CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47622 – scsi: ufs: Fix a deadlock in the error handler
https://notcve.org/view.php?id=CVE-2021-47622
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host_reset_handler() queues work that calls ufshcd_err_handler() - ufshcd_err_handler() locks up as follows: Workqueue: ufs_eh_wq_0 ufshcd_err_handler.cfi_jt Call trace: __switch_to+0x298/0x5d8 __schedule+0x6cc/0xa94 schedule+0x12c/0x298 blk_mq... • https://git.kernel.org/stable/c/493c9e850677df8b4eda150c2364b1c1a72ed724 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48783 – net: dsa: lantiq_gswip: fix use after free in gswip_remove()
https://notcve.org/view.php?id=CVE-2022-48783
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus). In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus). • https://git.kernel.org/stable/c/e177d2e85ebcd3008c4b2abc293f4118e04eedef •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48778 – mtd: rawnand: gpmi: don't leak PM reference in error path
https://notcve.org/view.php?id=CVE-2022-48778
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped. In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped. • https://git.kernel.org/stable/c/29218853877a748a2ca41d9957a84b2d6a7f56a7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48775 – Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj
https://notcve.org/view.php?id=CVE-2022-48775
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, kobject_put() must be called to properly clean up the memory associated with the object. Fix memory leak by calling kobject_put(). In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vm... • https://git.kernel.org/stable/c/c2e5df616e1ae6c2a074cb241ebb65a318ebaf7c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48773 – xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create
https://notcve.org/view.php?id=CVE-2022-48773
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers with the error value, otherwise `rpcrdma_ep_destroy` gets confused and tries free them, resulting in an Oops. In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers wi... • https://git.kernel.org/stable/c/1e7433fb95ccc01629a5edaa4ced0cd8c98d0ae0 • CWE-476: NULL Pointer Dereference •
CVSS: 6.4EPSS: 0%CPEs: 10EXPL: 0CVE-2023-52886 – USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
https://notcve.org/view.php?id=CVE-2023-52886
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Read of size 8 at addr ffff88801e78b8c8 by task udevd/5011 CPU: 0 PID: 5011 Comm: udevd Not tainted 6.4.0-rc6-syzkaller-00195-g40f71e7cd3c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine... • https://git.kernel.org/stable/c/218925bfd5d1436e337c4f961e9c149fbe32de6d •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41008 – drm/amdgpu: change vm->task_info handling
https://notcve.org/view.php?id=CVE-2024-41008
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: change vm->task_info handling This patch changes the handling and lifecycle of vm->task_info object. The major changes are: - vm->task_info is a dynamically allocated ptr now, and its uasge is reference counted. - introducing two new helper funcs for task_info lifecycle management - amdgpu_vm_get_task_info: reference counts up task_info before returning this info - amdgpu_vm_put_task_info: reference counts down task_info - last ... • https://git.kernel.org/stable/c/b8f67b9ddf4f8fe6dd536590712b5912ad78f99c • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41007 – tcp: avoid too many retransmit packets
https://notcve.org/view.php?id=CVE-2024-41007
15 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1000), for about 4 minutes after TCP_USER_TIMEOUT has 'expired'. The fix is to make sure tcp_rtx_probe0_timed_out() takes icsk->icsk_user_timeout into account. Before blamed commit, the socket would not timeout after icsk->icsk_user_ti... • https://git.kernel.org/stable/c/b701a99e431db784714c32fc6b68123045714679 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52885 – SUNRPC: Fix UAF in svc_tcp_listen_data_ready()
https://notcve.org/view.php?id=CVE-2023-52885
14 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed listener svc_sock in sk_user_data which cloning from parent. In the race window, if data is received on the newsock, we will observe use-after-free report in svc_tcp_listen_data_ready(). Reproduce by two tasks: 1. while :; do rpc.nfsd 0 ... • https://git.kernel.org/stable/c/fa9251afc33c81606d70cfe91800a779096442ec •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41006 – netrom: Fix a memory leak in nr_heartbeat_expiry()
https://notcve.org/view.php?id=CVE-2024-41006
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix a memory leak in nr_heartbeat_expiry() syzbot reported a memory leak in nr_create() [0]. Commit 409db27e3a2e ("netrom: Fix use-after-free of a listening socket.") added sock_hold() to the nr_heartbeat_expiry() function, where a) a socket has a SOCK_DESTROY flag or b) a listening socket has a SOCK_DEAD flag. But in the case "a," when the SOCK_DESTROY flag is set, the file descriptor has already been closed and the nr_release() fu... • https://git.kernel.org/stable/c/a31caf5779ace8fa98b0d454133808e082ee7a1b •