CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50288 – media: vivid: fix buffer overwrite when using > 32 buffers
https://notcve.org/view.php?id=CVE-2024-50288
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using > 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a must_blank array that was still sized for 32 (VIDEO_MAX_FRAME). This caused an out-of-bounds write when using buffer indices >= 32. Create a new define MAX_VID_CAP_BUFFERS that is used to access the must_blank array and set max_num_buffers for the video capture queue. This solves a crash reported by: https://bugzilla.kernel.org/show_bug.cgi?id=219258 • https://git.kernel.org/stable/c/cea70ed416b428f8214be196d62cc7ffaa11f1b8 https://git.kernel.org/stable/c/e6bacd8f2178b22859fe6d9f755f19dfcd9d3862 https://git.kernel.org/stable/c/96d8569563916fe2f8fe17317e20e43f54f9ba4b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50287 – media: v4l2-tpg: prevent the risk of a division by zero
https://notcve.org/view.php?id=CVE-2024-50287
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero. If this ever happens, this will cause a division by zero. Instead, add a WARN_ON_ONCE() to trigger such cases and return without doing any precalculation. • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 https://git.kernel.org/stable/c/e3c36d0bde309f690ed1f9cd5f7e63b3a513f94a https://git.kernel.org/stable/c/0bfc6e38ee2250f0503d96f1a1de441c31d88715 https://git.kernel.org/stable/c/054931ca3cfcb8e8fa036e887d6f379942b02565 https://git.kernel.org/stable/c/a749c15dccc58d9cbad9cd23bd8ab4b5fa96cf47 https://git.kernel.org/stable/c/c63c30c9d9f2c8de34b16cd2b8400240533b914e https://git.kernel.org/stable/c/2d0f01aa602fd15a805771bdf3f4d9a9b4df7f47 https://git.kernel.org/stable/c/0cdb42ba0b28f548c1a4e86bb8489dba0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50286 – ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create
https://notcve.org/view.php?id=CVE-2024-50286
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_expire_session. This patch add missing sessions_table_lock while adding/deleting session from global session table. • https://git.kernel.org/stable/c/f56446ba5378d19e31040b548a14ee9a8f1500ea https://git.kernel.org/stable/c/e923503a56b3385b64ae492e3225e4623f560c5b https://git.kernel.org/stable/c/e7a2ad2044377853cf8c59528dac808a08a99c72 https://git.kernel.org/stable/c/0a77715db22611df50b178374c51e2ba0d58866e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50285 – ksmbd: check outstanding simultaneous SMB operations
https://notcve.org/view.php?id=CVE-2024-50285
In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cacheā. It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit. • https://git.kernel.org/stable/c/1f993777275cbd8f74765c4f9d9285cb907c9be5 https://git.kernel.org/stable/c/e257ac6fe138623cf59fca8898abdf659dbc8356 https://git.kernel.org/stable/c/0a77d947f599b1f39065015bec99390d0c0022ee •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50284 – ksmbd: Fix the missing xa_store error check
https://notcve.org/view.php?id=CVE-2024-50284
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix the missing xa_store error check xa_store() can fail, it return xa_err(-EINVAL) if the entry cannot be stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed, so check error for xa_store() to fix it. • https://git.kernel.org/stable/c/052b41ef2abe274f068e892aee81406f11bd1f3a https://git.kernel.org/stable/c/b685757c7b08d5073046fb379be965fd6c06aafc https://git.kernel.org/stable/c/1f485b54d04a920723984062c912174330a05178 https://git.kernel.org/stable/c/d8664ce789bd46290c59a00da6897252f92c237d https://git.kernel.org/stable/c/726c1568b9145fa13ee248df184b186c382a7ff8 https://git.kernel.org/stable/c/c2a232c4f790f4bcd4d218904c56ac7a39a448f5 https://git.kernel.org/stable/c/3abab905b14f4ba756d413f37f1fb02b708eee93 •