CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44957 – xen: privcmd: Switch from mutex to spinlock for irqfds
https://notcve.org/view.php?id=CVE-2024-44957
In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can't use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock. • https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c https://git.kernel.org/stable/c/49f2a5da6785b2dbde93e291cae037662440346e https://git.kernel.org/stable/c/1c682593096a487fd9aebc079a307ff7a6d054a3 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44955 – drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute
https://notcve.org/view.php?id=CVE-2024-44955
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute [Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference. It's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When commit new state which directly referring to info stored in dc_sink will cause null pointer dereference. [how] Remove redundant checking condition. Relevant condition should already be covered by checking if dsc_aux is null or not. Also reset dsc_aux to NULL when the connector is disconnected. • https://git.kernel.org/stable/c/c7e65cab54a89f4df54110f0b44c4ade93d1a911 https://git.kernel.org/stable/c/39b217193729aa45eded8de24d9245468a0c0263 https://git.kernel.org/stable/c/fcf6a49d79923a234844b8efe830a61f3f0584e4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44954 – ALSA: line6: Fix racy access to midibuf
https://notcve.org/view.php?id=CVE-2024-44954
In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races. • https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81 https://git.kernel.org/stable/c/40f3d5cb0e0cbf7fa697913a27d5d361373bdcf5 https://git.kernel.org/stable/c/e7e7d2b180d8f297cea6db43ea72402fd33e1a29 https://git.kernel.org/stable/c/a54da4b787dcac60b598da69c9c0072812b8282d https://git.kernel.org/stable/c/c80f454a805443c274394b1db0d1ebf477abd94e https://git.kernel.org/stable/c/535df7f896a568a8a1564114eaea49d002cb1747 https://git.kernel.org/stable/c/51d87f11dd199bbc6a85982b088ff27bde53b48a https://git.kernel.org/stable/c/15b7a03205b31bc5623378c190d22b7ff •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44950 – serial: sc16is7xx: fix invalid FIFO access with special register set
https://notcve.org/view.php?id=CVE-2024-44950
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios(): entry sc16is7xx_set_baud(): DLH/DLL = $009C --> access special register set sc16is7xx_port_irq() entry --> IIR is 0x0C sc16is7xx_handle_rx() entry sc16is7xx_fifo_read(): --> unable to access FIFO (RHR) because it is mapped to DLL (LCR=LCR_CONF_MODE_A) sc16is7xx_set_baud(): exit --> Restore access to general register set Fix the problem by claiming the efr_lock mutex when accessing the Special register set. • https://git.kernel.org/stable/c/dfeae619d781dee61666d5551b93ba3be755a86b https://git.kernel.org/stable/c/cc6a3f35bc9b3a8da1b195420a2e8d9fdadfa831 https://git.kernel.org/stable/c/dc5ead0e8fc5ef53b8553394d4aab60c277976b3 https://git.kernel.org/stable/c/6a6730812220a9a5ce4003eb347da1ee5abd06b0 https://git.kernel.org/stable/c/7d3b793faaab1305994ce568b59d61927235f57b •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44949 – parisc: fix a possible DMA corruption
https://notcve.org/view.php?id=CVE-2024-44949
In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size. • https://git.kernel.org/stable/c/dadac97f066a67334268132c1e2d0fd599fbcbec https://git.kernel.org/stable/c/3dfd8991ad33b10c2fb027a4cfcf57579fa786c1 https://git.kernel.org/stable/c/00baca74fb5879e5f9034b6156671301f500f8ee https://git.kernel.org/stable/c/642a0b7453daff0295310774016fcb56d1f5bc7f https://git.kernel.org/stable/c/533de2f470baac40d3bf622fe631f15231a03c9f https://git.kernel.org/stable/c/7ae04ba36b381bffe2471eff3a93edced843240f •