CVE-2024-42285 – RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
https://notcve.org/view.php?id=CVE-2024-42285
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished. • https://git.kernel.org/stable/c/59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6 https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574 https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79 https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6 https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0e •
CVE-2024-42284 – tipc: Return non-zero value from tipc_udp_addr2str() on error
https://notcve.org/view.php?id=CVE-2024-42284
In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8 https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69 https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813 https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28 https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0 • CWE-393: Return of Wrong Status Code •
CVE-2024-42281 – bpf: Fix a segment issue when downgrading gso_size
https://notcve.org/view.php?id=CVE-2024-42281
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. • https://git.kernel.org/stable/c/2be7e212d5419a400d051c84ca9fdd083e5aacac https://git.kernel.org/stable/c/a689f5eb13a90f892a088865478b3cd39f53d5dc https://git.kernel.org/stable/c/dda518dea60d556a2d171c0122ca7d9fdb7d473a https://git.kernel.org/stable/c/f6bb8c90cab97a3e03f8d30e3069efe6a742e0be https://git.kernel.org/stable/c/11ec79f5c7f74261874744039bc1551023edd6b2 https://git.kernel.org/stable/c/c3496314c53e7e82ddb544c825defc3e8c0e45cf https://git.kernel.org/stable/c/ec4eea14d75f7b0491194dd413f540dd19b8c733 https://git.kernel.org/stable/c/fa5ef655615a01533035c6139248c5b33 •
CVE-2024-42280 – mISDN: Fix a use after free in hfcmulti_tx()
https://notcve.org/view.php?id=CVE-2024-42280
In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). • https://git.kernel.org/stable/c/af69fb3a8ffa37e986db00ed93099dc44babeef4 https://git.kernel.org/stable/c/70db2c84631f50e02e6b32b543700699dd395803 https://git.kernel.org/stable/c/d3e4d4a98c5629ccdcb762a0ff6c82ba9738a0c3 https://git.kernel.org/stable/c/9460ac3dd1ae033bc2b021a458fb535a0c36ddb2 https://git.kernel.org/stable/c/8f4030277dfb9dbe04fd78566b19931097c9d629 https://git.kernel.org/stable/c/4d8b642985ae24f4b3656438eb8489834a17bb80 https://git.kernel.org/stable/c/ddc79556641ee070d36be0de4a1f0a16a71f1fc7 https://git.kernel.org/stable/c/7e4a539bca7d8d20f2c5d93c18cce8ef7 •
CVE-2024-42276 – nvme-pci: add missing condition check for existence of mapped data
https://notcve.org/view.php?id=CVE-2024-42276
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference. • https://git.kernel.org/stable/c/4aedb705437f6f98b45f45c394e6803ca67abd33 https://git.kernel.org/stable/c/3f8ec1d6b0ebd8268307d52be8301973fa5a01ec https://git.kernel.org/stable/c/be23ae63080e0bf9e246ab20207200bca6585eba https://git.kernel.org/stable/c/7cc1f4cd90a00b6191cb8cda2d1302fdce59361c https://git.kernel.org/stable/c/d135c3352f7c947a922da93c8e763ee6bc208b64 https://git.kernel.org/stable/c/77848b379e9f85a08048a2c8b3b4a7e8396f5f83 https://git.kernel.org/stable/c/70100fe721840bf6d8e5abd25b8bffe4d2e049b7 https://git.kernel.org/stable/c/c31fad1470389666ac7169fe43aa65bf5 • CWE-476: NULL Pointer Dereference •