CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38596 – af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
https://notcve.org/view.php?id=CVE-2024-38596
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_send... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38594 – net: stmmac: move the EST lock to struct stmmac_priv
https://notcve.org/view.php?id=CVE-2024-38594
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: move the EST lock to struct stmmac_priv Reinitialize the whole EST structure would also reset the mutex lock which is embedded in the EST structure, and then trigger the following warning. To address this, move the lock to struct stmmac_priv. We also need to reacquire the mutex lock when doing this initialization. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/... • https://git.kernel.org/stable/c/b2aae654a4794ef898ad33a179f341eb610f6b85 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38591 – RDMA/hns: Fix deadlock on SRQ async events.
https://notcve.org/view.php?id=CVE-2024-38591
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix deadlock on SRQ async events. xa_lock for SRQ table may be required in AEQ. Use xa_store_irq()/ xa_erase_irq() to avoid deadlock. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/hns: corrige el punto muerto en eventos asíncronos de SRQ. Es posible que se requiera xa_lock para la tabla SRQ en AEQ. Utilice xa_store_irq()/ xa_erase_irq() para evitar un punto muerto. • https://git.kernel.org/stable/c/81fce6291d9999cee692e4118134a8c850b60857 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38590 – RDMA/hns: Modify the print level of CQE error
https://notcve.org/view.php?id=CVE-2024-38590
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Modify the print level of CQE error Too much print may lead to a panic in kernel. Change ibdev_err() to ibdev_err_ratelimited(), and change the printing level of cqe dump to debug level. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/hns: Modifique el nivel de impresión del error CQE. Demasiada impresión puede provocar pánico en el kernel. Cambie ibdev_err() a ibdev_err_ratelimited() y cambie el nivel de i... • https://git.kernel.org/stable/c/7c044adca272768d821921f11d3da4587dcec68a •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38589 – netrom: fix possible dead-lock in nr_rt_ioctl()
https://notcve.org/view.php?id=CVE-2024-38589
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: possible circular locking dependency detected 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted ------------------------------------------------------ syz-executor350/5129 is trying to acquire lock: ffff8880186e2070 (&nr_node->node_l... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38588 – ftrace: Fix possible use-after-free issue in ftrace_location()
https://notcve.org/view.php?id=CVE-2024-38588
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace:
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38587 – speakup: Fix sizeof() vs ARRAY_SIZE() bug
https://notcve.org/view.php?id=CVE-2024-38587
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got out of bounds. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Speakup: corrige el error sizeof() vs ARRAY_SIZE() El puntero "buf" es una matriz de valores u16. Este código debería usar ARRAY_SIZE() (que es 256) en lu... • https://git.kernel.org/stable/c/756c5cb7c09e537b87b5d3acafcb101b2ccf394f •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38586 – r8169: Fix possible ring buffer corruption on fragmented Tx packets.
https://notcve.org/view.php?id=CVE-2024-38586
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in... • https://git.kernel.org/stable/c/9020845fb5d6bb4876a38fdf1259600e7d9a63d4 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38583 – nilfs2: fix use-after-free of timer for log writer thread
https://notcve.org/view.php?id=CVE-2024-38583
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported ... • https://git.kernel.org/stable/c/fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38582 – nilfs2: fix potential hang in nilfs_detach_log_writer()
https://notcve.org/view.php?id=CVE-2024-38582
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut d... • https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 •