CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42237 – firmware: cs_dsp: Validate payload length before processing block
https://notcve.org/view.php?id=CVE-2024-42237
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it. In the Linux... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42236 – usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
https://notcve.org/view.php?id=CVE-2024-42236
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str[0 - 1] == '\n') followed closely by an OOB write in the form `str[0 - 1] = '\0'`. There is already a validating check to catch strings that are too long. Let's supply an additional check for invalid strings that are too short. In the... • https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42232 – libceph: fix race between delayed_work() and ceph_monc_stop()
https://notcve.org/view.php?id=CVE-2024-42232
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hu... • https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42230 – powerpc/pseries: Fix scv instruction crash with kexec
https://notcve.org/view.php?id=CVE-2024-42230
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry location that crashes the kernel. Change the kexec sequence to disable AIL after other CPUs have been brought down. As a refresher, the real-mode scv ... • https://git.kernel.org/stable/c/7fa95f9adaee7e5cbb195d3359741120829e488b •
CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42229 – crypto: aead,cipher - zeroize key buffer after use
https://notcve.org/view.php?id=CVE-2024-42229
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies t... • https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42228 – drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
https://notcve.org/view.php?id=CVE-2024-42228
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate value of 0xffffffff.(Christian) A vulnerability was found in the Linux kernel's amdgpu driver in the amdgpu_vce_ring_parse_cs() function where the size variable is initialized with a pointer that may not be pr... • https://git.kernel.org/stable/c/d35cf41c8eb5d9fe95b21ae6ee2910f9ba4878e8 • CWE-457: Use of Uninitialized Variable •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42227 – drm/amd/display: Fix overlapping copy within dml_core_mode_programming
https://notcve.org/view.php?id=CVE-2024-42227
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lead to unexpected behavior. [HOW] memmove should be used. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix overlapping copy within dml_core_mode_programming [WHY] &mode_lib->mp.Watermark and &locals->Watermark are the same address. memcpy may lea... • https://git.kernel.org/stable/c/9342da15f2491d8600eca89c8e0da08876fb969b •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42225 – wifi: mt76: replace skb_put with skb_put_zero
https://notcve.org/view.php?id=CVE-2024-42225
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data A potential flaw was found in the Linux kernel’s MediaTek WiFi, where it was reusing uninitialized data. This flaw allows a local user to gain unauthorized access to some data potentially. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled befor... • https://git.kernel.org/stable/c/dc7f14d00d0c4c21898f3504607f4a31079065a2 • CWE-457: Use of Uninitialized Variable •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42224 – net: dsa: mv88e6xxx: Correct check for empty list
https://notcve.org/view.php?id=CVE-2024-42224
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, u... • https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42223 – media: dvb-frontends: tda10048: Fix integer overflow
https://notcve.org/view.php?id=CVE-2024-42223
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new ... • https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a •