CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43891 – tracing: Have format file honor EVENT_FILE_FL_FREED
https://notcve.org/view.php?id=CVE-2024-43891
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENT_FILE_FL_FREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would have a ref count that is set when the file is created and would be decremented and freed after the last user that opened the file closed it. When the file meta data was to be freed, it would set a flag (EVENT_FILE_F... • https://git.kernel.org/stable/c/14aa4f3efc6e784847e8c8543a7ef34ec9bdbb01 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43890 – tracing: Fix overflow in get_free_elt()
https://notcve.org/view.php?id=CVE-2024-43890
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert a... • https://git.kernel.org/stable/c/08d43a5fa063e03c860f2f391a30c388bcbc948e •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43889 – padata: Fix possible divide-by-0 panic in padata_mt_helper()
https://notcve.org/view.php?id=CVE-2024-43889
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1 [ 10.017908] Hardware name: Lenovo ThinkSystem SR950 [7X12CTO1WW]/[7X12CTO1WW], BIOS [PSE140J-2.30] 07/20/2021 [ 10.017908] Workqueue: events_unbou... • https://git.kernel.org/stable/c/004ed42638f4428e70ead59d170f3d17ff761a0f • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43888 – mm: list_lru: fix UAF for memory cgroup
https://notcve.org/view.php?id=CVE-2024-43888
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: list_lru: fix UAF for memory cgroup The mem_cgroup_from_slab_obj() is supposed to be called under rcu lock or cgroup_mutex or others which could prevent returned memcg from being freed. Fix it by adding missing rcu read lock. Found by code inspection. [songmuchun@bytedance.com: only grab rcu lock when necessary, per Vlastimil] Link: https://lkml.kernel.org/r/20240801024603.1865-1-songmuchun@bytedance.com In the Linux kernel, the followi... • https://git.kernel.org/stable/c/0a97c01cd20bb96359d8c9dedad92a061ed34e0b • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43887 – net/tcp: Disable TCP-AO static key after RCU grace period
https://notcve.org/view.php?id=CVE-2024-43887
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tcp: Disable TCP-AO static key after RCU grace period The lifetime of TCP-AO static_key is the same as the last tcp_ao_info. On the socket destruction tcp_ao_info ceases to be with RCU grace period, while tcp-ao static branch is currently deferred destructed. The static key definition is : DEFINE_STATIC_KEY_DEFERRED_FALSE(tcp_ao_needed, HZ); which means that if RCU grace period is delayed by more than a second and tcp_ao_needed is in th... • https://git.kernel.org/stable/c/67fa83f7c86a86913ab9cd5a13b4bebd8d2ebb43 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43886 – drm/amd/display: Add null check in resource_log_pipe_topology_update
https://notcve.org/view.php?id=CVE-2024-43886
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null c... • https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43884 – Bluetooth: MGMT: Add error handling to pair_device()
https://notcve.org/view.php?id=CVE-2024-43884
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a c... • https://git.kernel.org/stable/c/5157b8a503fa834e8569c7fed06981e3d3d53db0 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43883 – usb: vhci-hcd: Do not drop references before new references are gained
https://notcve.org/view.php?id=CVE-2024-43883
23 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the ... • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52914 – io_uring/poll: add hash if ready poll request can't complete inline
https://notcve.org/view.php?id=CVE-2023-52914
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. This will eventually stall the ring exit process as well. In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: add hash if ready poll request can't complete inline If we don't, then we may lose access to it completely, leading to a request leak. This will eventual... • https://git.kernel.org/stable/c/49f1c68e048f1706b71c8255faf8110113d1cc48 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52913 – drm/i915: Fix potential context UAFs
https://notcve.org/view.php?id=CVE-2023-52913
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that nothing uses the ctx ptr after this. And we need to ensure that adding the ctx to the xarray is the *last* thing that gem_context_register() does with the ctx pointer. [tursulin: Stable and fixes tags add/tidy.] (cherry picked from comm... • https://git.kernel.org/stable/c/eb4dedae920a07c485328af3da2202ec5184fb17 •