CVSS: 5.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38579 – crypto: bcm - Fix pointer arithmetic
https://notcve.org/view.php?id=CVE-2024-38579
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key_len to hash_iv_len. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: bcm - Arreglar la aritmética de punteros En spu2_dump_omd() el valor de ... • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38578 – ecryptfs: Fix buffer size for tag 66 packet
https://notcve.org/view.php?id=CVE-2024-38578
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer. This fixes the below ka... • https://git.kernel.org/stable/c/dddfa461fc8951f9b5f951c13565b6cac678635a •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38577 – rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
https://notcve.org/view.php?id=CVE-2024-38577
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la ... • https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38573 – cppc_cpufreq: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38573
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cppc_cpufreq: se corrige la... • https://git.kernel.org/stable/c/a28b2bfc099c6b9caa6ef697660408e076a32019 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38571 – thermal/drivers/tsens: Fix null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38571
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Thermal/driver... • https://git.kernel.org/stable/c/dfc1193d4dbd6c3cb68c944413146c940bde290a •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38570 – gfs2: Fix potential glock use-after-free on unmount
https://notcve.org/view.php?id=CVE-2024-38570
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, ... • https://git.kernel.org/stable/c/fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38567 – wifi: carl9170: add a proper sanity check for endpoints
https://notcve.org/view.php?id=CVE-2024-38567
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint, since it can switch types between bulk and interrupt, other endpoints are trusted implicitly. Similar warning is triggered in a couple of other syzbot issues [2]. Fix the issue by doing a comprehensive check of al... • https://git.kernel.org/stable/c/a84fab3cbfdc427e7d366f1cc844f27b2084c26c •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38565 – wifi: ar5523: enable proper endpoint verification
https://notcve.org/view.php?id=CVE-2024-38565
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their according types intact. Sadly, this patch has not been tested on real hardware. [1] Syzkaller report: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 3643 at drive... • https://git.kernel.org/stable/c/b7d572e1871df06a96a1c9591c71c5494ff6b624 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38564 – bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
https://notcve.org/view.php?id=CVE-2024-38564
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog typ... • https://git.kernel.org/stable/c/4a1e7c0c63e02daad751842b7880f9bbcdfb6e89 • CWE-665: Improper Initialization •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38560 – scsi: bfa: Ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-38560
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: bfa: asegú... • https://git.kernel.org/stable/c/9f30b674759b9a2da25aefe25d885161d8a911cb •