CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40937 – gve: Clear napi->skb before dev_kfree_skb_any()
https://notcve.org/view.php?id=CVE-2024-40937
In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed. • https://git.kernel.org/stable/c/9b8dd5e5ea48bbb7532d20c4093a79d8283e4029 https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442 https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037 https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50 https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-40934 – HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()
https://notcve.org/view.php?id=CVE-2024-40934
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path. • https://git.kernel.org/stable/c/cf48a7ba5c095f76bb9c1951f120fa048442422f https://git.kernel.org/stable/c/e38a6f12685d8a2189b72078f6254b069ff84650 https://git.kernel.org/stable/c/4fb28379b3c735398b252a979c991b340baa6b5b https://git.kernel.org/stable/c/6e59609541514d2ed3472f5bc999c55bdb6144ee https://git.kernel.org/stable/c/6f20d3261265885f6a6be4cda49d7019728760e0 https://git.kernel.org/stable/c/144becd79c196f02143ca71fc10766bd0cc660a1 https://git.kernel.org/stable/c/00ab92481d3a40a5ad323df4c518068f66ce49f1 https://git.kernel.org/stable/c/15122dc140d82c51c216535c57b044c45 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40932 – drm/exynos/vidi: fix memory leak in .get_modes()
https://notcve.org/view.php?id=CVE-2024-40932
In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. Fix it. • https://git.kernel.org/stable/c/540ca99729e28dbe902b01039a3b4bd74520a819 https://git.kernel.org/stable/c/ebcf81504fef03f701b9711e43fea4fe2d82ebc8 https://git.kernel.org/stable/c/0acc356da8546b5c55aabfc2e2c5caa0ac9b0003 https://git.kernel.org/stable/c/777838c9b571674ef14dbddf671f372265879226 https://git.kernel.org/stable/c/dcba6bedb439581145d8aa6b0925209f23184ae1 https://git.kernel.org/stable/c/a269c5701244db2722ae0fce5d1854f5d8f31224 https://git.kernel.org/stable/c/cb3ac233434dba130281db330c4b15665b2d2c4d https://git.kernel.org/stable/c/38e3825631b1f314b21e3ade00b5a4d73 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40931 – mptcp: ensure snd_una is properly initialized on connect
https://notcve.org/view.php?id=CVE-2024-40931
In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_una is still left uninitialized. Address the issue explicitly initializing snd_una together with snd_nxt and write_seq. • https://git.kernel.org/stable/c/8fd738049ac3d67a937d36577763b47180aae1ad https://git.kernel.org/stable/c/208cd22ef5e57f82d38ec11c1a1703f9401d6dde https://git.kernel.org/stable/c/7b9c7fc8600b64a86e4b47b2d190bba380267726 https://git.kernel.org/stable/c/f03c46eabb3a67bd2993e237ab5517f00a5f1813 https://git.kernel.org/stable/c/f1f0a46f8bb8890b90ab7194f0a0c8fe2a3fb57f https://git.kernel.org/stable/c/ef473bf1dd7e8dd08bcc04b9e2d1bfed69a0a7ce https://git.kernel.org/stable/c/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3 https://access.redhat.com/security/cve/CVE-2024-40931 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40929 – wifi: iwlwifi: mvm: check n_ssids before accessing the ssids
https://notcve.org/view.php?id=CVE-2024-40929
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of-bound access. Fix this by checking n_ssids first. • https://git.kernel.org/stable/c/c1a7515393e403758a684fd0a2372af466675b15 https://git.kernel.org/stable/c/3c4771091ea8016c8601399078916f722dd8833b https://git.kernel.org/stable/c/f777792952d03bbaf8329fdfa99393a5a33e2640 https://git.kernel.org/stable/c/9e719ae3abad60e245ce248ba3f08148f375a614 https://git.kernel.org/stable/c/29a18d56bd64b95bd10bda4afda512558471382a https://git.kernel.org/stable/c/62e007bdeb91c6879a4652c3426aef1cd9d2937b https://git.kernel.org/stable/c/60d62757df30b74bf397a2847a6db7385c6ee281 https://access.redhat.com/security/cve/CVE-2024-40929 • CWE-125: Out-of-bounds Read •