CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42269 – netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().
https://notcve.org/view.php?id=CVE-2024-42269
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let's call register_pernet_subsys() before xt_register_template(). In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in... • https://git.kernel.org/stable/c/fdacd57c79b79a03c7ca88f706ad9fb7b46831c1 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42268 – net/mlx5: Fix missing lock on sync reset reload
https://notcve.org/view.php?id=CVE-2024-42268
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which results in triggering lock assert like the following: WARNING: CPU: 4 PID: 1164 at net/devlink/core.c:261 devl_assert_locked+0x3e/0x50 … CPU: 4 PID: 1164 Comm: kworker/u96:6 Tainted: G S W 6.10.0-rc2+ ... • https://git.kernel.org/stable/c/84a433a40d0ebf3bbf36b8bfa58c6f45dc782344 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42267 – riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
https://notcve.org/view.php?id=CVE-2024-42267
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don't BUG() the kernel. In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don't BUG() the kernel. Ubuntu Security ... • https://git.kernel.org/stable/c/07037db5d479f90377c998259a4f9a469c404edf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42265 – protect the fetch of ->fd[fd] in do_dup2() from mispredictions
https://notcve.org/view.php?id=CVE-2024-42265
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_locked(); the same solution applies - array_index_nospec(fd, fdt->max_fds) could differ from fd only in case of speculative execution on mispredi... • https://git.kernel.org/stable/c/ed42e8ff509d2a61c6642d1825032072dab79f26 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42259 – drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
https://notcve.org/view.php?id=CVE-2024-42259
14 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritt... • https://git.kernel.org/stable/c/c58305af1835095ddc25ee6f548ac05915e66ac5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42258 – mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines
https://notcve.org/view.php?id=CVE-2024-42258
12 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/ In th... • https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42253 – gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
https://notcve.org/view.php?id=CVE-2024-42253
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * N... • https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42252 – closures: Change BUG_ON() to WARN_ON()
https://notcve.org/view.php?id=CVE-2024-42252
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/closure.c:21! 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP 03240 Modules linked in: 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not... • https://git.kernel.org/stable/c/c894a74756478bb7aec894bcc513add3d554c0cf •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42247 – wireguard: allowedips: avoid unaligned 64-bit memory accesses
https://notcve.org/view.php?id=CVE-2024-42247
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wireguard: allowedips: avoid unaligned 64-bit memory accesses On the parisc platform, the kernel issues kernel warnings because swap_endian() tries to load a 128-bit IPv6 address from an unaligned memory location: Kernel: unaligned access to 0x55f4688c in wg_allowedips_insert_v6+0x2c/0x80 [wireguard] (iir 0xf3010df) Kernel: unaligned access to 0x55f46884 in wg_allowedips_insert_v6+0x38/0x80 [wireguard] (iir 0xf2010dc) Avoid such unaligned m... • https://git.kernel.org/stable/c/e7096c131e5161fa3b8e52a650d7719d2857adfd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42246 – net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
https://notcve.org/view.php?id=CVE-2024-42246
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will propagate -EPERM up into other layers which might not be ready to handle it. It might be safer to map EPERM to an error we would be more likely ... • https://git.kernel.org/stable/c/4fbac77d2d092b475dda9eea66da674369665427 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •