CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26636 – llc: make llc_ui_sendmsg() more robust against bonding changes
https://notcve.org/view.php?id=CVE-2024-26636
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve spac... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52615 – hwrng: core - Fix page fault dead lock on mmap-ed hwrng
https://notcve.org/view.php?id=CVE-2023-52615
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwrng: core: soluciona el bloqueo de falla de ... • https://git.kernel.org/stable/c/9996508b3353063f2d6c48c1a28a84543d72d70b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-26633 – ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
https://notcve.org/view.php?id=CVE-2024-26633
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/i... • https://git.kernel.org/stable/c/fbfa743a9d2a0ffa24251764f10afc13eb21e739 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52609 – binder: fix race between mmput() and do_exit()
https://notcve.org/view.php?id=CVE-2023-52609
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mma... • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47119 – ext4: fix memory leak in ext4_fill_super
https://notcve.org/view.php?id=CVE-2021-47119
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked. If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksiz... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47118 – pid: take a reference when initializing `cad_pid`
https://notcve.org/view.php?id=CVE-2021-47118
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens proc_do_cad_pid() will increment the refcount on the new pid via get_pid(), and will decrement the refcount on the old pid via put_pid(). As we never called get_pid() when we initialized `cad_pid`, we decrement a reference we never inc... • https://git.kernel.org/stable/c/9ec52099e4b8678a60e9f93e41ad87885d64f3e6 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47117 – ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
https://notcve.org/view.php?id=CVE-2021-47117
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117] Internal error: Oops - BUG: 0 [#1] SMP ...... [130747.334329] Call trace: [130747.334553] ext4_es_cache_extent+0x150/0x168 [ext4] [130747.334975] ext4_cache_extents+0x64/0xe8 [ext4] [130747.335368] ext4_find_extent+0x300/0x330 [ext4... • https://git.kernel.org/stable/c/e33bafad30d34cfa5e9787cb099cab05e2677fcb •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47116 – ext4: fix memory leak in ext4_mb_init_backend on error path.
https://notcve.org/view.php?id=CVE-2021-47116
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_mb_init_backend on error path. Fix a memory leak discovered by syzbot when a file system is corrupted with an illegally large s_log_groups_per_flex. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: corrige la pérdida de memoria en ext4_mb_init_backend en la ruta de error. Solucione una pérdida de memoria descubierta por syzbot cuando un sistema de archivos está dañado con un s_log_groups_pe... • https://git.kernel.org/stable/c/2050c6e5b161e5e25ce3c420fef58b24fa388a49 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47114 – ocfs2: fix data corruption by fallocate
https://notcve.org/view.php?id=CVE-2021-47114
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with buffer write, at that time isize is not yet updated to match the new size, if writeback is kicked in, it will invoke ocfs2_writepage()->block_write_full_page() where the pages out of inode size will be dropped. That will cause file c... • https://git.kernel.org/stable/c/624fa7baa3788dc9e57840ba5b94bc22b03cda57 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47113 – btrfs: abort in rename_exchange if we fail to insert the second ref
https://notcve.org/view.php?id=CVE-2021-47113
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because we insert the inode ref for one side of the rename, and then for the other side. If this second inode ref insert fails we'll leave the first one dangling and leave a corrupt file system behind. Fix this by aborting if we did the insert... • https://git.kernel.org/stable/c/0df50d47d17401f9f140dfbe752a65e5d72f9932 •