CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38630 – watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
https://notcve.org/view.php?id=CVE-2024-38630
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it and will return directly. If the port region is released by release_region() and then the timer handler cpu5wdt_trigger() calls outb() to write into the region that is released, the use-after-free bug will happen. Change del_timer() to timer_shutdown_sync() in order that the timer handler could be finished before the port region is released. • https://git.kernel.org/stable/c/e09d9c3e9f85b8190ca1e495890f4cf5ee30baf6 https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314 https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38629 – dmaengine: idxd: Avoid unnecessary destruction of file_ida
https://notcve.org/view.php?id=CVE-2024-38629
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to destroy an already empty file_ida when the WQ cdev is removed. Worse, ida_free() in cdev release may happen after destruction of file_ida per WQ cdev. This can lead to accessing an id in file_ida after it has been destroyed, resulting in a kernel panic. Remove ida_destroy(&file_ida) to address these issues. • https://git.kernel.org/stable/c/e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687 https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9 https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38628 – usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
https://notcve.org/view.php?id=CVE-2024-38628
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks. • https://git.kernel.org/stable/c/02de698ca8123782c0c6fb8ed99080e2f032b0d2 https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09 https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0 https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068 https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38627 – stm class: Fix a double free in stm_register_device()
https://notcve.org/view.php?id=CVE-2024-38627
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase stm: corrige un doble free en stm_register_device() La llamada put_device(&stm->dev) activará stm_device_release() que libera "stm" para que vfree(stm) en el La siguiente línea es un doble libre. • https://git.kernel.org/stable/c/389b6699a2aa0b457aa69986e9ddf39f3b4030fd https://git.kernel.org/stable/c/b0351a51ffda593b2b1b35dd0c00a73505edb256 https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931 https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695 https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36 https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247 https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21e • CWE-415: Double Free •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38625 – fs/ntfs3: Check 'folio' pointer for NULL
https://notcve.org/view.php?id=CVE-2024-38625
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8 https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641 https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803 •