CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36916 – blk-iocost: avoid out of bounds shift
https://notcve.org/view.php?id=CVE-2024-36916
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted... • https://git.kernel.org/stable/c/7caa47151ab2e644dd221f741ec7578d9532c9a3 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36915 – nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
https://notcve.org/view.php?id=CVE-2024-36915
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Read of size 4 at addr... • https://git.kernel.org/stable/c/298609e7069ce74542a2253a39ccc9717f1d877a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36914 – drm/amd/display: Skip on writeback when it's not applicable
https://notcve.org/view.php?id=CVE-2024-36914
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it's not applicable [WHY] dynamic memory safety error detector (KASAN) catches and generates error messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not support certain features which are not initialized. [HOW] Skip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: omitir la reescritura cuando ... • https://git.kernel.org/stable/c/87de0a741ef6d93fcb99983138a0d89a546a043c •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36913 – Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
https://notcve.org/view.php?id=CVE-2024-36913
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypte... • https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6 • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36912 – Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
https://notcve.org/view.php?id=CVE-2024-36912
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. In order to make sure callers of vm... • https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81 • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36911 – hv_netvsc: Don't free decrypted memory
https://notcve.org/view.php?id=CVE-2024-36911
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The netvsc driver could free decrypted/shared pages if... • https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36910 – uio_hv_generic: Don't free decrypted memory
https://notcve.org/view.php?id=CVE-2024-36910
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/... • https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36909 – Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
https://notcve.org/view.php?id=CVE-2024-36909
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus ring buff... • https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36908 – blk-iocost: do not WARN if iocg was already offlined
https://notcve.org/view.php?id=CVE-2024-36908
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn() is run at that time: WARNING: CPU: 0 PID: 2344971 at block/blk-iocost.c:1402 iocg_pay_debt+0x14c/0x190 Call trace: iocg_pay_debt+0x14c/0x190 iocg_kick_waitq+0x438/0x4c0 iocg_wa... • https://git.kernel.org/stable/c/7caa47151ab2e644dd221f741ec7578d9532c9a3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36907 – SUNRPC: add a missing rpc_stat for TCP TLS
https://notcve.org/view.php?id=CVE-2024-36907
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: add a missing rpc_stat for TCP TLS Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added functionality to specify rpc_stats function but missed adding it to the TCP TLS functionality. As the result, mounting with xprtsec=tls lead to the following kernel oops. [ 128.984192] Unable to handle kernel NULL pointer dereference at virtual address 000000000000001c [ 128.985058] Mem abort info: [ 128.985372] ESR = 0x00000000... • https://git.kernel.org/stable/c/19f51adc778fb84c2eb07eb71800fb0d9f0ff13a •