CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42284 – tipc: Return non-zero value from tipc_udp_addr2str() on error
https://notcve.org/view.php?id=CVE-2024-42284
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 • CWE-393: Return of Wrong Status Code •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42283 – net: nexthop: Initialize all fields in dumped nexthops
https://notcve.org/view.php?id=CVE-2024-42283
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len=12, nla_type=NHA_GROUP}, [{id=1, weight=0, re... • https://git.kernel.org/stable/c/430a049190de3c9e219f43084de9f1122da04570 • CWE-456: Missing Initialization of a Variable •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42281 – bpf: Fix a segment issue when downgrading gso_size
https://notcve.org/view.php?id=CVE-2024-42281
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/2be7e212d5419a400d051c84ca9fdd083e5aacac •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42280 – mISDN: Fix a use after free in hfcmulti_tx()
https://notcve.org/view.php?id=CVE-2024-42280
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of servic... • https://git.kernel.org/stable/c/af69fb3a8ffa37e986db00ed93099dc44babeef4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42279 – spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer
https://notcve.org/view.php?id=CVE-2024-42279
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer While transmitting with rx_len == 0, the RX FIFO is not going to be emptied in the interrupt handler. A subsequent transfer could then read crap from the previous transfer out of the RX FIFO into the start RX buffer. The core provides a register that will empty the RX and TX FIFOs, so do that before each transfer. Ubuntu Security Notice 7156-1 - Chenyuan Yang dis... • https://git.kernel.org/stable/c/9ac8d17694b66d54b13e9718b25c14ca36dbebbd •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42278 – ASoC: TAS2781: Fix tasdev_load_calibrated_data()
https://notcve.org/view.php?id=CVE-2024-42278
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: TAS2781: Fix tasdev_load_calibrated_data() This function has a reversed if statement so it's either a no-op or it leads to a NULL dereference. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the ... • https://git.kernel.org/stable/c/57847c2ec5fb5e951fe9028f9e587e3e878d9129 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42277 – iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
https://notcve.org/view.php?id=CVE-2024-42277
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference. Found by Linux Verification Center (linuxtesting.org) with SVACE. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 ... • https://git.kernel.org/stable/c/92c089a931fd3939cd32318cf4f54e69e8f51a19 •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42276 – nvme-pci: add missing condition check for existence of mapped data
https://notcve.org/view.php?id=CVE-2024-42276
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: add missing condition check for existence of mapped data nvme_map_data() is called when request has physical segments, hence the nvme_unmap_data() should have same condition to avoid dereference. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bi... • https://git.kernel.org/stable/c/4aedb705437f6f98b45f45c394e6803ca67abd33 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52889 – apparmor: Fix null pointer deref when receiving skb during sock creation
https://notcve.org/view.php?id=CVE-2023-52889
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before that, causing the null pointer dereference. Drop the packet if label context is not set. BUG: kernel NULL pointer dereference, address: ... • https://git.kernel.org/stable/c/ab9f2115081ab7ba63b77a759e0f3eb5d6463d7f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42274 – Revert "ALSA: firewire-lib: operate for period elapse event in process context"
https://notcve.org/view.php?id=CVE-2024-42274
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead. With RME Fireface 800, this lead to a regression since Kernels 5.14.0, causing an AB/BA deadlock competition for the substream lock with ev... • https://git.kernel.org/stable/c/7ba5ca32fe6e8d2e153fb5602997336517b34743 •