CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42120 – drm/amd/display: Check pipe offset before setting vblank
https://notcve.org/view.php?id=CVE-2024-42120
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coveri... • https://git.kernel.org/stable/c/b2e9abc95583ac7bbb2c47da4d476a798146dfd6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42119 – drm/amd/display: Skip finding free audio for unknown engine_id
https://notcve.org/view.php?id=CVE-2024-42119
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Skip and return NULL. This fixes 2 OVERRUN issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and c... • https://git.kernel.org/stable/c/9eb4db08a808e3a3ba59193aeb84a57a6dc4d8c9 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42118 – drm/amd/display: Do not return negative stream id for array
https://notcve.org/view.php?id=CVE-2024-42118
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return negative stream id for array [WHY] resource_stream_to_stream_idx returns an array index and it return -1 when not found; however, -1 is not a valid array index number. [HOW] When this happens, call ASSERT(), and return a zero instead. This fixes an OVERRUN and an NEGATIVE_RETURNS issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not return nega... • https://git.kernel.org/stable/c/a76fa9c4f0fc0aa6f517da3fa7d7c23e8a32c7d0 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42117 – drm/amd/display: ASSERT when failing to find index by plane/stream id
https://notcve.org/view.php?id=CVE-2024-42117
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: ASSERT when failing to find index by plane/stream id [WHY] find_disp_cfg_idx_by_plane_id and find_disp_cfg_idx_by_stream_id returns an array index and they return -1 when not found; however, -1 is not a valid index number. [HOW] When this happens, call ASSERT(), and return a positive number (which is fewer than callers' array size) instead. This fixes 4 OVERRUN and 2 NEGATIVE_RETURNS issues reported by Coverity. In the Linu... • https://git.kernel.org/stable/c/a9c047a5cf3135b8b66bd28fbe2c698b9cace0b3 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42115 – jffs2: Fix potential illegal address access in jffs2_free_inode
https://notcve.org/view.php?id=CVE-2024-42115
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR = 0x96000004 [ 2430.650115] EC = 0x25: DABT (current EL), IL = 32 bits [ 2430.650564] SET = 0, FnV = 0 [ 2430.650795] EA = 0, S1PTW = 0 [ 2430.6... • https://git.kernel.org/stable/c/b6c8b3e31eb88c85094d848a0bd8b4bafe67e4d8 •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42114 – wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values
https://notcve.org/view.php?id=CVE-2024-42114
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM") watchdog: BUG: soft lockup - CPU#1 stuck for 26s! [kworker/1:0:24] Modules linked in: irq event stamp: 131135 hardirqs last enabled at (131134): [
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42110 – net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
https://notcve.org/view.php?id=CVE-2024-42110
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Ha... • https://git.kernel.org/stable/c/548c237c0a9972df5d1afaca38aa733ee577128d • CWE-372: Incomplete Internal State Distinction •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42109 – netfilter: nf_tables: unconditionally flush pending work before notifier
https://notcve.org/view.php?id=CVE-2024-42109
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831 KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530 KASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597 Read of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45 [..] Workqueue: events nf_tables_trans_destroy_w... • https://git.kernel.org/stable/c/f22954f8c58fd5f5489f5980796914e306757e77 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42107 – ice: Don't process extts if PTP is disabled
https://notcve.org/view.php?id=CVE-2024-42107
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic. Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs. To fix this, modify the ice_ptp_extts_... • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42106 – inet_diag: Initialize pad field in struct inet_diag_req_v2
https://notcve.org/view.php?id=CVE-2024-42106
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup(... • https://git.kernel.org/stable/c/432490f9d455fb842d70219f22d9d2c812371676 •