CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43883 – usb: vhci-hcd: Do not drop references before new references are gained
https://notcve.org/view.php?id=CVE-2024-43883
23 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. ... • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48941 – ice: fix concurrent reset and removal of VFs
https://notcve.org/view.php?id=CVE-2022-48941
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some issues with concurrently handling messages from VFs while tearing down the VFs. In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice:... • https://git.kernel.org/stable/c/c503e63200c679e362afca7aca9d3dc63a0f45ed •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48940 – bpf: Fix crash due to incorrect copy_map_value
https://notcve.org/view.php?id=CVE-2022-48940
22 Aug 2024 — lockdep_hardirqs_on+0x7e/0x100 [ 16.047137] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 16.047405] RIP: 0033:0x7f9e4831718d [ 16.047602] Code: b4 0c 00 0f 05 eb a9 66 0f 1f 44 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d b3 6c 0c 00 f7 d8 64 89 01 48 [ 16.048764] RSP: 002b:00007fff488086b8 EFLAGS: 00000206 ORIG_RAX: 0000000000000023 [ 16.049275] RAX: ffffffffffffffda RBX: 00007f9e48683740 RCX: 00007f9e4831718d [ 16.049747] ... • https://git.kernel.org/stable/c/68134668c17f31f51930478f75495b552a411550 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48939 – bpf: Add schedule points in batch ops
https://notcve.org/view.php?id=CVE-2022-48939
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. ... In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. • https://git.kernel.org/stable/c/aa2e93b8e58e18442edfb2427446732415bc215e • CWE-834: Excessive Iteration •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48938 – CDC-NCM: avoid overflow in sanity checking
https://notcve.org/view.php?id=CVE-2022-48938
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. ... In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48937 – io_uring: add a schedule point in io_add_buffers()
https://notcve.org/view.php?id=CVE-2022-48937
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! ... /include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? /include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? ... /include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544556] ? /... • https://git.kernel.org/stable/c/ddf0322db79c5984dc1a1db890f946dd19b7d6d9 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48935 – netfilter: nf_tables: unregister flowtable hooks on netns exit
https://notcve.org/view.php?id=CVE-2022-48935
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF... • https://git.kernel.org/stable/c/ff4bf2f42a40e7dff28379f085b64df322c70b45 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48934 – nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
https://notcve.org/view.php?id=CVE-2022-48934
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. ... In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. • https://git.kernel.org/stable/c/20cce88650981ec504d328dbbdd004d991eb8535 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48933 – netfilter: nf_tables: fix memory leak during stateful obj update
https://notcve.org/view.php?id=CVE-2022-48933
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. • https://git.kernel.org/stable/c/d62d0ba97b5803183e70cfded7f7b9da76893bf5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48932 – net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
https://notcve.org/view.php?id=CVE-2022-48932
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided. In... • https://git.kernel.org/stable/c/1ffd498901c1134a7cbecf5409e12c064c39cef9 •