CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46747 – HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
https://notcve.org/view.php?id=CVE-2024-46747
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before... • https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46745 – Input: uinput - reject requests with unreasonable number of slots
https://notcve.org/view.php?id=CVE-2024-46745
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memor... • https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46744 – Squashfs: sanity check symbolic link size
https://notcve.org/view.php?id=CVE-2024-46744
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875... • https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46743 – of/irq: Prevent device address out-of-bounds read in interrupt map walk
https://notcve.org/view.php?id=CVE-2024-46743
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: in... • https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46738 – VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
https://notcve.org/view.php?id=CVE-2024-46738
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove ... • https://git.kernel.org/stable/c/bc63dedb7d46a7d690c6b6edf69136b88af06cc6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46733 – btrfs: fix qgroup reserve leaks in cow_file_range
https://notcve.org/view.php?id=CVE-2024-46733
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note... • https://git.kernel.org/stable/c/159f0f61b283ea71e827dd0c18c5dce197de1fa2 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46731 – drm/amd/pm: fix the Out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46731
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use t... • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46725 – drm/amdgpu: Fix out-of-bounds write warning
https://notcve.org/view.php?id=CVE-2024-46725
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bo... • https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2 • CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46724 – drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
https://notcve.org/view.php?id=CVE-2024-46724
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number Check the fb_channel_number range to avoid the array out-of-bounds read error It was discovered that the CIFS network file system implementation in the Linux kernel did not pro... • https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46723 – drm/amdgpu: fix ucode out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46723
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertsc... • https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2 • CWE-125: Out-of-bounds Read •