CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44984 – bnxt_en: Fix double DMA unmapping for XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2024-44984
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping. This bug causes the warning: WARNING: CPU: 7 PID: 59 at drivers/iommu/dma-iommu.c:1198 iommu_dma_unmap_page+0xd5/0x100 CPU: 7 PID: 59 Comm: ksoftirqd/7 Tainted: G W 6.8.0-1010-gcp #11-Ubuntu Hardware name: Dell In... • https://git.kernel.org/stable/c/578fcfd26e2a1d0e687b347057959228567e2af8 • CWE-1341: Multiple Releases of Same Resource or Handle •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44983 – netfilter: flowtable: validate vlan header
https://notcve.org/view.php?id=CVE-2024-44983
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate vlan header Ensure there is sufficient room to access the protocol field of the VLAN header, validate it once before the flowtable lookup. ===================================================== BUG: KMSAN: uninit-value in nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_flow_offload_inet_hook+0x45a/0x5f0 net/netfilter/nf_flow_table_inet.c:32 nf_hook_entry_hookfn include/linux/... • https://git.kernel.org/stable/c/4cd91f7c290f64fe430867ddbae10bff34657b6a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44982 – drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails
https://notcve.org/view.php?id=CVE-2024-44982
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails If the dpu_format_populate_layout() fails, then FB is prepared, but not cleaned up. This ends up leaking the pin_count on the GEM object and causes a splat during DRM file closure: msm_obj->pin_count WARNING: CPU: 2 PID: 569 at drivers/gpu/drm/msm/msm_gem.c:121 update_lru_locked+0xc4/0xcc [...] Call trace: update_lru_locked+0xc4/0xcc put_pages+0xac/0x100 msm_gem_free_object+0... • https://git.kernel.org/stable/c/25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44981 – workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask()
https://notcve.org/view.php?id=CVE-2024-44981
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix UBSAN 'subtraction overflow' error in shift_and_mask() UBSAN reports the following 'subtraction overflow' error when booting in a virtual machine on Android: | Internal error: UBSAN: integer subtraction overflow: 00000000f2005515 [#1] PREEMPT SMP | Modules linked in: | CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.10.0-00006-g3cbe9e5abd46-dirty #4 | Hardware name: linux,dummy-virt (DT) | pstate: 600000c5 (nZCv daIF -PAN... • https://git.kernel.org/stable/c/1211f3b21c2aa0d22d8d7f050e3a5930a91cd0e4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44980 – drm/xe: Fix opregion leak
https://notcve.org/view.php?id=CVE-2024-44980
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix opregion leak Being part o the display, ideally the setup and cleanup would be done by display itself. However this is a bigger refactor that needs to be done on both i915 and xe. For now, just fix the leak: unreferenced object 0xffff8881a0300008 (size 192): comm "modprobe", pid 4354, jiffies 4295647021 hex dump (first 32 bytes): 00 00 87 27 81 88 ff ff 18 80 9b 00 00 c9 ff ff ...'............ 18 81 9b 00 00 c9 f... • https://git.kernel.org/stable/c/44e694958b95395bd1c41508c88c8ca141bf9bd7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44979 – drm/xe: Fix missing workqueue destroy in xe_gt_pagefault
https://notcve.org/view.php?id=CVE-2024-44979
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and access counter workqueues. Add those destroy calls here. (cherry picked from commit 7586fc52b14e0b8edd0d1f8a434e0de2078b7b2b) In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing workqueue destroy in xe_gt_pagefault On driver reload we never free up the memory for the pagefault and... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44978 – drm/xe: Free job before xe_exec_queue_put
https://notcve.org/view.php?id=CVE-2024-44978
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy the VM. Prevent UAF by freeing job before xe_exec_queue_put. (cherry picked from commit 32a42c93b74c8ca6d0915ea3eba21bceff53042f) In the Linux kernel, the following vulnerability has been resolved: drm/xe: Free job before xe_exec_queue_put Free job depends on job->vm being valid, the last xe_exec_queue_put can destroy... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44977 – drm/amdgpu: Validate TA binary size
https://notcve.org/view.php?id=CVE-2024-44977
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442) In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442) Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that t... • https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44976 – ata: pata_macio: Fix DMA table overflow
https://notcve.org/view.php?id=CVE-2024-44976
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ata: pata_macio: Fix DMA table overflow Kolbj rn and Jonáš reported that their 32-bit PowerMacs were crashing in pata-macio since commit 09fe2bfa6b83 ("ata: pata_macio: Fix max_segment_size with PAGE_SIZE == 64K"). For example: kernel BUG at drivers/ata/pata_macio.c:544! Oops: Exception in kernel mode, sig: 5 [#1] BE PAGE_SIZE=4K MMU=Hash SMP NR_CPUS=2 DEBUG_PAGEALLOC PowerMac ... NIP pata_macio_qc_prep+0xf4/0x190 LR pata_m... • https://git.kernel.org/stable/c/09fe2bfa6b83f865126ce3964744863f69a4a030 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44975 – cgroup/cpuset: fix panic caused by partcmd_update
https://notcve.org/view.php?id=CVE-2024-44975
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: fix panic caused by partcmd_update We find a bug as below: BUG: unable to handle page fault for address: 00000003 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 358 Comm: bash Tainted: G W I 6.6.0-10893-g60d6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/4 RIP: 0010:partition_sched_domains_locked+0x483/0x600 Code: 01 48 85 d2 74 0d 48 83 05 29 3f f8 03 01 f3 48 0f bc c2 89 ... • https://git.kernel.org/stable/c/0c7f293efc87a06b51db9aa65256f8cb0a5a0a21 •