CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46685 – pinctrl: single: fix potential NULL dereference in pcs_get_function()
https://notcve.org/view.php?id=CVE-2024-46685
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 https://git.kernel.org/stable/c/0a2bab5ed161318f57134716accba0a30f3af191 https://git.kernel.org/stable/c/2cea369a5c2e85ab14ae716da1d1cc6d25c85e11 https://git.kernel.org/stable/c/4e9436375fcc9bd2a60ee96aba6ed53f7a377d10 https://git.kernel.org/stable/c/6341c2856785dca7006820b127278058a180c075 https://git.kernel.org/stable/c/8f0bd526921b6867c2f10a83cd4fd14139adcd92 https://git.kernel.org/stable/c/4ed45fe99ec9e3c9478bd634624cd05a57d002f7 https://git.kernel.org/stable/c/292151af6add3e5ab11b2e9916cffa5f5 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46681 – pktgen: use cpus_read_lock() in pg_net_init()
https://notcve.org/view.php?id=CVE-2024-46681
In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_each_online_cpu(cpu) loop. While we are at it use WARN_ON_ONCE() to avoid a possible syslog flood. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/5f5f7366dda8ae870e8305d6e7b3c0c2686cd2cf https://git.kernel.org/stable/c/979b581e4c69257acab1af415ddad6b2d78a2fa5 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46679 – ethtool: check device is present when getting link settings
https://notcve.org/view.php?id=CVE-2024-46679
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception RIP: qed_get_current_link+17] #8 [ffffb9e4f2907c48] qede_get_link_ksettings at ffffffffc07a994a [qede] #9 [ffffb9e4f2907cd8] __rh_call_get_link_ksettings at ffffffff992b01a3 #10 [ffffb9e4f2907d38] __ethtool_get_link_ksettings at ffffffff992b04e4 #11 [ffffb9e4f2907d90] duplex_show at ffffffff99260300 #12 [ffffb9e4f2907e38] dev_attr_show at ffffffff9905a01c #13 [ffffb9e4f2907e50] sysfs_kf_seq_show at ffffffff98e0145b #14 [ffffb9e4f2907e68] seq_read at ffffffff98d902e3 #15 [ffffb9e4f2907ec8] vfs_read at ffffffff98d657d1 #16 [ffffb9e4f2907f00] ksys_read at ffffffff98d65c3f #17 [ffffb9e4f2907f38] do_syscall_64 at ffffffff98a052fb crash> struct net_device.state ffff9a9d21336000 state = 5, state 5 is __LINK_STATE_START (0b1) and __LINK_STATE_NOCARRIER (0b100). The device is not present, note lack of __LINK_STATE_PRESENT (0b10). This is the same sort of panic as observed in commit 4224cfd7fb65 ("net-sysfs: add check for netdevice being present to speed_show"). There are many other callers of __ethtool_get_link_ksettings() which don't have a device presence check. Move this check into ethtool to protect all callers. • https://git.kernel.org/stable/c/d519e17e2d01a0ee9abe083019532061b4438065 https://git.kernel.org/stable/c/ec7b4f7f644018ac293cb1b02528a40a32917e62 https://git.kernel.org/stable/c/842a40c7273ba1c1cb30dda50405b328de1d860e https://git.kernel.org/stable/c/7a8d98b6d6484d3ad358510366022da080c37cbc https://git.kernel.org/stable/c/9bba5955eed160102114d4cc00c3d399be9bdae4 https://git.kernel.org/stable/c/94ab317024ba373d37340893d1c0358638935fbb https://git.kernel.org/stable/c/1d6d9b5b1b95bfeccb84386a51b7e6c510ec13b2 https://git.kernel.org/stable/c/a699781c79ecf6cfe67fb00a0331b4088 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46677 – gtp: fix a potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-46677
In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found this bug during code inspection.) • https://git.kernel.org/stable/c/1e3a3abd8b28cfda9d0d0167e50e0fe11bc372a9 https://git.kernel.org/stable/c/620fe9809752fae91b4190e897b81ed9976dfb39 https://git.kernel.org/stable/c/bdd99e5f0ad5fa727b16f2101fe880aa2bff2f8e https://git.kernel.org/stable/c/8bbb9e4e0e66a39282e582d0440724055404b38c https://git.kernel.org/stable/c/4643b91691e969b1b9ad54bf552d7a990cfa3b87 https://git.kernel.org/stable/c/e8b9930b0eb045d19e883c65ff9676fc89320c70 https://git.kernel.org/stable/c/28c67f0f84f889fe9f4cbda8354132b20dc9212d https://git.kernel.org/stable/c/612edd35f2a3910ab1f61c1f2338889d4 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46676 – nfc: pn533: Add poll mod list filling check
https://notcve.org/view.php?id=CVE-2024-46676
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero. Normally no im protocol has value 1 in the mask, so this combination is not expected by driver. But these protocol values actually come from userspace via Netlink interface (NFC_CMD_START_POLL operation). So a broken or malicious program may pass a message containing a "bad" combination of protocol parameter values so that dev->poll_mod_count is not incremented inside pn533_poll_create_mod_list(), thus leading to division by zero. Call trace looks like: nfc_genl_start_poll() nfc_start_poll() ->start_poll() pn533_start_poll() Add poll mod list filling check. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/dfccd0f580445d176acea174175b3e6518cc91f7 https://git.kernel.org/stable/c/c5e05237444f32f6cfe5d907603a232c77a08b31 https://git.kernel.org/stable/c/8ddaea033de051ed61b39f6b69ad54a411172b33 https://git.kernel.org/stable/c/7535db0624a2dede374c42040808ad9a9101d723 https://git.kernel.org/stable/c/7ecd3dd4f8eecd3309432156ccfe24768e009ec4 https://git.kernel.org/stable/c/56ad559cf6d87f250a8d203b555dfc3716afa946 https://git.kernel.org/stable/c/64513d0e546a1f19e390f7e5eba3872bfcbdacf5 https://git.kernel.org/stable/c/febccb39255f9df35527b88c953b2e0de •