CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43828 – ext4: fix infinite loop when replaying fast_commit
https://notcve.org/view.php?id=CVE-2024-43828
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproduci... • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43826 – nfs: pass explicit offset/count to trace events
https://notcve.org/view.php?id=CVE-2024-43826
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explіcit offset and length. This has the additional benefit that these values can be more accurate ... • https://git.kernel.org/stable/c/eb5654b3b89d5e836312cea9f3fdb49457852e89 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43825 – iio: Fix the sorting functionality in iio_gts_build_avail_time_table
https://notcve.org/view.php?id=CVE-2024-43825
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: Fix the sorting functionality in iio_gts_build_avail_time_table The sorting in iio_gts_build_avail_time_table is not working as intended. It could result in an out-of-bounds access when the time is zero. Here are more details: 1. When the gts->itime_table[i].time_us is zero, e.g., the time sequence is `3, 0, 1`, the inner for-loop will not terminate and do out-of-bound writes. This is because once `times[j] > new`, the value `new` will... • https://git.kernel.org/stable/c/38416c28e16890b52fdd5eb73479299ec3f062f3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43824 – PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
https://notcve.org/view.php?id=CVE-2024-43824
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference. Also with commit a01e7... • https://git.kernel.org/stable/c/5e50ee27d4a52a817ab152128c48690ec7c5cdf1 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43823 – PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
https://notcve.org/view.php?id=CVE-2024-43823
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, t... • https://git.kernel.org/stable/c/0f71c60ffd26943fa9646aa73ad7889ace116ce2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43821 – scsi: lpfc: Fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-43821
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functions that use this pointer, there are dereferencing operations, leading to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, use scnprintf to notify the user and return len. In the Linux ... • https://git.kernel.org/stable/c/479b0917e4477f49df2e3be454aac3cfa5dec171 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43819 – kvm: s390: Reject memory region operations for ucontrol VMs
https://notcve.org/view.php?id=CVE-2024-43819
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and would thus result in a null pointer dereference further in. Memory management needs to be performed in userspace and using the ioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP. Also improve s390... • https://git.kernel.org/stable/c/27e0393f15fc8bc855c6a888387ff5ffd2181089 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43818 – ASoC: amd: Adjust error handling in case of absent codec device
https://notcve.org/view.php?id=CVE-2024-43818
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no such device, ACPI table error, reference count drop to 0, etc). Existing check just emit error message, but doesn't perform return. Then this NULL pointer is passed to devm_acpi_dev_add_driver_gpios() where it is dereferenced. Adjust this error handling by adding error code return. Found by Linux Verification C... • https://git.kernel.org/stable/c/02527c3f2300100a25524c8c020d98c7957e485e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-43817 – net: missing check virtio
https://notcve.org/view.php?id=CVE-2024-43817
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere the __skb_linearize function will not be executed, then the buffer will remain non-linear. Then the condition (offset >= skb_headlen(skb)) becomes true, which causes WARN_ON_ONCE in skb_checksum... • https://git.kernel.org/stable/c/0f6925b3e8da0dbbb52447ca8a8b42b371aac7db • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42322 – ipvs: properly dereference pe in ip_vs_add_service
https://notcve.org/view.php?id=CVE-2024-42322
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux ... • https://git.kernel.org/stable/c/39b9722315364121c6e2524515a6e95d52287549 •