CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44987 – ipv6: prevent UAF in ip6_send_skb()
https://notcve.org/view.php?id=CVE-2024-44987
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has been fixed in commit a688caa34beb ("ipv6: take rcu lock in rawv6_send_hdrinc()") Another potential issue in ip6_finish_output2() is handled in a separate patch. [1] BUG: KASAN: slab-use-after-free in ip6_send_skb+0x18d/0x230 net/ipv6/i... • https://git.kernel.org/stable/c/0625491493d9000e4556bf566d205c28c8e7dc4e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44986 – ipv6: fix possible UAF in ip6_finish_output2()
https://notcve.org/view.php?id=CVE-2024-44986
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive. In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also hav... • https://git.kernel.org/stable/c/5796015fa968a3349027a27dcd04c71d95c53ba5 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44985 – ipv6: prevent possible UAF in ip6_xmit()
https://notcve.org/view.php?id=CVE-2024-44985
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_read_lock() to prevent a possible UAF. In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UAF in ip6_xmit() If skb_expand_head() returns NULL, skb has been freed and the associated dst/idev could also have been freed. We must use rcu_rea... • https://git.kernel.org/stable/c/0c9f227bee11910a49e1d159abe102d06e3745d5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44984 – bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2024-44984
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping. This bug causes the warning: WARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100 CPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G W 6.8.0-1010-gcp #11-Ubuntu Hardware name: Dell Inc. PowerEdge R7525/0P... • https://git.kernel.org/stable/c/578fcfd26e2a1d0e687b347057959228567e2af8 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44983 – netfilter: flowtable: validate vlan header
https://notcve.org/view.php?id=CVE-2024-44983
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/netfi... • https://git.kernel.org/stable/c/4cd91f7c290f64fe430867ddbae10bff34657b6a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44982 – drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
https://notcve.org/view.php?id=CVE-2024-44982
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up. This ends up leaking the pin_count on the GEM object and causes a splat during DRM file closure: msm_obj->pin_count WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc [...] Call trace: update_lru_locked+0xc4/0xcc put_pages+0xac/0x100 msm_gem_free_object+0x138/0... • https://git.kernel.org/stable/c/25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44981 – workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask()
https://notcve.org/view.php?id=CVE-2024-44981
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Hardware name: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN -UAO -T... • https://git.kernel.org/stable/c/1211f3b21c2aa0d22d8d7f050e3a5930a91cd0e4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44980 – drm/xe: Fix opregion leak
https://notcve.org/view.php?id=CVE-2024-44980
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix opregion leak Being part o the display, ideally the setup and cleanup would be done by display itself. However this is a bigger refactor that needs to be done on both i915 and xe. For now, just fix the leak: unreferenced object 0xffff8881a0300008 (size 192): comm "modprobe", pid 4354, jiffies 4295647021 hex dump (first 32 bytes): 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............ 18 81 9b 00 00 c9 ff ff 00 00 00 00... • https://git.kernel.org/stable/c/44e694958b95395bd1c41508c88c8ca141bf9bd7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44979 – drm/xe: Fix missing workqueue destroy in xe_gt_pagefault
https://notcve.org/view.php?id=CVE-2024-44979
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and access counter workqueues. Add those destroy calls here. (cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b) In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and ac... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44978 – drm/xe: Free job before xe_exec_queue_put
https://notcve.org/view.php?id=CVE-2024-44978
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f) In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy th... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •