CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46716 – dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor
https://notcve.org/view.php?id=CVE-2024-46716
In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_resources -> msgdma_free_descriptors -> msgdma_free_desc_list -> msgdma_free_descriptor which does not correctly free the descriptors as first nodes were not removed from the list. • https://git.kernel.org/stable/c/a3480e59fdbe5585d2d1eff0bed7671583acf725 https://git.kernel.org/stable/c/20bf2920a869f9dbda0ef8c94c87d1901a64a716 https://git.kernel.org/stable/c/db67686676c7becc1910bf1d6d51505876821863 https://git.kernel.org/stable/c/54e4ada1a4206f878e345ae01cf37347d803d1b1 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46715 – driver: iio: add missing checks on iio_info's callback access
https://notcve.org/view.php?id=CVE-2024-46715
In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute [...] [ 2203.783416] Call trace: [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48 [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120 [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4 [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0 [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4 [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54 [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0) [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000 [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000 [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0 [ 2203.830363] Code: bad PC value [ 2203.832695] ---[ end trace 0000000000000000 ]--- • https://git.kernel.org/stable/c/0cc7e0ee31e5c44904e98e2229d591e093282a70 https://git.kernel.org/stable/c/72f022ebb9deac28663fa4c04ba315ed5d6654d1 https://git.kernel.org/stable/c/dc537a72f64890d883d24ae4ac58733fc5bc523d https://git.kernel.org/stable/c/c4ec8dedca961db056ec85cb7ca8c9f7e2e92252 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46714 – drm/amd/display: Skip wbscl_set_scaler_filter if filter is null
https://notcve.org/view.php?id=CVE-2024-46714
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case. This fixes 4 NULL_RETURNS issues reported by Coverity. • https://git.kernel.org/stable/c/0364f1f17a86d89dc39040beea4f099e60189f1b https://git.kernel.org/stable/c/c083c8be6bdd046049884bec076660d4ec9a19ca https://git.kernel.org/stable/c/6d94c05a13fadd80c3e732f14c83b2632ebfaa50 https://git.kernel.org/stable/c/1726914cb17cedab233820d26b86764dc08857b4 https://git.kernel.org/stable/c/e3a95f29647ae45d1ec9541cd7df64f40bf2120a https://git.kernel.org/stable/c/54834585e91cab13e9f82d3a811deb212a4df786 https://git.kernel.org/stable/c/c4d31653c03b90e51515b1380115d1aedad925dd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46713 – perf/aux: Fix AUX buffer serialization
https://notcve.org/view.php?id=CVE-2024-46713
In the Linux kernel, the following vulnerability has been resolved: perf/aux: Fix AUX buffer serialization Ole reported that event->mmap_mutex is strictly insufficient to serialize the AUX buffer, add a per RB mutex to fully serialize it. Note that in the lock order comment the perf_event::mmap_mutex order was already wrong, that is, it nesting under mmap_lock is not new with this patch. • https://git.kernel.org/stable/c/45bfb2e50471abbbfd83d40d28c986078b0d24ff https://git.kernel.org/stable/c/7882923f1cb88dc1a17f2bf0c81b1fc80d44db82 https://git.kernel.org/stable/c/52d13d224fdf1299c8b642807fa1ea14d693f5ff https://git.kernel.org/stable/c/9dc7ad2b67772cfb94ceb3b0c9c4023c2463215d https://git.kernel.org/stable/c/c4b69bee3f4ef76809288fe6827bc14d4ae788ef https://git.kernel.org/stable/c/b9b6882e243b653d379abbeaa64a500182aba370 https://git.kernel.org/stable/c/2ab9d830262c132ab5db2f571003d80850d56b2a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46711 – mptcp: pm: fix ID 0 endp usage after multiple re-creations
https://notcve.org/view.php?id=CVE-2024-46711
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initial subflows are known from the beginning: they don't count as "additional local address being used" or "ADD_ADDR being accepted". It is then required not to increment them when the entrypoint used by the initial subflow is removed and re-added during a connection. Without this modification, this entrypoint cannot be removed and re-added more than once. • https://git.kernel.org/stable/c/3ad14f54bd7448384458e69f0183843f683ecce8 https://git.kernel.org/stable/c/c9c744666f7308a4daba520191e29d395260bcfe https://git.kernel.org/stable/c/53e2173172d26c0617b29dd83618b71664bed1fb https://git.kernel.org/stable/c/119806ae4e46cf239db8e6ad92bc2fd3daae86dc https://git.kernel.org/stable/c/9366922adc6a71378ca01f898c41be295309f044 •