CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46802 – drm/amd/display: added NULL check at start of dc_validate_stream
https://notcve.org/view.php?id=CVE-2024-46802
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel di... • https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48945 – media: vivid: fix compose size exceed boundary
https://notcve.org/view.php?id=CVE-2022-48945
23 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS... • https://git.kernel.org/stable/c/ef834f7836ec0502f49f20bbc42f1240577a9c83 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46801 – libfs: fix get_stashed_dentry()
https://notcve.org/view.php?id=CVE-2024-46801
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: libfs: fix get_stashed_dentry() get_stashed_dentry() tries to optimistically retrieve a stashed dentry from a provided location. ... In the Linux kernel, the following vulnerability has been resolved: libfs: fix get_stashed_dentry() get_stashed_dentry() tries to optimistically retrieve a stashed dentry from a provided location. • https://git.kernel.org/stable/c/07fd7c329839cf0b8c7766883d830a1a0d12d1dd •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46800 – sch/netem: fix use after free in netem_dequeue
https://notcve.org/view.php?id=CVE-2024-46800
18 Sep 2024 — The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set dummy0 up tc qdisc add dev lo parent root handle 1: drr tc filter add dev lo parent 1: basic classid 1:1 tc class add dev lo classid 1:1 drr tc qdisc add dev lo parent 1:1 handle 2: netem tc qdisc add dev lo p... • https://git.kernel.org/stable/c/50612537e9ab29693122fab20fc1eed235054ffe •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46799 – net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX
https://notcve.org/view.php?id=CVE-2024-46799
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX If number of TX queues are set to 1 we get a NULL pointer dereference during XDP_TX. ~# ethtool -L eth0 tx 1 ~# .... In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix NULL dereference on XDP_TX If number of TX queues are set to 1 we get a NULL pointer dereference during XDP_TX. ~# ethtool -L eth0 tx 1 ~# . • https://git.kernel.org/stable/c/8acacc40f7337527ff84cd901ed2ef0a2b95b2b6 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46798 – ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
https://notcve.org/view.php?id=CVE-2024-46798
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 kernel detects that snd_pcm_suspend_all() access a freed 'snd_soc_pcm_runtime' object when the system is suspended, which leads to a use-after-free bug: [ 52.047746] BUG: KASAN: use-after-free in snd_pcm_suspend_all+0x1... • https://git.kernel.org/stable/c/a72706ed8208ac3f72d1c3ebbc6509e368b0dcb0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46797 – powerpc/qspinlock: Fix deadlock in MCS queue
https://notcve.org/view.php?id=CVE-2024-46797
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU might see stale lock values in get_tail_qnode(). ... = NULL") prev = get_tail_qnode(A, CPU0) | ▼ prev == &qnodes[CPU0].nodes[0] (as qnodes ---truncated--- In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix d... • https://git.kernel.org/stable/c/84990b169557428c318df87b7836cd15f65b62dc •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46796 – smb: client: fix double put of @cfile in smb2_set_path_size()
https://notcve.org/view.php?id=CVE-2024-46796
18 Sep 2024 — __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 Allocated by task 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasa... • https://git.kernel.org/stable/c/1e60bc0e954389af82f1d9a85f13a63f6572350f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46795 – ksmbd: unset the binding mark of a reused connection
https://notcve.org/view.php?id=CVE-2024-46795
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() will not set sess->Preauth_HashValue and it will be NULL. • https://git.kernel.org/stable/c/f5a544e3bab78142207e0242d22442db85ba1eff •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46794 – x86/tdx: Fix data leak in mmio_read()
https://notcve.org/view.php?id=CVE-2024-46794
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. ... Do not send the original value of *val to the VMM. [ dhansen: clarify what 'val' is used for. ] In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. • https://git.kernel.org/stable/c/31d58c4e557d46fa7f8557714250fb6f89c941ae •