CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26934 – USB: core: Fix deadlock in usb_deauthorize_interface()
https://notcve.org/view.php?id=CVE-2024-26934
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a c... • https://git.kernel.org/stable/c/310d2b4124c073a2057ef9d952d4d938e9b1dfd9 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26931 – scsi: qla2xxx: Fix command flush on cable pull
https://notcve.org/view.php?id=CVE-2024-26931
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_... • https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26930 – scsi: qla2xxx: Fix double free of the ha->vp_map pointer
https://notcve.org/view.php?id=CVE-2024-26930
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Corrección de doble liberación del puntero ha->vp_map Coverity scan informó ... • https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467 • CWE-415: Double Free •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48664 – btrfs: fix hang during unmount when stopping a space reclaim worker
https://notcve.org/view.php?id=CVE-2022-48664
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when stopping a space reclaim worker Often when running generic/562 from fstests we can hang during unmount, resulting in a trace like this: Sep 07 11:52:00 debian9 unknown: run fstests generic/562 at 2022-09-07 11:52:00 Sep 07 11:55:32 debian9 kernel: INFO: task umount:49438 blocked for more than 120 seconds. Sep 07 11:55:32 debian9 kernel: Not tainted 6.0.0-rc2-btrfs-next-122 #1 Sep 07 11:55:32 debian9 kerne... • https://git.kernel.org/stable/c/d6fd0ae25c6495674dc5a41a8d16bc8e0073276d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48659 – mm/slub: fix to return errno if kmalloc() fails
https://notcve.org/view.php?id=CVE-2022-48659
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: fix to return errno if kmalloc() fails In create_unique_id(), kmalloc(, GFP_KERNEL) can fail due to out-of-memory, if it fails, return errno correctly rather than triggering panic via BUG_ON(); kernel BUG at mm/slub.c:5893! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Call trace: sysfs_slab_add+0x258/0x260 mm/slub.c:5973 __kmem_cache_create+0x60/0x118 mm/slub.c:4899 create_cache mm/slab_common.c:229 [inline] kmem_cache_create_use... • https://git.kernel.org/stable/c/81819f0fc8285a2a5a921c019e3e3d7b6169d225 • CWE-617: Reachable Assertion •
CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48651 – ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header
https://notcve.org/view.php?id=CVE-2022-48651
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() to packet_direct_xmit() via setsockopt() with the option name of PACKET_QDISC_BYPASS, the skb->mac_header may not be reset and remains as the initial value of 65535, this may trigger slab-out-of-bounds bugs as following: ============... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48641 – netfilter: ebtables: fix memory leak when blob is malformed
https://notcve.org/view.php?id=CVE-2022-48641
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix memory leak when blob is malformed The bug fix was incomplete, it "replaced" crash with a memory leak. The old code had an assignment to "ret" embedded into the conditional, restore this. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: ebtables: corrige la pérdida de memoria cuando el blob tiene un formato incorrecto La corrección del error estaba incompleta, "reemplazó" el bloqueo con una... • https://git.kernel.org/stable/c/afd01382594d643e1adeb16826423b418cdf8b8b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48636 – s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup
https://notcve.org/view.php?id=CVE-2022-48636
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entrance of the function but without the lcu->lock being held. Therefore there is a race window between dasd_alias_get_start_dev() and _lcu_update() which sets pavgroup to NULL with the lcu->lock held. Fix by checking the pavgroup pointer wit... • https://git.kernel.org/stable/c/8e09f21574ea3028d5629e5de759e0b196c690c5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48634 – drm/gma500: Fix BUG: sleeping function called from invalid context errors
https://notcve.org/view.php?id=CVE-2022-48634
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reason to hold event_lock is to clear gma_crtc->page_flip_event on mode_set_base() errors. Instead unlock it after setting gma_crtc->page_flip_event and on errors re-take the lock and clear gma_crtc->page_flip_event it it is still set. This... • https://git.kernel.org/stable/c/c5812807e416618477d1bb0049727ce8bb8292fd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48633 – drm/gma500: Fix WARN_ON(lock->magic != lock) error
https://notcve.org/view.php?id=CVE-2022-48633
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_free_object() to after the unpin to fix the below warning: [ 79.693962] ------------[ cut here ]------------ [ 79.693992] DEBUG_LOCKS_WARN_ON(lock->magic != lock) [ 79.694015] WARNING: CPU: 0 PID: 240 at kernel/locking/mutex.c:582 __w... • https://git.kernel.org/stable/c/55c077d97fa67e9f19952bb24122a8316b089474 •