CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46853 – spi: nxp-fspi: fix the KASAN report out-of-bounds bug
https://notcve.org/view.php?id=CVE-2024-46853
27 Sep 2024 — dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr ffff00081037c2a0 by task dd/455 [ 36.946721] [ 36.948235] CPU: 3 UID: 0 PID: 455 Comm: dd Not tainted 6.11.0-rc5-gc7b0e37c8434 #1070 [ 36.956185] Hardware name: Freescale i.MX8QM MEK (DT) [ 36.961260] Call trace: [ 36.963723] dump_backtrace+0x90/0xe8 [ 36.967414] show_stack+0x18/0x24 [ 36.970749... • https://git.kernel.org/stable/c/a5356aef6a907c2e2aed0caaa2b88b6021394471 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46852 – dma-buf: heaps: Fix off-by-one in CMA heap fault handler
https://notcve.org/view.php?id=CVE-2024-46852
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal. In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler ... • https://git.kernel.org/stable/c/a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46851 – drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct()
https://notcve.org/view.php?id=CVE-2024-46851
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. ... (cherry picked from commit a3cc326a43bdc48fbdf53443e1027a03e309b643) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. ... (cher... • https://git.kernel.org/stable/c/06ad7e16425619a4a77154c2e85bededb3e04a4f •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46850 – drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct()
https://notcve.org/view.php?id=CVE-2024-46850
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. ... (cherry picked from commit 0607a50c004798a96e62c089a4c34c220179dcb5) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the DC state. ... (cher... • https://git.kernel.org/stable/c/06ad7e16425619a4a77154c2e85bededb3e04a4f •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46849 – ASoC: meson: axg-card: fix 'use-after-free'
https://notcve.org/view.php?id=CVE-2024-46849
27 Sep 2024 — Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm: modprobe Tainted: G O 6.9.12-sdkernel #1 Call trace: dump_backtrace+0x94/0xec show_stack+0x18/0x24 dump_stack_lvl+0x78/0x90 print_report+0xfc/0x5c0 kasan_report+0xb8/0xfc __asan_load8+0x9c/0xb8 axg_card_add_link+0x76c/0x9bc [snd_soc_meson_axg_sound_card] meson_card_probe+0x344/0... • https://git.kernel.org/stable/c/7864a79f37b55769b817d5e6c5ae0ca4bfdba93b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46848 – perf/x86/intel: Limit the period on Haswell
https://notcve.org/view.php?id=CVE-2024-46848
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! ... • https://git.kernel.org/stable/c/3a632cb229bfb18b6d09822cc842451ea46c013e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46847 – mm: vmalloc: ensure vmap_block is initialised before adding to queue
https://notcve.org/view.php?id=CVE-2024-46847
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291fd850 ("mm: fix incorrect vbq reference in purge_fragmented_block") extended the 'vmap_block' structure to contain a 'cpu' field which is set at allocation time to the id of the initialising CPU. In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmap_block is initialised before adding to queue Commit 8c61291... • https://git.kernel.org/stable/c/88e0ad40d08a73a74c597e69f4cd2d1fba3838b5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46846 – spi: rockchip: Resolve unbalanced runtime PM / system PM handling
https://notcve.org/view.php?id=CVE-2024-46846
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("s... • https://git.kernel.org/stable/c/e882575efc771f130a24322377dc1033551da11d •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46845 – tracing/timerlat: Only clear timer if a kthread exists
https://notcve.org/view.php?id=CVE-2024-46845
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. ... In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Only clear timer if a kthread exists The timerlat tracer can use user space threads to check for osnoise and timer latency. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/e88ed227f639ebcb31ed4e5b88756b47d904584b •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46844 – um: line: always fill *error_out in setup_one_line()
https://notcve.org/view.php?id=CVE-2024-46844
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line(). In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initi... • https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5 •