CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36953 – KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()
https://notcve.org/view.php?id=CVE-2024-36953
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled gracefully. Similar to the GICv3 uaccess flow, check that kvm_get_vcpu_by_id() actually returns something and fail the ioctl if not. En el kernel de Linux, se resolvió... • https://git.kernel.org/stable/c/7d450e2821710718fd6703e9c486249cee913bab • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36952 – scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
https://notcve.org/view.php?id=CVE-2024-36952
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rpo... • https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36951 – drm/amdkfd: range check cp bad op exception interrupts
https://notcve.org/view.php?id=CVE-2024-36951
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api to guard exception code type checking as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: interrupciones de excepción de operación incorrecta de cp de verificación de rango debido... • https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36950 – firewire: ohci: mask bus reset interrupts between ISR and bottom half
https://notcve.org/view.php?id=CVE-2024-36950
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008... • https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36949 – amd/amdkfd: sync all devices to wait all processes being evicted
https://notcve.org/view.php?id=CVE-2024-36949
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault. En el kernel de Linux, se resolv... • https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36946 – phonet: fix rtm_phonet_notify() skb allocation
https://notcve.org/view.php?id=CVE-2024-36946
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phonet: corrige la asignación de skb de rtm_phonet_notify() fill_route() almacena tres componentes en el skb: - struct ... • https://git.kernel.org/stable/c/f062f41d06575744b9eaf725eef8a5d3b5f5b7ca •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36944 – Reapply "drm/qxl: simplify qxl_fence_wait"
https://notcve.org/view.php?id=CVE-2024-36944
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got out was: [ 93.607888] Testing event system initcall: OK [ 93.667730] Running tests on all trace events: [ 93.669757] Testing all events: OK [ 95.631064] ------------[ cut here ]------------ Timed out after 60 secon... • https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea • CWE-833: Deadlock •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36942 – Bluetooth: qca: fix firmware check error path
https://notcve.org/view.php?id=CVE-2024-36942
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: corregir ruta de error de verificación de firmware Una confirmación reciente corri... • https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 •
CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36941 – wifi: nl80211: don't free NULL coalescing rule
https://notcve.org/view.php?id=CVE-2024-36941
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: no liberar la regla de fusión NULL Si el análisis falla, podemos desreferenciar un puntero NULL aquí. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A local attacker could ... • https://git.kernel.org/stable/c/be29b99a9b51b0338eea3c66a58de53bbd01de24 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36940 – pinctrl: core: delete incorrect free in pinctrl_enable()
https://notcve.org/view.php?id=CVE-2024-36940
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: core: elimina... • https://git.kernel.org/stable/c/6118714275f0a313ecc296a87ed1af32d9691bed • CWE-415: Double Free •