mapping reinjected packets For fragmented packets, ath12k reassembles each fragment as a normal packet and then reinjects it into HW ring. In this case, the DMA direction should be DMA_TO_DEVICE, not DMA_FROM_DEVICE. Otherwise, an invalid payload may be reinjected into the HW and subsequently delivered to the host. Given that arbitrary memory can be allocated to the skb buffer, knowledge about the da... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43880 – mlxsw: spectrum_acl_erp: Fix object nesting warning
https://notcve.org/view.php?id=CVE-2024-43880
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can contain more ACLs (i.e., tc filters), but the number of masks in each region (i.e., tc chain) is limited. In order to mitigate the effects of the above limitation, the device allows filters to share a single mask if their masks only differ in up to 8 conse... • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43879 – wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
https://notcve.org/view.php?id=CVE-2024-43879
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth. In the Linux ker... • https://git.kernel.org/stable/c/c4cbaf7973a794839af080f13748335976cf3f3f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43877 – media: pci: ivtv: Add check for DMA map result
https://notcve.org/view.php?id=CVE-2024-43877
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pci: ivtv: Add check for DMA map result In case DMA fails, 'dma->SG_length' is 0. This value is later used to access 'dma->SGarray[dma->SG_length - 1]', which will cause out of bounds access. Add check to return early on invalid value. Adjust warnings accordingly. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/1932dc2f4cf6ac23e48e5fcc24d21adbe35691d1 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43876 – PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup()
https://notcve.org/view.php?id=CVE-2024-43876
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() Avoid large backtrace, it is sufficient to warn the user that there has been a link problem. Either the link has failed and the system is in need of maintenance, or the link continues to work and user has been informed. The message from the warning can be looked up in the sources. This makes an actual link issue less verbose. First of all, this controller has a limitat... • https://git.kernel.org/stable/c/84b576146294c2be702cfcd174eaa74167e276f9 •