CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35839 – netfilter: bridge: replace physindev with physinif in nf_bridge_info
https://notcve.org/view.php?id=CVE-2024-35839
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism... • https://git.kernel.org/stable/c/c4e70a87d975d1f561a00abfe2d3cefa2a486c95 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52693 – ACPI: video: check for error while searching for backlight device parent
https://notcve.org/view.php?id=CVE-2023-52693
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle being passed to acpi_get_pci_dev() for detecting the parent pci device. Check acpi_get_parent() result and set parent device only in case of success. Found by ... • https://git.kernel.org/stable/c/9661e92c10a9775243c1ecb73373528ed8725a10 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52676 – bpf: Guard stack limits against 32bit overflow
https://notcve.org/view.php?id=CVE-2023-52676
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in wh... • https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35837 – net: mvpp2: clear BM pool before initialization
https://notcve.org/view.php?id=CVE-2024-35837
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicialización. El valor del registro persiste después de iniciar el kernel usando kexec, lo que genera pánico en el kernel... • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52673 – drm/amd/display: Fix a debugfs null pointer error
https://notcve.org/view.php?id=CVE-2023-52673
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige un error de puntero null de debugfs [POR QUÉ Y CÓMO] Verifique si la devolución de llamada get_subvp_en() existe antes de llamarla. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugf... • https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52671 – drm/amd/display: Fix hang/underflow when transitioning to ODM4:1
https://notcve.org/view.php?id=CVE-2023-52671
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being properly disconnected from the disabled OPTC. [How] Ensure that all OPPs are unassigned from an OPTC when it gets disabled. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrigió bloque... • https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52669 – crypto: s390/aes - Fix buffer overread in CTR mode
https://notcve.org/view.php?id=CVE-2023-52669
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: s390/aes - Corrige la sobrelectura del buffer en modo CTR Al procesar el último bloque, el código c... • https://git.kernel.org/stable/c/0200f3ecc19660bebeabbcbaf212957fcf1dbf8f •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35828 – wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
https://notcve.org/view.php?id=CVE-2024-35828
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaración for de... • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35823 – vt: fix unicode buffer corruption when deleting characters
https://notcve.org/view.php?id=CVE-2024-35823
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vt: corregida la corrupción del búfer Unicode al eliminar caracteres. Este e... • https://git.kernel.org/stable/c/81732c3b2fede049a692e58a7ceabb6d18ffb18c • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35822 – usb: udc: remove warning when queue disabled ep
https://notcve.org/view.php?id=CVE-2024-35822
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As there is no function failure in ... • https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8 •