CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38596 – af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
https://notcve.org/view.php?id=CVE-2024-38596
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_send... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38591 – RDMA/hns: Fix deadlock on SRQ async events.
https://notcve.org/view.php?id=CVE-2024-38591
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/ xa_erase_irq() to avoid deadlock. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/hns: corrige el punto muerto en eventos asíncronos de SRQ. Es posible que se requiera xa_lock para la tabla SRQ en AEQ. Utilice xa_store_irq()/ xa_erase_irq() para evitar un punto muerto. • https://git.kernel.org/stable/c/81fce6291d9999cee692e4118134a8c850b60857 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38589 – netrom: fix possible dead-lock in nr_rt_ioctl()
https://notcve.org/view.php?id=CVE-2024-38589
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: possible circular locking dependency detected 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted ------------------------------------------------------ syz-executor350/5129 is trying to acquire lock: ffff8880186e2070 (&nr_node->node_l... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38588 – ftrace: Fix possible use-after-free issue in ftrace_location()
https://notcve.org/view.php?id=CVE-2024-38588
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace:
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38587 – speakup: Fix sizeof() vs ARRAY_SIZE() bug
https://notcve.org/view.php?id=CVE-2024-38587
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got out of bounds. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Speakup: corrige el error sizeof() vs ARRAY_SIZE() El puntero "buf" es una matriz de valores u16. Este código debería usar ARRAY_SIZE() (que es 256) en lu... • https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38583 – nilfs2: fix use-after-free of timer for log writer thread
https://notcve.org/view.php?id=CVE-2024-38583
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported ... • https://git.kernel.org/stable/c/fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38582 – nilfs2: fix potential hang in nilfs_detach_log_writer()
https://notcve.org/view.php?id=CVE-2024-38582
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut d... • https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38581 – drm/amdgpu/mes: fix use-after-free issue
https://notcve.org/view.php?id=CVE-2024-38581
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu/mes: soluciona el problema de use-after-free. Elimina el temporizador de reserva de valla para solucionar el problema de use-after-free. v2: pasar a amdgpu_mes.c A flaw was found in the Linux kernel. This issue is due to a possible use... • https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38580 – epoll: be better about file lifetimes
https://notcve.org/view.php?id=CVE-2024-38580
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless. Make sure we have a vali... • https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e •
CVSS: 5.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38579 – crypto: bcm - Fix pointer arithmetic
https://notcve.org/view.php?id=CVE-2024-38579
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key_len to hash_iv_len. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: bcm - Arreglar la aritmética de punteros En spu2_dump_omd() el valor de ... • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •