CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46793 – ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder
https://notcve.org/view.php?id=CVE-2024-46793
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: Boards: Fix NULL pointer deref in BYT/CHT boards harder Since commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()") dummy codecs declared like this: SND_SOC_DAILINK_DEF(dummy, DAILINK_COMP_ARRAY(COMP_DUMMY())); expand to: static struct snd_soc_dai_link_component dummy[] = { }; Which means that dummy is a zero sized array and thus dais[i].codecs should not be dereferenced *at all* since it poi... • https://git.kernel.org/stable/c/7d99a70b65951108d82e1618c67abe69c3ed7720 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46792 – riscv: misaligned: Restrict user access to kernel memory
https://notcve.org/view.php?id=CVE-2024-46792
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address. In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address. • https://git.kernel.org/stable/c/7c83232161f609bbc452a1255f823f41afc411dd •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46791 – can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
https://notcve.org/view.php?id=CVE-2024-46791
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device. In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc... • https://git.kernel.org/stable/c/8ce8c0abcba314e1fe954a1840f6568bf5aef2ef •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46790 – codetag: debug: mark codetags for poisoned page as empty
https://notcve.org/view.php?id=CVE-2024-46790
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PG_hwpoison pages are freed they are treated differently in free_pages_prepare() and instead of being released they are isolated. In the Linux kernel, the following vulnerability has been resolved: codetag: debug: mark codetags for poisoned page as empty When PG_hwpoison pages are freed they are treated differently in free_pages_prepare() and instead of being releas... • https://git.kernel.org/stable/c/d224eb0287fbd84f4f13eca042c7f08f87138f3b •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46789 – mm/slub: add check for s->flags in the alloc_tagging_slab_free_hook
https://notcve.org/view.php?id=CVE-2024-46789
18 Sep 2024 — /include/linux/alloc_tag.h:130 kmem_cache_free+0x444/0x574 [ 3.735866] Modules linked in: autofs4 [ 3.736211] CPU: 4 UID: 0 PID: 40 Comm: ksoftirqd/4 Tainted: G W 6.11.0-rc3-dirty #1 [ 3.736969] Tainted: [W]=WARN [ 3.737258] Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022 [ 3.737875] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 3.738501] pc : kmem_cache_free+0x444/0x574 [ 3.738951] lr : kmem_cache_free+0x444/0x574 [ 3.739361] sp : ffff80008357bb60 [ 3.739693] x29: ... • https://git.kernel.org/stable/c/4b8736964640fe160724e7135dc62883bddcdace •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46788 – tracing/osnoise: Use a cpumask to know what threads are kthreads
https://notcve.org/view.php?id=CVE-2024-46788
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The start_kthread() and stop_thread() code was not always called with the interface_lock held. ... Since kthread ---truncated--- In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The start_kthread() and stop_thread() code was not always called with the interface_lock held. ... Sinc... • https://git.kernel.org/stable/c/e88ed227f639ebcb31ed4e5b88756b47d904584b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46787 – userfaultfd: fix checks for huge PMDs
https://notcve.org/view.php?id=CVE-2024-46787
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. ... • https://git.kernel.org/stable/c/c1a4de99fada21e2e9251e52cbb51eff5aadc757 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46786 – fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
https://notcve.org/view.php?id=CVE-2024-46786
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted,... • https://git.kernel.org/stable/c/12bb21a29c19aae50cfad4e2bb5c943108f34a7d •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46785 – eventfs: Use list_del_rcu() for SRCU protected list variable
https://notcve.org/view.php?id=CVE-2024-46785
18 Sep 2024 — by the way, the following script can reproduce this panic loop1 (){ while true do echo "p:kp submit_bio" > /sys/kernel/debug/tracing/kprobe_events echo "" > /sys/kernel/debug/tracing/kprobe_events done } loop2 (){ while true do tree /sys/kernel/debug/tracing/events/kprobes/ done } loop1 & loop2 [1]: [ 1147.959632][T17331] Unable to handle kernel paging request at virtual address dead000000000150 [ 1147.968239][T17331] Mem abort info: [ 1147.971739][T17331] ESR = 0x0000000096000004 [ 1147.976172][T17331] EC ... • https://git.kernel.org/stable/c/5dfb04100326f70e3b2d2872c2476ed20b804837 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46784 – net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
https://notcve.org/view.php?id=CVE-2024-46784
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. ... skb_dequeue+0x5f/0x80 In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before na... • https://git.kernel.org/stable/c/e1b5683ff62e7b328317aec08869495992053e9d •