CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39501 – drivers: core: synchronize really_probe() and dev_uevent()
https://notcve.org/view.php?id=CVE-2024-39501
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers: core: synchronize really_probe() and dev_uevent() Synchronize the dev->driver usage in really_probe() and dev_uevent(). These can run in different threads, what can result in the following race condition for dev->driver uninitialization: Thread #1: ========== really_probe() { ... probe_failed: ... device_unbind_cleanup(dev) { ... dev->driver = NULL; // <= Failed probe sets dev->driver to NULL ... } ... } Thread #2: ========== dev_u... • https://git.kernel.org/stable/c/239378f16aa1ab5c502e42a06359d2de4f88ebb4 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39499 – vmci: prevent speculation leaks by sanitizing event in event_deliver()
https://notcve.org/view.php?id=CVE-2024-39499
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization. This change ensures that the event index is sanitized to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by S... • https://git.kernel.org/stable/c/1d990201f9bb499b7c76ab00abeb7e803c0bcb2a • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-39497 – drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)
https://notcve.org/view.php?id=CVE-2024-39497
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) Lack of check for copy-on-write (COW) mapping in drm_gem_shmem_mmap allows users to call mmap with PROT_WRITE and MAP_PRIVATE flag causing a kernel panic due to BUG_ON in vmf_insert_pfn_prot: BUG_ON((vma->vm_flags & VM_PFNMAP) && is_cow_mapping(vma->vm_flags)); Return -EINVAL early if COW mapping is detected. This bug affects all drm drivers using default shmem helpers. It can ... • https://git.kernel.org/stable/c/2194a63a818db71065ebe09c8104f5f021ca4e7b • CWE-825: Expired Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39496 – btrfs: zoned: fix use-after-free due to race with dev replace
https://notcve.org/view.php?id=CVE-2024-39496
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just replaced (source device of the replace operation). This happens because at btrfs_load_zone_info() we extract a device from the chunk map into a local variable and then use the device while not under the protection ... • https://git.kernel.org/stable/c/17765964703b88d8befd899f8501150bb7e07e43 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39495 – greybus: Fix use-after-free bug in gb_interface_release due to race condition.
https://notcve.org/view.php?id=CVE-2024-39495
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: greybus: Fix use-after-free bug in gb_interface_release due to race condition. In gb_interface_create, &intf->mode_switch_completion is bound with gb_interface_mode_switch_work. Then it will be started by gb_interface_request_mode_switch. Here is the relevant code. if (!queue_work(system_long_wq, &intf->mode_switch_work)) { ... } If we call gb_interface_release to make cleanup, there may be an unfinished work. • https://git.kernel.org/stable/c/74cd0a421896b2e07eafe7da4275302bfecef201 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39494 – ima: Fix use-after-free on a dentry's dname.name
https://notcve.org/view.php?id=CVE-2024-39494
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of those are met at any of the sites. Take a stable snapshot of the name instead. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ima: corrige el use... • https://git.kernel.org/stable/c/0b31e28fbd773aefb6164687e0767319b8199829 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-39493 – crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak
https://notcve.org/view.php?id=CVE-2024-39493
10 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: qat: corri... • https://git.kernel.org/stable/c/daba62d9eeddcc5b1081be7d348ca836c83c59d7 •
CVSS: 6.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39490 – ipv6: sr: fix missing sk_buff release in seg6_input_core
https://notcve.org/view.php?id=CVE-2024-39490
10 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_cow_head() to ensure that there is sufficient headroom in the sk_buff for accommodating the link-layer header. In the event that the skb_cow_header() function fails, the seg6_input_core() catches the error but it does not release the ... • https://git.kernel.org/stable/c/af3b5158b89d3bab9be881113417558c71b71ca4 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39489 – ipv6: sr: fix memleak in seg6_hmac_init_algo
https://notcve.org/view.php?id=CVE-2024-39489
10 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_exit to only free the memory when allocated, so we can reuse the code directly. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: sr: corrige memleak en seg6_hmac_init_algo seg6_hmac_init_algo regresa sin limpiar las... • https://git.kernel.org/stable/c/bf355b8d2c30a289232042cacc1cfaea4923936c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39488 – arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY
https://notcve.org/view.php?id=CVE-2024-39488
10 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes to bug_table entries, and as a result the last entry in a bug table will be ignored, potentially leading to an unexpected panic(). All prior entries in the table will be handled correctly. The arm64 ABI requires that struct fields of up to 8 bytes are naturally-aligned, with padding added within a struct such that st... • https://git.kernel.org/stable/c/9fb7410f955f7a62c1f882ca8f9ffd4525907e28 •