CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26825 – nfc: nci: free rx_data_reassembly skb on NCI device cleanup
https://notcve.org/view.php?id=CVE-2024-26825
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. However, the NCI device may be deallocated before that which leads to skb leak. As by design the rx_data_reassembly skb is bound to the NCI device and nothing preve... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26820 – hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
https://notcve.org/view.php?id=CVE-2024-26820
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register_netdevice_notifier() very early( even before vmbus_driver_register()). To fix this, we try to register each such matching VF( if it is visible as a netdev... • https://git.kernel.org/stable/c/028aa21f9e92536038cabb834c15d08f5c894382 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52642 – media: rc: bpf attach/detach requires write permission
https://notcve.org/view.php?id=CVE-2023-52642
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAP_NET_ADMIN. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: rc: bpf adjunto/detach requiere permiso de escritura. Tenga en cuenta que bpf adjunto/detach también requiere CAP_NET_ADMIN. • https://git.kernel.org/stable/c/93d8109bf182510629bbefc8cd45296d2393987f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-26817 – amdkfd: use calloc instead of kzalloc to avoid integer overflow
https://notcve.org/view.php?id=CVE-2024-26817
13 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: amdkfd: usa calloc en lugar de kzalloc para evitar el desbordamiento de enteros. Esto usa calloc en lugar de hacer la multiplicación que podría desbordarse. In the Linux kernel, the following vulnerability has been resolved: amdkfd: use ca... • https://github.com/MaherAzzouzi/CVE-2024-26817-amdkfd •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26816 – x86, relocs: Ignore relocations in .notes section
https://notcve.org/view.php?id=CVE-2024-26816
10 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is used prior to booting the kernel, so relocations are not useful. In fact, performing relocations against the .notes section means that the KASLR base is exposed since /sys/kernel/notes is world-readable. To avoid leaking the KASLR base ... • https://git.kernel.org/stable/c/5ead97c84fa7d63a6a7a2f4e9f18f452bd109045 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52340 – kernel: ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU
https://notcve.org/view.php?id=CVE-2023-52340
09 Apr 2024 — The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. La implementación de IPv6 en el kernel de Linux anterior a 6.3 tiene un umbral net/ipv6/route.c max_size que se puede consumir fácilmente, por ejemplo, provocando una denegación de servicio (errores de red inaccesible) cuando los paquetes IPv6 se envían en un bu... • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27437 – vfio/pci: Disable auto-enable of exclusive INTx IRQ
https://notcve.org/view.php?id=CVE-2024-27437
05 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently disabled as necessary to align with the masked status flag. This presents a window where the interrupt could fire between these events, resulting in the IRQ incrementing the disable depth twice. This would be unrecoverable for a user sin... • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26813 – vfio/platform: Create persistent IRQ handlers
https://notcve.org/view.php?id=CVE-2024-26813
05 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allows a NULL pointer dereference. Rather than register the IRQ relative to a valid trigger, register all IRQs in a disabled state in the device open path. This allows mask operations on the IRQ to nest within the overall enable state gov... • https://git.kernel.org/stable/c/57f972e2b341dd6a73533f9293ec55d584a5d833 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26812 – vfio/pci: Create persistent INTx handler
https://notcve.org/view.php?id=CVE-2024-26812
05 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL context through the SET_IRQS ioctl or through unmask irqfd if the device interrupt is pending. Ideally this could be solved with some additional locking; the igate mutex serializes the ioctl and config space accesses, and the interrupt... • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26810 – vfio/pci: Lock external INTx masking ops
https://notcve.org/view.php?id=CVE-2024-26810
05 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Lock external INTx masking ops Mask operations through config space changes to DisINTx may race INTx configuration changes via ioctl. Create wrappers that add locking for paths outside of the core interrupt code. In particular, irq_type is updated holding igate, therefore testing is_intx() requires holding igate. For example clearing DisINTx from config space can otherwise race changes of the interrupt configuration. This aligns i... • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •