CVSS: 5.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41056 – firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files
https://notcve.org/view.php?id=CVE-2024-41056
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size array. cs_dsp should protect against overrunning the array if the NUL terminator is missing. In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41055 – mm: prevent derefencing NULL ptr in pfn_section_valid()
https://notcve.org/view.php?id=CVE-2024-41055
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it. In the Linux kernel, the ... • https://git.kernel.org/stable/c/90ad17575d26874287271127d43ef3c2af876cea • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41050 – cachefiles: cyclic allocation of msg_id to avoid reuse
https://notcve.org/view.php?id=CVE-2024-41050
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3 ------------------------------------------------- cachefiles_ondemand_select_req cachefiles_ondemand_object_is_close(A) cachefiles_ondemand_set_object_reopening(A) queue_work(fscache_object_wq, &info->work) ondemand_object_work... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41049 – filelock: fix potential use-after-free in posix_lock_inode
https://notcve.org/view.php?id=CVE-2024-41049
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen. In the Linux kernel, t... • https://git.kernel.org/stable/c/117fb80cd1e63c419c7a221ce070becb4bfc7b6d • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41048 – skmsg: Skip zero length skb in sk_msg_recvmsg
https://notcve.org/view.php?id=CVE-2024-41048
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm: test_progs Tainted: G OE 6.10.0-rc2+ #18 Hardware name: LOONGSON Dabieshan/Loongson-TC542F0, BIOS Loongson-UDK2018 ... ... ra: 90000000048bf6c0 sk_msg_recvmsg+0x120/0x560 ERA: 9000000004162774 copy_page_to_iter+0x74/0x1c0 CRMD: 000000b0 (P... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: 1.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41047 – i40e: Fix XDP program unloading while removing the driver
https://notcve.org/view.php?id=CVE-2024-41047
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 ("i40e: Fix reset path while removing the driver") introduced a new PF state "__I40E_IN_REMOVE" to block modifying the XDP program while the driver is being removed. Unfortunately, such a change is useful only if the ".ndo_bpf()" callback was called out of the rmmod context because unloading the existing XDP program is also a part of driver removing procedure.... • https://git.kernel.org/stable/c/b82364abc54b19829b26459989d2781fc4822c28 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41046 – net: ethernet: lantiq_etop: fix double free in detach
https://notcve.org/view.php?id=CVE-2024-41046
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times. Ubuntu S... • https://git.kernel.org/stable/c/504d4721ee8e432af4b5f196a08af38bc4dac5fe •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41045 – bpf: Defer work in bpf_timer_cancel_and_free
https://notcve.org/view.php?id=CVE-2024-41045
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, freeing map elements containing timers. Since this relies on hrtimer_cancel as well, it is prone to the same deadlock situation as the previous patch. It would be sufficient to use hrtimer_try_to_cancel to fix this problem, as the time... • https://git.kernel.org/stable/c/b00628b1c7d595ae5b544e059c27b1f5828314b4 •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41044 – ppp: reject claimed-as-LCP but actually malformed packets
https://notcve.org/view.php?id=CVE-2024-41044
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise. In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'p... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41042 – netfilter: nf_tables: prefer nft_chain_validate
https://notcve.org/view.php?id=CVE-2024-41042
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps via ->validate callback in nft_lookup, so there appears no reason to iterate the maps again. nf_tables_check_loops() and all its helper functions can be removed. This improves ruleset load time significantly, from 23s down to 12s. Thi... • https://git.kernel.org/stable/c/20a69341f2d00cd042e81c82289fba8a13c05a25 • CWE-121: Stack-based Buffer Overflow •