CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46688 – erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
https://notcve.org/view.php?id=CVE-2024-46688
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking ... • https://git.kernel.org/stable/c/d6db47e571dcaecaeaafa8840d00ae849ae3907b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46687 – btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
https://notcve.org/view.php?id=CVE-2024-46687
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG] There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC... • https://git.kernel.org/stable/c/852eee62d31abd695cd43e1b875d664ed292a8ca •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46686 – smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
https://notcve.org/view.php?id=CVE-2024-46686
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. Ubuntu Security Notice 7156-1 - Chenyuan... • https://git.kernel.org/stable/c/edf38e9f4269591d26b3783c0b348c9345580c3c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46685 – pinctrl: single: fix potential NULL dereference in pcs_get_function()
https://notcve.org/view.php?id=CVE-2024-46685
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can r... • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46684 – binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined
https://notcve.org/view.php?id=CVE-2024-46684
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for the AUX vector when an architecture has ELF_HWCAP2 defined. Prior to the commit 10e29251be0e ("binfmt_elf_fdpic: fix /proc/
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46683 – drm/xe: prevent UAF around preempt fence
https://notcve.org/view.php?id=CVE-2024-46683
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock befor... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46682 – nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
https://notcve.org/view.php?id=CVE-2024-46682
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Prior to commit 3f29cc82a84c ("nfsd: split sc_status out of sc_type") states_show() relied on sc_type field to be of valid type before calling into a subfunction to show content of a particular stateid. From that commit, we split the validity of the stateid into sc_status and no longer changed sc_type to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 ... • https://git.kernel.org/stable/c/3f29cc82a84c23cfd12b903029dd26002ca825f5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46681 – pktgen: use cpus_read_lock() in pg_net_init()
https://notcve.org/view.php?id=CVE-2024-46681
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood. In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46680 – Bluetooth: btnxpuart: Fix random crash seen while removing driver
https://notcve.org/view.php?id=CVE-2024-46680
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Fix random crash seen while removing driver This fixes the random kernel crash seen while removing the driver, when running the load/unload test over multiple iterations. 1) modprobe btnxpuart 2) hciconfig hci0 reset 3) hciconfig (check hci0 interface up with valid BD address) 4) modprobe -r btnxpuart Repeat steps 1 to 4 The ps_wakeup() call in btnxpuart_close() schedules the psdata->work(), which gets scheduled after ... • https://git.kernel.org/stable/c/86d55f124b52de2ba0d066d89b766bcc0387fd72 •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46679 – ethtool: check device is present when getting link settings
https://notcve.org/view.php?id=CVE-2024-46679
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992... • https://git.kernel.org/stable/c/d519e17e2d01a0ee9abe083019532061b4438065 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •