CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42289 – scsi: qla2xxx: During vport delete send async logout explicitly
https://notcve.org/view.php?id=CVE-2024-42289
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access i... • https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42288 – scsi: qla2xxx: Fix for possible memory corruption
https://notcve.org/view.php?id=CVE-2024-42288
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cau... • https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42287 – scsi: qla2xxx: Complete command early within lock
https://notcve.org/view.php?id=CVE-2024-42287
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000... • https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42286 – scsi: qla2xxx: validate nvme_local_port correctly
https://notcve.org/view.php?id=CVE-2024-42286
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 00000000000000... • https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42285 – RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
https://notcve.org/view.php?id=CVE-2024-42285
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct r... • https://git.kernel.org/stable/c/59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42284 – tipc: Return non-zero value from tipc_udp_addr2str() on error
https://notcve.org/view.php?id=CVE-2024-42284
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return ... • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 • CWE-393: Return of Wrong Status Code •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42283 – net: nexthop: Initialize all fields in dumped nexthops
https://notcve.org/view.php?id=CVE-2024-42283
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace -e recvmsg ip nexthop get id 101 ... recvmsg(... [{nla_len=12, nla_type=NHA_GROUP}, [{id=1, weight=0, resvd1=0x69, resvd2=0x67}]] ...) = 52 The ... • https://git.kernel.org/stable/c/430a049190de3c9e219f43084de9f1122da04570 • CWE-456: Missing Initialization of a Variable •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42282 – net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling
https://notcve.org/view.php?id=CVE-2024-42282
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mediatek: Fix potential NULL pointer dereference in dummy net_device handling Move the freeing of the dummy net_device from mtk_free_dev() to mtk_remove(). Previously, if alloc_netdev_dummy() failed in mtk_probe(), eth->dummy_dev would be NULL. The error path would then call mtk_free_dev(), which in turn called free_netdev() assuming dummy_dev was allocated (but it was not), potentially causing a NULL pointer dereference. By moving fre... • https://git.kernel.org/stable/c/b209bd6d0bffb8991aba568e2d9a892c86a1a43c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42281 – bpf: Fix a segment issue when downgrading gso_size
https://notcve.org/view.php?id=CVE-2024-42281
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. Ubuntu S... • https://git.kernel.org/stable/c/2be7e212d5419a400d051c84ca9fdd083e5aacac •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42280 – mISDN: Fix a use after free in hfcmulti_tx()
https://notcve.org/view.php?id=CVE-2024-42280
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service ... • https://git.kernel.org/stable/c/af69fb3a8ffa37e986db00ed93099dc44babeef4 •