CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49873 – mm/filemap: fix filemap_get_folios_contig THP panic
https://notcve.org/view.php?id=CVE-2024-49873
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemap_get_folios_contig THP panic Patch series "memfd-pin huge page fixes". ... In the Linux kernel, the following vulnerability has been resolved: mm/filemap: fix filemap_get_folios_contig THP panic Patch series "memfd-pin huge page fixes". • https://git.kernel.org/stable/c/89c1905d9c140372b7f50ef48f42378cf85d9bc5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49872 – mm/gup: fix memfd_pin_folios alloc race panic
https://notcve.org/view.php?id=CVE-2024-49872
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix memfd_pin_folios alloc race panic If memfd_pin_folios tries to create a hugetlb page, but someone else already did, then folio gets the value -EEXIST here: folio = memfd_alloc_folio(memfd, start_idx); if (IS_ERR(folio)) { ret = PTR_ERR(folio); if (ret !... In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix memfd_pin_folios alloc race panic If memfd_pin_folios tries to create a hugetlb p... • https://git.kernel.org/stable/c/89c1905d9c140372b7f50ef48f42378cf85d9bc5 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49871 – Input: adp5589-keys - fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-49871
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our device object. In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then pass the i2c client ... • https://git.kernel.org/stable/c/30df385e35a48f773b85117fc490152c2395e45b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49870 – cachefiles: fix dentry leak in cachefiles_open_file()
https://notcve.org/view.php?id=CVE-2024-49870
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefiles_open_file() A dentry leak may be caused when a lookup cookie and a cull are concurrent: P1 | P2 ----------------------------------------------------------- cachefiles_lookup_cookie cachefiles_look_up_object lookup_one_positive_unlocked // get dentry cachefiles_cull inode->i_flags |= S_KERNEL_FILE; cachefiles_open_file cachefiles_mark_inode_in_use __cachefiles_mark_inode_in_use can_use = false... • https://git.kernel.org/stable/c/1f08c925e7a38002bde509e66f6f891468848511 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49869 – btrfs: send: fix buffer overflow detection when copying path to cache entry
https://notcve.org/view.php?id=CVE-2024-49869
21 Oct 2024 — This requires marking the "name" array field with __nonstring and using memcpy() instead of strcpy() as recommended by the guidelines at: https://github.com/KSPP/linux/issues/90 In the Linux kernel, the following vulnerability has been resolved: btrfs: send: fix buffer overflow detection when copying path to cache entry Starting with commit c0247d289e73 ("btrfs: send: annotate struct name_cache_entry with __counted_by()") we annotated the variable length array "name" from the name_cache_entry ... • https://git.kernel.org/stable/c/c0247d289e73e18f6ddb0895de30c09770fbed95 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49868 – btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
https://notcve.org/view.php?id=CVE-2024-49868
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a failure. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forci... • https://git.kernel.org/stable/c/1282f001cbf56e5dd6e90a18e205a566793f4be0 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49867 – btrfs: wait for fixup workers before stopping cleaner kthread during umount
https://notcve.org/view.php?id=CVE-2024-49867
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for ... • https://git.kernel.org/stable/c/cd686dfff63f27d712877aef5b962fbf6b8bc264 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49866 – tracing/timerlat: Fix a race during cpuhp processing
https://notcve.org/view.php?id=CVE-2024-49866
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220 WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0 Modules linked in: CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not ta... • https://git.kernel.org/stable/c/c8895e271f7994a3ecb13b8a280e39aa53879545 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49865 – drm/xe/vm: move xa_alloc to prevent UAF
https://notcve.org/view.php?id=CVE-2024-49865
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes and then call vm destroy ioctl to trigger UAF since create ioctl is still referencing the same vm. Move the xa_alloc all the way to the end to prevent this. v2: - Rebase (cherry picked from commit dcfd3971327f3ee92765154baebbaece833d3ca9) In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: mov... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49864 – rxrpc: Fix a race between socket set up and I/O thread creation
https://notcve.org/view.php?id=CVE-2024-49864
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. ... In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. • https://git.kernel.org/stable/c/a275da62e8c111b897b9cb73eb91df2f4e475ca5 •