CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38618 – ALSA: timer: Set lower bound of start tick time
https://notcve.org/view.php?id=CVE-2024-38618
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to an unexpected RCU stall, where the callback repeatedly queuing the expire update, as reported by fuzzer. This patch introduces a sanity check of the timer start tick time, so that the system returns an error when a ... • https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38615 – cpufreq: exit() callback is optional
https://notcve.org/view.php?id=CVE-2024-38615
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: la devolución de llamada exit() es opcional La devolución de llamada exit() es opcional y no debe llamarse sin verificar primero un puntero válido. Ademá... • https://git.kernel.org/stable/c/91a12e91dc39137906d929a4ff6f9c32c59697fa • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38613 – m68k: Fix spinlock race in kernel thread creation
https://notcve.org/view.php?id=CVE-2024-38613
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: m68k: Fix spinlock race in kernel thread creation Context switching does take care to retain the correct lock owner across the switch from 'prev' to 'next' tasks. This does rely on interrupts remaining disabled for the entire duration of the switch. This condition is guaranteed for normal process creation and context switching between already running processes, because both 'prev' and 'next' already have interrupts disabled in their saved c... • https://git.kernel.org/stable/c/533e6903bea0440816a0f517b0845ccea4cc7917 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38612 – ipv6: sr: fix invalid unregister error path
https://notcve.org/view.php?id=CVE-2024-38612
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix invalid unregister error path The error path of seg6_init() is wrong in case CONFIG_IPV6_SEG6_LWTUNNEL is not defined. In that case if seg6_hmac_init() fails, the genl_unregister_family() isn't called. This issue exist since commit 46738b1317e1 ("ipv6: sr: add option to control lwtunnel support"), and commit 5559cea2d5aa ("ipv6: sr: fix possible use-after-free and null-ptr-deref") replaced unregister_pernet_subsys() with genl_... • https://git.kernel.org/stable/c/46738b1317e169b281ad74690276916e24d1be6d • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38611 – media: i2c: et8ek8: Don't strip remove function when driver is builtin
https://notcve.org/view.php?id=CVE-2024-38611
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: i2c: et8ek8: Don't strip remove function when driver is builtin Using __exit for the remove function results in the remove callback being discarded with CONFIG_VIDEO_ET8EK8=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed. This results in resource leaks. Fix it by compiling in the remove callback unconditionally. This also fixes a W=1 modpost warning: WAR... • https://git.kernel.org/stable/c/c5254e72b8edc2ca0a98703e92e8c34959343d2c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38608 – net/mlx5e: Fix netif state handling
https://notcve.org/view.php?id=CVE-2024-38608
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_resume changes the state of netif, via mlx5e_nic_enable, only if reg_state == NETREG_REGISTERED. In the below case, the above leads to NULL-ptr Oops[1] and memory leaks: mlx5e_probe _mlx5e_resume mlx5e_attach_netdev mlx5e_nic_enable <-- netdev not reg, not calling netif_device_attach() register_netdev <-- failed for... • https://git.kernel.org/stable/c/2c3b5beec46ab0d77c94828eb15170b333ae769a • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38607 – macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
https://notcve.org/view.php?id=CVE-2024-38607
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" The via-macii ADB driver calls request_irq() after disabling hard interrupts. But disabling interrupts isn't necessary here because the VIA shift register interrupt was masked during VIA1 initialization. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: macintosh/via-macii: Corrección "ERROR: función de suspensión llamada desde un contexto no válido"... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38605 – ALSA: core: Fix NULL module pointer assignment at card init
https://notcve.org/view.php?id=CVE-2024-38605
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the... • https://git.kernel.org/stable/c/81033c6b584b44514cbb16fffc26ca29a0fa6270 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-38602 – ax25: Fix reference count leak issues of ax25_dev
https://notcve.org/view.php?id=CVE-2024-38602
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25_dev The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference count leak issue of the object "ax25_dev". Memory leak issue in ax25_addr_ax25dev(): The reference count of the object "ax25_dev" can be increased multiple times in ax25_addr_ax25dev(). This will cause a memory leak. Memory leak issues in ax25_dev_device_down(): The reference count of ax25_dev is set to 1 in ax25_dev_device... • https://git.kernel.org/stable/c/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b •
CVSS: 4.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38601 – ring-buffer: Fix a race between readers and resize checks
https://notcve.org/view.php?id=CVE-2024-38601
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following that, if the operation is successful, old->list.next->prev gets updated too. This means the underlying doubly-linked list is temporarily inconsistent, page->prev->next or page->next->prev might not be equal back to page f... • https://git.kernel.org/stable/c/659f451ff21315ebfeeb46b9adccee8ce1b52c25 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •