CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41041 – udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().
https://notcve.org/view.php?id=CVE-2024-41041
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk and use sock_pfree() as skb->destructor, so we check SOCK_RCU_FREE to ensure that the sk is safe to access during the RCU grace period. Currently, SOCK_RCU_FREE is flagged for a bound socket after being put into the hash table. Moreover... • https://git.kernel.org/stable/c/6acc9b432e6714d72d7d77ec7c27f6f8358d0c71 • CWE-911: Improper Update of Reference Count •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41040 – net/sched: Fix UAF when resolving a clash
https://notcve.org/view.php?id=CVE-2024-41040
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41039 – firmware: cs_dsp: Fix overflow checking of wmfw header
https://notcve.org/view.php?id=CVE-2024-41039
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent struct is wmfw_adsp... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41038 – firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
https://notcve.org/view.php?id=CVE-2024-41038
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the algorithm block header. This means the overall header length is variable, and the position of most fields varies depending on the length of the string fields. Each field must be checked to ensure that it does not overfl... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41036 – net: ks8851: Fix deadlock with the SPI chip variant
https://notcve.org/view.php?id=CVE-2024-41036
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmi... • https://git.kernel.org/stable/c/1092525155eaad5c69ca9f3b6f3e7895a9424d66 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-41035 – USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
https://notcve.org/view.php?id=CVE-2024-41035
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even th... • https://git.kernel.org/stable/c/0a8fd1346254974c3a852338508e4a4cddbb35f1 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41034 – nilfs2: fix kernel bug on rename operation of broken directory
https://notcve.org/view.php?id=CVE-2024-41034
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return locat... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41031 – mm/filemap: skip to create PMD-sized page cache if needed
https://notcve.org/view.php?id=CVE-2024-41031
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6... • https://git.kernel.org/stable/c/4687fdbb805a92ce5a9f23042c436dc64fef8b77 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41030 – ksmbd: discard write access to the directory open
https://notcve.org/view.php?id=CVE-2024-41030
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when opening a directory. list_add corruption. next is NULL. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! pc : __list_add_... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41027 – Fix userfaultfd_api to return EINVAL as expected
https://notcve.org/view.php?id=CVE-2024-41027
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNIN... • https://git.kernel.org/stable/c/e06f1e1dd4998ffc9da37f580703b55a93fc4de4 •