CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42105 – nilfs2: fix inode number range checks
https://notcve.org/view.php?id=CVE-2024-42105
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default... • https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42104 – nilfs2: add missing check for inode numbers on directory entries
https://notcve.org/view.php?id=CVE-2024-42104
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile... • https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42103 – btrfs: fix adding block group to a reclaim list and the unused list during reclaim
https://notcve.org/view.php?id=CVE-2024-42103
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block group is removed from the reclaim list and it is on a relocation work, it can be added into the unused list in parallel. When that happens, adding it to the reclaim list will corrupt the list head and trigger list corruption like bel... • https://git.kernel.org/stable/c/2311fd03027d2c1b2ac4a3a41153a16352659b65 •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-42102 – Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
https://notcve.org/view.php?id=CVE-2024-42102
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. • https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42101 – drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
https://notcve.org/view.php?id=CVE-2024-42101
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. A flaw was found in the Linux kernel’s nouveau module. The return value of the drm_mode_duplicate function is not checked in the nouveau_connector_get_modes f... • https://git.kernel.org/stable/c/6ee738610f41b59733f63718f0bdbcba7d3a3f12 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52888 – media: mediatek: vcodec: Only free buffer VA that is not NULL
https://notcve.org/view.php?id=CVE-2023-52888
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: v... • https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42098 – crypto: ecdh - explicitly zeroize private_key
https://notcve.org/view.php?id=CVE-2024-42098
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the enti... • https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42097 – ALSA: emux: improve patch ioctl data validation
https://notcve.org/view.php?id=CVE-2024-42097
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified patch length matches the actually supplied data, like load_data() already did. In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of an... • https://git.kernel.org/stable/c/40d7def67841343c10f8642a41031fecbb248bab •
CVSS: 5.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42096 – x86: stop playing stack games in profile_pc()
https://notcve.org/view.php?id=CVE-2024-42096
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to account the time spent in spinlocks to the caller rather than the spinlock, and while I support that as a concept, it's not worth the code complexity... • https://git.kernel.org/stable/c/65ebdde16e7f5da99dbf8a548fb635837d78384e • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42095 – serial: 8250_omap: Implementation of Errata i2310
https://notcve.org/view.php?id=CVE-2024-42095
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23 In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can... • https://git.kernel.org/stable/c/9443acbd251f366804b20a27be72ba67df532cb1 •