CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42159 – scsi: mpi3mr: Sanitise num_phys
https://notcve.org/view.php?id=CVE-2024-42159
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. A vulnerability was found in the Linux kernel's mpi3mr driver in the mpi3mr_sas_port_add() function, where a lack of proper checks could lead to values that are larger than what the defined size of the num_phys field in the mr_sas_node structure being inserted, causing the field to be overwritten and po... • https://git.kernel.org/stable/c/b869ec89d2ee923d46608b76e54c006680c9b4df • CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42158 – s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
https://notcve.org/view.php?id=CVE-2024-42158
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770) In the Linux kernel, the following vulnerability has been resolved: s390/pk... • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42157 – s390/pkey: Wipe sensitive data on failure
https://notcve.org/view.php?id=CVE-2024-42157
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42156 – s390/pkey: Wipe copies of clear-key structures on failure
https://notcve.org/view.php?id=CVE-2024-42156
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. Ziming Zhang discovered that the VMware ... • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42155 – s390/pkey: Wipe copies of protected- and secure-keys
https://notcve.org/view.php?id=CVE-2024-42155
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or secure-keys from stack, even in case of an error. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected... • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42154 – tcp_metrics: validate source addr length
https://notcve.org/view.php?id=CVE-2024-42154
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). A vulnerability was found in the Linux kernel's tcp_metrics.c, where insufficient validation of the length of the source address for TCP metrics could lead to incorrect memory read (out of bound... • https://git.kernel.org/stable/c/3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42153 – i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
https://notcve.org/view.php?id=CVE-2024-42153
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr When del_timer_sync() is called in an interrupt context it throws a warning because of potential deadlock. The timer is used only to exit from wait_for_completion() after a timeout so replacing the call with wait_for_completion_timeout() allows to remove the problematic timer and its related functions altogether. In the Linux kernel, the following vulnerability has b... • https://git.kernel.org/stable/c/41561f28e76a47dc6de0a954da85d0b5c42874eb •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42152 – nvmet: fix a possible leak when destroy a ctrl during qp establishment
https://notcve.org/view.php?id=CVE-2024-42152
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primarily), and drop the final reference on the ctrl. However, a small window is possible where nvmet_sq_destroy starts (as a result of the client givi... • https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42151 – bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
https://notcve.org/view.php?id=CVE-2024-42151
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first parameter of the test_1() function. Mark this parameter as nullable to make verifier aware of such possibility. Otherwise, NULL check in the test_1() code: SEC("struct_ops/test_1") int BPF_PROG(test_1, struct bpf_dummy_ops_state *state) { if (!state) return ...; ... access state ... } Might be removed by verifier,... • https://git.kernel.org/stable/c/7f79097b0de97a486b137b750d7dd7b20b519d23 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42150 – net: txgbe: remove separate irq request for MSI and INTx
https://notcve.org/view.php?id=CVE-2024-42150
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: txgbe: remove separate irq request for MSI and INTx When using MSI or INTx interrupts, request_irq() for pdev->irq will conflict with request_threaded_irq() for txgbe->misc.irq, to cause system crash. So remove txgbe_request_irq() for MSI/INTx case, and rename txgbe_request_msix_irqs() since it only request for queue irqs. Add wx->misc_irq_domain to determine whether the driver creates an IRQ domain and threaded request the IRQs. In th... • https://git.kernel.org/stable/c/aefd013624a10f39b0bfaee8432a235128705380 •