CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46704 – workqueue: Fix spruious data race in __flush_work()
https://notcve.org/view.php?id=CVE-2024-46704
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix spruious data race in __flush_work() When flushing a work item for cancellation, __flush_work() knows that it exclusively owns the work item through its PENDING bit. 134874e2eee9 ("workqueue: Allow cancel_work_sync() and disable_work() from atomic contexts on BH work items") added a read of @work->data to determine whether to use busy wait for BH work items that are being canceled. While the read is safe when @from_cancel, @w... • https://git.kernel.org/stable/c/134874e2eee9380c2700411d4844cbc29297bc01 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46703 – Revert "serial: 8250_omap: Set the console genpd always on if no console suspend"
https://notcve.org/view.php?id=CVE-2024-46703
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdeaf940. Kevin reported that this causes a crash during suspend on platforms that dont use PM domains. In the Linux kernel, the following vulnerability has been resolved: Revert "serial: 8250_omap: Set the console genpd always on if no console suspend" This reverts commit 68e6939ea9ec3d6579eadeab16060339cdea... • https://git.kernel.org/stable/c/68e6939ea9ec3d6579eadeab16060339cdeaf940 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46702 – thunderbolt: Mark XDomain as unplugged when router is removed
https://notcve.org/view.php?id=CVE-2024-46702
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is due to fact that the Thunderbolt networking driver also tries to cleanup the paths and ends up blocking in tb_disconnect_xdomain_paths() waiting... • https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46701 – libfs: fix infinite directory reads for offset dir
https://notcve.org/view.php?id=CVE-2024-46701
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: libfs: fix infinite directory reads for offset dir After we switch tmpfs dir operations from simple_dir_operations to simple_offset_dir_operations, every rename happened will fill new dentry to dest dir's maple tree(&SHMEM_I(inode)->dir_offsets->mt) with a free key starting with octx->newx_offset, and then set newx_offset equals to free key + 1. This will lead to infinite readdir combine with rename happened at the same time, which fail gen... • https://git.kernel.org/stable/c/a2e459555c5f9da3e619b7e47a63f98574dc75f1 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46699 – drm/v3d: Disable preemption while updating GPU stats
https://notcve.org/view.php?id=CVE-2024-46699
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable preemption while updating GPU stats We forgot to disable preemption around the write_seqcount_begin/end() pair while updating GPU stats: [ ] WARNING: CPU: 2 PID: 12 at include/linux/seqlock.h:221 __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] Workqueue: v3d_bin drm_sched_run_job_work [gpu_sched] <...snip...> [ ] Call trace: [ ] __seqprop_assert.isra.0+0x128/0x150 [v3d] [ ] v3d_job_start_stats.isra.0+0x90/0x218 [v3d] [ ] v3d_... • https://git.kernel.org/stable/c/6abe93b621ab12e93cf0eb7e42a609b36be32da1 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46698 – video/aperture: optionally match the device in sysfb_disable()
https://notcve.org/view.php?id=CVE-2024-46698
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfb_disable() In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by apert... • https://git.kernel.org/stable/c/5ae3716cfdcd286268133867f67d0803847acefc •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46697 – nfsd: ensure that nfsd4_fattr_args.context is zeroed out
https://notcve.org/view.php?id=CVE-2024-46697
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto out" before we get to checking for the security label, then args.context will be set to uninitialized junk on the stack, which we'll then try to free. Initialize it early. In the Linux kernel, the following vulnerability has been resolved: nfsd: ensure that nfsd4_fattr_args.context is zeroed out If nfsd4_encode_fattr4 ends up doing a "goto ... • https://git.kernel.org/stable/c/f59388a579c6a395de8f7372b267d3abecd8d6bf • CWE-457: Use of Uninitialized Variable •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46696 – nfsd: fix potential UAF in nfsd4_cb_getattr_release
https://notcve.org/view.php?id=CVE-2024-46696
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last. In the Linux kernel, the following vulnerability has been resolved: nfsd: fix potential UAF in nfsd4_cb_getattr_release Once we drop the delegation reference, the fields embedded in it are no longer safe to access. Do that last. • https://git.kernel.org/stable/c/c5967721e1063648b0506481585ba7e2e49a075e •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46695 – selinux,smack: don't bypass permissions check in inode_setsecctx hook
https://notcve.org/view.php?id=CVE-2024-46695
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the... • https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46694 – drm/amd/display: avoid using null object of framebuffer
https://notcve.org/view.php?id=CVE-2024-46694
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. (cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Inste... • https://git.kernel.org/stable/c/5d945cbcd4b16a29d6470a80dfb19738f9a4319f •