CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38623 – fs/ntfs3: Use variable length array instead of fixed size
https://notcve.org/view.php?id=CVE-2024-38623
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/ntfs3: use una matriz de longitud variable en lugar de un tamaño fijo. Debería corregirse la advertencia de coincidencia: error ntfs_set_label(): __builtin_memcpy() 'uni->name' demasiado pequeño (20 vs 256) • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7 https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1 https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1 https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef • CWE-129: Improper Validation of Array Index •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38622 – drm/msm/dpu: Add callback function pointer check before its call
https://notcve.org/view.php?id=CVE-2024-38622
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add callback function pointer check before its call In dpu_core_irq_callback_handler() callback function pointer is compared to NULL, but then callback function is unconditionally called by this pointer. Fix this bug by adding conditional return. Found by Linux Verification Center (linuxtesting.org) with SVACE. Patchwork: https://patchwork.freedesktop.org/patch/588237/ • https://git.kernel.org/stable/c/c929ac60b3ed34accd25a052a4833e418900f466 https://git.kernel.org/stable/c/873f67699114452c2a996c4e10faac8ff860c241 https://git.kernel.org/stable/c/9078630ed7f8f25d65d11823e7f2b11a8e2f4f0f https://git.kernel.org/stable/c/530f272053a5e72243a9cb07bb1296af6c346002 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38621 – media: stk1160: fix bounds checking in stk1160_copy_video()
https://notcve.org/view.php?id=CVE-2024-38621
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition is reversed that means the result of the subtraction is always negative but since it's unsigned then the result is a very high positive value. That means the overflow check is never true. Additionally, the ->bytesused doesn't actually work for this purpose because we're not writing to "buf->mem + buf->bytesused". • https://git.kernel.org/stable/c/9cb2173e6ea8f2948bd1367c93083a2500fcf08f https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200 https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7 https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52 https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808 https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38390 – drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails
https://notcve.org/view.php?id=CVE-2024-38390
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xx_destroy() before adreno_gpu_init() leads to a null pointer dereference on: msm_gpu_cleanup() : platform_set_drvdata(gpu->pdev, NULL); as gpu->pdev is only assigned in: a6xx_gpu_init() |_ adreno_gpu_init |_ msm_gpu_init() Instead of relying on handwavy null checks down the cleanup chain, explicitly de-allocate the LLC data and free a6xx_gpu instead. Patchwork: https://patchwork.freedesktop.org/patch/588919/ • https://git.kernel.org/stable/c/76efc2453d0e8e5d6692ef69981b183ad674edea https://git.kernel.org/stable/c/5fea4202b5faccfc6449381a299e8ce4b994d666 https://git.kernel.org/stable/c/247849eeb3fd88f8990ed73e33af70d5c10f9aec https://git.kernel.org/stable/c/a1955a6df91355fef72a3a254700acd3cc1fec0d https://git.kernel.org/stable/c/617e3d1680504a3f9d88e1582892c68be155498f https://git.kernel.org/stable/c/46d4efcccc688cbacdd70a238bedca510acaa8e4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38388 – ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup
https://notcve.org/view.php?id=CVE-2024-38388
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup Use the control private_free callback to free the associated data block. This ensures that the memory won't leak, whatever way the control gets destroyed. The original implementation didn't actually remove the ALSA controls in hda_cs_dsp_control_remove(). It only freed the internal tracking structure. This meant it was possible to remove/unload the amp driver while leaving its ALSA controls still present in the soundcard. Obviously attempting to access them could cause segfaults or at least dereferencing stale pointers. • https://git.kernel.org/stable/c/3233b978af23f11b4ad4f7f11a9a64bd05702b1f https://git.kernel.org/stable/c/191dc1b2ff0fb35e7aff15a53224837637df8bff https://git.kernel.org/stable/c/6e359be4975006ff72818e79dad8fe48293f2eb2 https://git.kernel.org/stable/c/3291486af5636540980ea55bae985f3eaa5b0740 https://git.kernel.org/stable/c/172811e3a557d8681a5e2d0f871dc04a2d17eb13 •