CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44933 – bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl()
https://notcve.org/view.php?id=CVE-2024-44933
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl() A recent commit has modified the code in __bnxt_reserve_rings() to set the default RSS indirection table to default only when the number of RX rings is changing. While this works for newer firmware that requires RX ring reservations, it causes the regression on older firmware not requiring RX ring resrvations (BNXT_NEW_RM() returns false). With older firmware, RX ring reservations... • https://git.kernel.org/stable/c/bc57f879a420d19bb5ecdb480f858371554f2258 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-44932 – idpf: fix UAFs when destroying the queues
https://notcve.org/view.php?id=CVE-2024-44932
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs from net/core/page_pool.c:page_pool_disable_direct_recycling(). Turned out idpf frees interrupt vectors with embedded NAPIs *before* freeing the queues making page_pools' NAPI pointers lead to freed memory before these pools are destroyed by libeth. It's not clear whether there are other accesses to the freed vecto... • https://git.kernel.org/stable/c/1c325aac10a82f11410da8a2bf35e3e410a42751 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44931 – gpio: prevent potential speculation leaks in gpio_device_get_desc()
https://notcve.org/view.php?id=CVE-2024-44931
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to... • https://git.kernel.org/stable/c/18504710442671b02d00e6db9804a0ad26c5a479 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43914 – md/raid5: avoid BUG_ON() while continue reshape after reassembling
https://notcve.org/view.php?id=CVE-2024-43914
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0... • https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43913 – nvme: apple: fix device reference counting
https://notcve.org/view.php?id=CVE-2024-43913
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing this wrong, leaking the controller device memory on a tagset failure. In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ct... • https://git.kernel.org/stable/c/f7d9a18572fcd7130459b7691bd19ee2a2e951ad •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43912 – wifi: nl80211: disallow setting special AP channel widths
https://notcve.org/view.php?id=CVE-2024-43912
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz ch... • https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43911 – wifi: mac80211: fix NULL dereference at band check in starting tx ba session
https://notcve.org/view.php?id=CVE-2024-43911
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamically allocated. They don't point to vif->bss_conf. So, there will be no chanreq assigned to vif->bss_conf and then the chan will be NULL. Tweak the code to check ht_supported/vht_supported/has_he/has_eht on sta deflink. Crash log (with rtw89 version under MLO development): [ 9890.526087] BUG: kernel NULL pointer der... • https://git.kernel.org/stable/c/0acaf4a5025d6dafb7da787d2d4c47ed95e46ed6 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43910 – bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses
https://notcve.org/view.php?id=CVE-2024-43910
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified CONST_PTR_TO_DYNPTR to a global function as an argument. The adverse effects of this is that BPF helpers can continue to make use of this modified CONST_PTR_TO_DYNPTR from within the context of the global function, which can unintentionally result in out-of-bounds memory accesses and therefore compromise overall ... • https://git.kernel.org/stable/c/a64bfe618665ea9c722f922cba8c6e3234eac5ac •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43909 – drm/amdgpu/pm: Fix the null pointer dereference for smu7
https://notcve.org/view.php?id=CVE-2024-43909
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table. Ubuntu Security Notice 7156-1 - Chenyuan Yang di... • https://git.kernel.org/stable/c/37b9df457cbcf095963d18f17d6cb7dfa0a03fce •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43908 – drm/amdgpu: Fix the null pointer dereference to ras_manager
https://notcve.org/view.php?id=CVE-2024-43908
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it Ubuntu Security Notice 7154-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed •