CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47719 – iommufd: Protect against overflow of ALIGN() during iova allocation
https://notcve.org/view.php?id=CVE-2024-47719
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the t... • https://git.kernel.org/stable/c/51fe6141f0f64ae0bbc096a41a07572273e8c0ef •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47718 – wifi: rtw88: always wait for both firmware loading attempts
https://notcve.org/view.php?id=CVE-2024-47718
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. ... • https://git.kernel.org/stable/c/c8e5695eae9959fc5774c0f490f2450be8bad3de •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47717 – RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data
https://notcve.org/view.php?id=CVE-2024-47717
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer crash is observed when SBI PMU snapshot is enabled for the guest and the guest is forcefully powered-off. In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Don't zero-out PMU snapshot area before freeing data With the latest Linux-6.11-rc3, the below NULL pointer ... • https://git.kernel.org/stable/c/c2f41ddbcdd75689d9f512638a40263e3127be93 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47716 – ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros
https://notcve.org/view.php?id=CVE-2024-47716
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [<... • https://git.kernel.org/stable/c/4708fb041346fa9cc6745dafb8c248a3e2f1075b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47715 – wifi: mt76: mt7915: fix oops on non-dbdc mt7986
https://notcve.org/view.php?id=CVE-2024-47715
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix oops on non-dbdc mt7986 mt7915_band_config() sets band_idx = 1 on the main phy for mt7986 with MT7975_ONE_ADIE or MT7976_ONE_ADIE. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix oops on non-dbdc mt7986 mt7915_band_config() sets band_idx = 1 on the main phy for mt7986 with MT7975_ONE_ADIE or MT7976_ONE_ADIE. ... • https://git.kernel.org/stable/c/d2defcddfe90b3be0cfccc2482495ab1fb759586 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47714 – wifi: mt76: mt7996: use hweight16 to get correct tx antenna
https://notcve.org/view.php?id=CVE-2024-47714
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant. Without this patch, the tx_ant of band 2 would be -1 and lead to the following issue: BUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e] In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmas... • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47713 – wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
https://notcve.org/view.php?id=CVE-2024-47713
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do... • https://git.kernel.org/stable/c/5061b0c2b9066de426fbc63f1278d2210e789412 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-47712 – wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
https://notcve.org/view.php?id=CVE-2024-47712
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF... • https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47711 – af_unix: Don't return OOB skb in manage_oob().
https://notcve.org/view.php?id=CVE-2024-47711
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't return OOB skb in manage_oob(). syzbot reported use-after-free in unix_stream_recv_urg(). [0] The scenario is 1. send(MSG_OOB) 2. recv(MSG_OOB) -> The consumed OOB remains in recv queue 3. send(MSG_OOB) 4. recv() -> manage_oob() returns the next skb of the consumed OOB -> This is also OOB, but unix_sk(sk)->oob_skb is not cleared 5. • https://git.kernel.org/stable/c/93c99f21db360957d49853e5666b5c147f593bda •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47710 – sock_map: Add a cond_resched() in sock_hash_free()
https://notcve.org/view.php?id=CVE-2024-47710
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets is destroyed, we need to yield the cpu when needed. In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large numb... • https://git.kernel.org/stable/c/5bed77b0a2a0e6b6bc0ae8e851cafb38ef0374df •