CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43868 – riscv/purgatory: align riscv_kernel_entry
https://notcve.org/view.php?id=CVE-2024-43868
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the exception would ultimately crash. On other occasions, the kernel's handler would take care of exceptions. This has been tested on a JH7110 SoC with oreboot and its SBI delegating unaligned access exceptions and the... • https://git.kernel.org/stable/c/736e30af583fb6e0e2b8211b894ff99dea0f1ee7 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43867 – drm/nouveau: prime: fix refcount underflow
https://notcve.org/view.php?id=CVE-2024-43867
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: prime: fix refcount underflow Calling nouveau_bo_ref() on a nouveau_bo without initializing it (and hence the backing ttm_bo) leads to a refcount underflow. Instead of calling nouveau_bo_ref() in the unwind path of drm_gem_object_init(), clean things up manually. (cherry picked from commit 1b93f3e89d03cfc576636e195466a0d728ad8de5) Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. A... • https://git.kernel.org/stable/c/ab9ccb96a6e6f95bcde6b8b2a524370efdbfdcd6 •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43866 – net/mlx5: Always drain health in shutdown callback
https://notcve.org/view.php?id=CVE-2024-43866
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always drain health in shutdown callback There is no point in recovery during device shutdown. if health work started need to wait for it to avoid races and NULL pointer access. Hence, drain health WQ on shutdown callback. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly u... • https://git.kernel.org/stable/c/d2aa060d40fa060e963f9a356d43481e43ba3dac • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43865 – s390/fpu: Re-add exception handling in load_fpu_state()
https://notcve.org/view.php?id=CVE-2024-43865
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Re-add exception handling in load_fpu_state() With the recent rewrite of the fpu code exception handling for the lfpc instruction within load_fpu_state() was erroneously removed. Add it again to prevent that loading invalid floating point register values cause an unhandled specification exception. • https://git.kernel.org/stable/c/8c09871a950a3fe686e0e27fd4193179c5f74f37 • CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43864 – net/mlx5e: Fix CT entry update leaks of modify header context
https://notcve.org/view.php?id=CVE-2024-43864
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix CT entry update leaks of modify header context The cited commit allocates a new modify header to replace the old one when updating CT entry. But if failed to allocate a new one, eg. exceed the max number firmware can support, modify header will be an error pointer that will trigger a panic when deallocating it. And the old modify header point is copied to old attr. When the old attr is freed, the old modify header is lost. ... • https://git.kernel.org/stable/c/94ceffb48eac7692677d8093dcde6965b70c4b35 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43863 – drm/vmwgfx: Fix a deadlock in dma buf fence polling
https://notcve.org/view.php?id=CVE-2024-43863
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads. The fence destroy callback b... • https://git.kernel.org/stable/c/2298e804e96eb3635c39519c8287befd92460303 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43862 – net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex
https://notcve.org/view.php?id=CVE-2024-43862
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wan: fsl_qmc_hdlc: Convert carrier_lock spinlock to a mutex The carrier_lock spinlock protects the carrier detection. While it is held, framer_get_status() is called which in turn takes a mutex. This is not correct and can lead to a deadlock. A run with PROVE_LOCKING enabled detected the issue: [ BUG: Invalid wait context ] ... c204ddbc (&framer->mutex){+.+.}-{3:3}, at: framer_get_status+0x40/0x78 other info that might help ... • https://git.kernel.org/stable/c/54762918ca856028d33d1d56d017a4d7706c6196 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43861 – net: usb: qmi_wwan: fix memory leak for not ip packets
https://notcve.org/view.php?id=CVE-2024-43861
20 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of serv... • https://git.kernel.org/stable/c/c6adf77953bcec0ad63d7782479452464e50f7a3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43860 – remoteproc: imx_rproc: Skip over memory region when node value is NULL
https://notcve.org/view.php?id=CVE-2024-43860
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Skip over memory region when node value is NULL In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts number of phandles. But phandles may be empty. So of_parse_phandle() in the parsing loop (0 < a < nph) may return NULL which is later dereferenced. Adjust this issue by adding NULL-return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. [Fixed title to fit within the pre... • https://git.kernel.org/stable/c/a0ff4aa6f010801b2a61c203c6e09d01b110fddf •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43859 – f2fs: fix to truncate preallocated blocks in f2fs_file_open()
https://notcve.org/view.php?id=CVE-2024-43859
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated blocks in f2fs_file_open() chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011 fscrypt_set_bio_crypt_ctx+0x78/0x1e8 f2fs_grab_read_bio+0x78/0x208 f2fs_submit_page_read+0x44/0x154 f2fs_get_read_data_page+0x288/0x5f4 f2fs_get_lock_data_page+0x60/0x190 truncate_partial_data_page+0x108/0x4fc f2fs_do_truncate_blocks+0x344/0x5f0 f... • https://git.kernel.org/stable/c/d4dd19ec1ea0cf6532d65709325c42b1398614a8 •