CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43858 – jfs: Fix array-index-out-of-bounds in diFree
https://notcve.org/view.php?id=CVE-2024-43858
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43857 – f2fs: fix null reference error when checking end of zone
https://notcve.org/view.php?id=CVE-2024-43857
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null reference error when checking end of zone This patch fixes a potentially null pointer being accessed by is_end_zone_blkaddr() that checks the last block of a zone when f2fs is mounted as a single device. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null reference error when checking end of zone This patch fixes a potentially null pointer being accessed by is_end_zone_blkaddr() that checks the ... • https://git.kernel.org/stable/c/e067dc3c6b9c419bac43c6a0be2d85f44681f863 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43856 – dma: fix call order in dmam_free_coherent
https://notcve.org/view.php?id=CVE-2024-43856
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same... • https://git.kernel.org/stable/c/9ac7849e35f705830f7b016ff272b0ff1f7ff759 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43855 – md: fix deadlock between mddev_suspend and flush bio
https://notcve.org/view.php?id=CVE-2024-43855
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended by T4. T2. the second flush sets 'mddev->flush_bio', and attempts to queue md_submit_flush_data(), which is already running (T1) and won't execu... • https://git.kernel.org/stable/c/f9f2d957a8ea93c73182aebf7de30935a58c027d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43854 – block: initialize integrity buffer to zero before writing it to media
https://notcve.org/view.php?id=CVE-2024-43854
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. In the Linux kernel, the following... • https://git.kernel.org/stable/c/7ba1ba12eeef0aa7113beb16410ef8b7c748e18b • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43853 – cgroup/cpuset: Prevent UAF in proc_cpuset_show()
https://notcve.org/view.php?id=CVE-2024-43853
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43852 – hwmon: (ltc2991) re-order conditions to fix off by one bug
https://notcve.org/view.php?id=CVE-2024-43852
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re-order conditions to fix off by one bug LTC2991_T_INT_CH_NR is 4. The st->temp_en[] array has LTC2991_MAX_CHANNEL (4) elements. Thus if "channel" is equal to LTC2991_T_INT_CH_NR then we have read one element beyond the end of the array. Flip the conditions around so that we check if "channel" is valid before using it as an array index. In the Linux kernel, the following vulnerability has been resolved: hwmon: (ltc2991) re... • https://git.kernel.org/stable/c/2b9ea4262ae9114b0b86ac893b4d6175d8520001 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43851 – soc: xilinx: rename cpu_number1 to dummy_cpu_number
https://notcve.org/view.php?id=CVE-2024-43851
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: xilinx: rename cpu_number1 to dummy_cpu_number The per cpu variable cpu_number1 is passed to xlnx_event_handler as argument "dev_id", but it is not used in this function. So drop the initialization of this variable and rename it to dummy_cpu_number. This patch is to fix the following call trace when the kernel option CONFIG_DEBUG_ATOMIC_SLEEP is enabled: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274... • https://git.kernel.org/stable/c/01946c3c83b2279fec685abc83f0d7b0468851db •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43850 – soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove
https://notcve.org/view.php?id=CVE-2024-43850
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove The following warning is seen during bwmon_remove due to refcount imbalance, fix this by releasing the OPPs after use. Logs: WARNING: at drivers/opp/core.c:1640 _opp_table_kref_release+0x150/0x158 Hardware name: Qualcomm Technologies, Inc. X1E80100 CRD (DT) ... Call trace: _opp_table_kref_release+0x150/0x158 dev_pm_opp_remove_table+0x100/0x1b4 devm_pm_opp_of_table_release... • https://git.kernel.org/stable/c/b9c2ae6cac403dee3195fda9eb28d8ee733b225b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43849 – soc: qcom: pdr: protect locator_addr with the main mutex
https://notcve.org/view.php?id=CVE-2024-43849
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of those fields under the main pdr->lock. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewri... • https://git.kernel.org/stable/c/fbe639b44a82755d639df1c5d147c93f02ac5a0f •