CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42076 – net: can: j1939: Initialize unused data in j1939_send_one()
https://notcve.org/view.php?id=CVE-2024-42076
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one() creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue. Fix this by initializing unused data. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42073 – mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
https://notcve.org/view.php?id=CVE-2024-42073
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems The following two shared buffer operations make use of the Shared Buffer Status Register (SBSR): # devlink sb occupancy snapshot pci/0000:01:00.0 # devlink sb occupancy clearmax pci/0000:01:00.0 The register has two masks of 256 bits to denote on which ingress / egress ports the register should operate on. Spectrum-4 has more than 256 ports, so the register was extended b... • https://git.kernel.org/stable/c/f8538aec88b46642553a9ba9efa0952f5958dbed •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42070 – netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
https://notcve.org/view.php?id=CVE-2024-42070
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers. This vulnerability allows... • https://git.kernel.org/stable/c/96518518cc417bb0a8c80b9fb736202e28acdf96 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42068 – bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
https://notcve.org/view.php?id=CVE-2024-42068
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_memory_ro() can fail, leaving memory unprotected. Check its return and take it into account as an error. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several securi... • https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42067 – bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()
https://notcve.org/view.php?id=CVE-2024-42067
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() set_memory_rox() can fail, leaving memory unprotected. Check return and bail out when bpf_jit_binary_lock_ro() returns an error. In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() set_memory_rox() can fail, leaving memory unprotected. Check return and bail out wh... • https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42064 – drm/amd/display: Skip pipe if the pipe idx not set properly
https://notcve.org/view.php?id=CVE-2024-42064
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes when pipe idx not set properly [how] Add code to skip the pipe that idx not set properly In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes when pipe idx not set properly [how] Add code to skip the pipe that idx not set properly • https://git.kernel.org/stable/c/27df59c6071470efce7182ee92fbb16afba551e0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42063 – bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
https://notcve.org/view.php?id=CVE-2024-42063
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode syzbot reported uninit memory usages during map_{lookup,delete}_elem. ========== BUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] BUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 ____bpf_map_loo... • https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5 •
CVSS: 0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52887 – net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new
https://notcve.org/view.php?id=CVE-2023-52887
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end ... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41098 – ata: libata-core: Fix null pointer dereference on error
https://notcve.org/view.php?id=CVE-2024-41098
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ata_port_alloc() call in ata_host_alloc() fails, ata_host_release() will get called. However, the code in ata_host_release() tries to free ata_port struct members unconditionally, which can lead to the following: BUG: unable to handle page fault for address: 0000000000003990 PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 10 PID: 594 Comm: (udev-worker) Not tainted 6.10... • https://git.kernel.org/stable/c/633273a3ed1cf37ced90475b0f95cf81deab04f1 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41097 – usb: atm: cxacru: fix endpoint checking in cxacru_bind()
https://notcve.org/view.php?id=CVE-2024-41097
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usb_submit_urb(). Fix the issue by verifying that required endpoint types are present for both in and out endpoints, taking into account cmd endpoint type. Unfortunately,... • https://git.kernel.org/stable/c/902ffc3c707c1d459ea57428a619a807cbe412f9 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •