CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46691 – usb: typec: ucsi: Move unregister out of atomic section
https://notcve.org/view.php?id=CVE-2024-46691
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Move unregister out of atomic section Commit '9329933699b3 ("soc: qcom: pmic_glink: Make client-lock non-sleeping")' moved the pmic_glink client list under a spinlock, as it is accessed by the rpmsg/glink callback, which in turn is invoked from IRQ context. This means that ucsi_unregister() is now called from atomic context, which isn't feasible as it's expecting a sleepable context. An effort is under way to get GLINK to ... • https://git.kernel.org/stable/c/9329933699b32d467a99befa20415c4b2172389a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46690 – nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease
https://notcve.org/view.php?id=CVE-2024-46690
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfsd4_deleg_getattr_conflict in presence of third party lease It is not safe to dereference fl->c.flc_owner without first confirming fl->fl_lmops is the expected manager. nfsd4_deleg_getattr_conflict() tests fl_lmops but largely ignores the result and assumes that flc_owner is an nfs4_delegation anyway. This is wrong. With this patch we restore the "!= &nfsd_lease_mng_ops" case to behave as it did before the change mentioned below... • https://git.kernel.org/stable/c/c5967721e1063648b0506481585ba7e2e49a075e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46689 – soc: qcom: cmd-db: Map shared memory as WC, not WB
https://notcve.org/view.php?id=CVE-2024-46689
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage ... • https://git.kernel.org/stable/c/312416d9171a1460b7ed8d182b5b540c910ce80d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46688 – erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails
https://notcve.org/view.php?id=CVE-2024-46688
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: fix out-of-bound access when z_erofs_gbuf_growsize() partially fails If z_erofs_gbuf_growsize() partially fails on a global buffer due to memory allocation failure or fault injection (as reported by syzbot [1]), new pages need to be freed by comparing to the existing pages to avoid memory leaks. However, the old gbuf->pages[] array may not be large enough, which can lead to null-ptr-deref or out-of-bound access. Fix this by checking ... • https://git.kernel.org/stable/c/d6db47e571dcaecaeaafa8840d00ae849ae3907b •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46687 – btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
https://notcve.org/view.php?id=CVE-2024-46687
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() [BUG] There is an internal report that KASAN is reporting use-after-free, with the following backtrace: BUG: KASAN: slab-use-after-free in btrfs_check_read_bio+0xa68/0xb70 [btrfs] Read of size 4 at addr ffff8881117cec28 by task kworker/u16:2/45 CPU: 1 UID: 0 PID: 45 Comm: kworker/u16:2 Not tainted 6.11.0-rc2-next-20240805-default+ #76 Hardware name: QEMU Standard PC... • https://git.kernel.org/stable/c/852eee62d31abd695cd43e1b875d664ed292a8ca •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46686 – smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
https://notcve.org/view.php?id=CVE-2024-46686
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. Ubuntu Security Notice 7156-1 - Chenyuan... • https://git.kernel.org/stable/c/edf38e9f4269591d26b3783c0b348c9345580c3c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46685 – pinctrl: single: fix potential NULL dereference in pcs_get_function()
https://notcve.org/view.php?id=CVE-2024-46685
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can r... • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46684 – binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined
https://notcve.org/view.php?id=CVE-2024-46684
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binfmt_elf_fdpic: fix AUXV size calculation when ELF_HWCAP2 is defined create_elf_fdpic_tables() does not correctly account the space for the AUX vector when an architecture has ELF_HWCAP2 defined. Prior to the commit 10e29251be0e ("binfmt_elf_fdpic: fix /proc/
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46683 – drm/xe: prevent UAF around preempt fence
https://notcve.org/view.php?id=CVE-2024-46683
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: prevent UAF around preempt fence The fence lock is part of the queue, therefore in the current design anything locking the fence should then also hold a ref to the queue to prevent the queue from being freed. However, currently it looks like we signal the fence and then drop the queue ref, but if something is waiting on the fence, the waiter is kicked to wake up at some later point, where upon waking up it first grabs the lock befor... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46682 – nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open
https://notcve.org/view.php?id=CVE-2024-46682
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: prevent panic for nfsv4.0 closed files in nfs4_show_open Prior to commit 3f29cc82a84c ("nfsd: split sc_status out of sc_type") states_show() relied on sc_type field to be of valid type before calling into a subfunction to show content of a particular stateid. From that commit, we split the validity of the stateid into sc_status and no longer changed sc_type to 0 while unhashing the stateid. This resulted in kernel oopsing for nfsv4.0 ... • https://git.kernel.org/stable/c/3f29cc82a84c23cfd12b903029dd26002ca825f5 •