CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43847 – wifi: ath12k: fix invalid memory access while processing fragmented packets
https://notcve.org/view.php?id=CVE-2024-43847
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index. When the driver receives an interrupt for the reo reinject ring, the monitor ring is also processed, leading to invalid memory access. Since monitor support is not yet enabled in ath12k, the ring mask for the monitor ring should be removed. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QC... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43846 – lib: objagg: Fix general protection fault
https://notcve.org/view.php?id=CVE-2024-43846
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation on how to aggregate the provided objects. Nesting is not possible in the first case due to a check that prevents it, but in the second case the... • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43845 – udf: Fix bogus checksum computation in udf_rename()
https://notcve.org/view.php?id=CVE-2024-43845
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the s... • https://git.kernel.org/stable/c/9616d00140a1cdf0bfa557019b36923dc7796942 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43842 – wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()
https://notcve.org/view.php?id=CVE-2024-43842
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() In rtw89_sta_info_get_iter() 'status->he_gi' is compared to array size. But then 'rate->he_gi' is used as array index instead of 'status->he_gi'. This can lead to go beyond array boundaries in case of 'rate->he_gi' is not equal to 'status->he_gi' and is bigger than array size. Looks like "copy-paste" mistake. Fix this mistake by replacing 'rate->he_gi' with 'status->he_gi'. F... • https://git.kernel.org/stable/c/e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43841 – wifi: virt_wifi: avoid reporting connection success with wrong SSID
https://notcve.org/view.php?id=CVE-2024-43841
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even i... • https://git.kernel.org/stable/c/c7cdba31ed8b87526db978976392802d3f93110c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43840 – bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG
https://notcve.org/view.php?id=CVE-2024-43840
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls __bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them the struct bpf_tramp_image *im pointer as an argument in R0. The trampoline generation code uses emit_addr_mov_i64() to emit instructions for moving the bpf_tramp_image address into R0, but emit_addr_mov_i64() assumes the address to be in the vmalloc() space and uses ... • https://git.kernel.org/stable/c/efc9909fdce00a827a37609628223cd45bf95d0b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43839 – bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
https://notcve.org/view.php?id=CVE-2024-43839
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_... • https://git.kernel.org/stable/c/8b230ed8ec96c933047dd0625cf95f739e4939a6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43837 – bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT
https://notcve.org/view.php?id=CVE-2024-43837
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be null. At this time, calling resolve_prog_type() anywhere will result in a null pointer dereference. Example stack trace: [ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 [ 8.108262] Mem abort info: [ 8.108384] ESR... • https://git.kernel.org/stable/c/4a9c7bbe2ed4d2b240674b1fb606c41d3940c412 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43835 – virtio_net: Fix napi_skb_cache_put warning
https://notcve.org/view.php?id=CVE-2024-43835
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix napi_skb_cache_put warning After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_... • https://git.kernel.org/stable/c/df133f3f96257ee29696c0ed8bd198ec801dc810 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43834 – xdp: fix invalid wait context of page_pool_destroy()
https://notcve.org/view.php?id=CVE-2024-43834
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of page_pool_destroy() If the driver uses a page pool, it creates a page pool with page_pool_create(). The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference count reaches 0. page_pool_destroy() is used to destroy page pool, it decreases a reference count. When a page pool is destroyed, ->disconnect() is called, which is mem_allocator_disconnect(). This function in... • https://git.kernel.org/stable/c/c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 •