CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43838 – bpf: fix overflow check in adjust_jmp_off()
https://notcve.org/view.php?id=CVE-2024-43838
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix overflow check in adjust_jmp_off() adjust_jmp_off() incorrectly used the insn->imm field for all overflow check, which is incorrect as that should only be done or the BPF_JMP32 | BPF_JA case, not the general jump instruction case. Fix it by using insn->off for overflow check in the general case. In the Linux kernel, the following vulnerability has been resolved: bpf: fix overflow check in adjust_jmp_off() adjust_jmp_off() incorrect... • https://git.kernel.org/stable/c/5337ac4c9b807bc46baa0713121a0afa8beacd70 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43837 – bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT
https://notcve.org/view.php?id=CVE-2024-43837
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be null. At this time, calling resolve_prog_type() anywhere will result in a null pointer dereference. Example stack trace: [ 8.107863] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 [ 8.108262] Mem abort info: [ 8.108384] ESR... • https://git.kernel.org/stable/c/4a9c7bbe2ed4d2b240674b1fb606c41d3940c412 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43836 – net: ethtool: pse-pd: Fix possible null-deref
https://notcve.org/view.php?id=CVE-2024-43836
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethtool: pse-pd: Fix possible null-deref Fix a possible null dereference when a PSE supports both c33 and PoDL, but only one of the netlink attributes is specified. The c33 or PoDL PSE capabilities are already validated in the ethnl_set_pse_validate() call. In the Linux kernel, the following vulnerability has been resolved: net: ethtool: pse-pd: Fix possible null-deref Fix a possible null dereference when a PSE supports both c33 and Po... • https://git.kernel.org/stable/c/4d18e3ddf427d93a2895a1c9d61477e1f1726cad •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43835 – virtio_net: Fix napi_skb_cache_put warning
https://notcve.org/view.php?id=CVE-2024-43835
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix napi_skb_cache_put warning After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_... • https://git.kernel.org/stable/c/df133f3f96257ee29696c0ed8bd198ec801dc810 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43834 – xdp: fix invalid wait context of page_pool_destroy()
https://notcve.org/view.php?id=CVE-2024-43834
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of page_pool_destroy() If the driver uses a page pool, it creates a page pool with page_pool_create(). The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference count reaches 0. page_pool_destroy() is used to destroy page pool, it decreases a reference count. When a page pool is destroyed, ->disconnect() is called, which is mem_allocator_disconnect(). This function in... • https://git.kernel.org/stable/c/c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43833 – media: v4l: async: Fix NULL pointer dereference in adding ancillary links
https://notcve.org/view.php?id=CVE-2024-43833
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2_async_create_ancillary_links(), ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async notifier is related to a V4L2 device, the source sub-device of the ancillary link is NULL, leading to a NULL pointer dereference. Check the notifier's sd field is non-NULL in v4l2_async_create_ancillary_links(). ... • https://git.kernel.org/stable/c/aa4faf6eb27132532d5a133d9241254c16d4bafa •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43832 – s390/uv: Don't call folio_wait_writeback() without a folio reference
https://notcve.org/view.php?id=CVE-2024-43832
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After we dropped the PTL, the folio could get freed concurrently. So grab a temporary reference. In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires... • https://git.kernel.org/stable/c/214d9bbcd3a67230b932f6cea83c078ab34d9e70 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43831 – media: mediatek: vcodec: Handle invalid decoder vsi
https://notcve.org/view.php?id=CVE-2024-43831
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the... • https://git.kernel.org/stable/c/590577a4e5257ac3ed72999a94666ad6ba8f24bc •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43830 – leds: trigger: Unregister sysfs attributes before calling deactivate()
https://notcve.org/view.php?id=CVE-2024-43830
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigg... • https://git.kernel.org/stable/c/a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43829 – drm/qxl: Add check for drm_cvt_mode
https://notcve.org/view.php?id=CVE-2024-43829
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Be... • https://git.kernel.org/stable/c/1b043677d4be206c96b51811855502e50057f343 •