CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46717 – net/mlx5e: SHAMPO, Fix incorrect page release
https://notcve.org/view.php?id=CVE-2024-46717
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the last page fragment of a SHAMPO header page) a new skb is formed with a page that is NOT a SHAMPO header page (it is a regular data page). Further down in the same function (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page fr... • https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46716 – dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
https://notcve.org/view.php?id=CVE-2024-46716
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first n... • https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46715 – driver: iio: add missing checks on iio_info's callback access
https://notcve.org/view.php?id=CVE-2024-46715
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute [...] [ 2203.783416] Call trace: [ 2203.783429] iio_read_channel_info_avail from dev_att... • https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46714 – drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
https://notcve.org/view.php?id=CVE-2024-46714
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case. This fixes 4 NULL_RETURNS issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e... • https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46713 – perf/aux: Fix AUX buffer serialization
https://notcve.org/view.php?id=CVE-2024-46713
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch. In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported t... • https://git.kernel.org/stable/c/45bfb2e50471abbbfd83d40d28c986078b0d24ff • CWE-662: Improper Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-46712 – drm/vmwgfx: Disable coherent dumb buffers without 3d
https://notcve.org/view.php?id=CVE-2024-46712
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra work they're doing to synchronize between guest and host useless. Configurations without 3d also tend to run with very low graphics memory limits. The pinned console fb, mob cursors and graphical login manager tend t... • https://git.kernel.org/stable/c/af6441e6f3d41e95bfc5bfc11960c259bb4f0f11 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46711 – mptcp: pm: fix ID 0 endp usage after multiple re-creations
https://notcve.org/view.php?id=CVE-2024-46711
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initial subflows are known from the beginning: they don't count as "additional local address being used" or "ADD_ADDR being accepted". It is then required not to increment them when the entrypoint used by the initial su... • https://git.kernel.org/stable/c/3ad14f54bd7448384458e69f0183843f683ecce8 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46710 – drm/vmwgfx: Prevent unmapping active read buffers
https://notcve.org/view.php?id=CVE-2024-46710
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of act... • https://git.kernel.org/stable/c/485d98d472d53f9617ffdfba5e677ac29ad4fe20 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46709 – drm/vmwgfx: Fix prime with external buffers
https://notcve.org/view.php?id=CVE-2024-46709
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dma_buf interface instead of trying to access pages directly. External buffers might not provide direct access to readable/writable pages so to make sure the bo's created from external dma_bufs can be read dma_buf interface has to be used. Fixes crashes in IGT's kms_prime with vgem. Regular desktop usage won't trigger this due to the fac... • https://git.kernel.org/stable/c/65674218b43f2dd54587ab2b06560e17c30d8b41 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46708 – pinctrl: qcom: x1e80100: Fix special pin offsets
https://notcve.org/view.php?id=CVE-2024-46708
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended state changes to take effect. In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: x1e80100: Fix special pin offsets Remove the erroneus 0x100000 offset to prevent the boards from crashing on pin state setting, as well as for the intended stat... • https://git.kernel.org/stable/c/05e4941d97ef05ddaa742a57301daab8a2f7db5b •