CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42141 – Bluetooth: ISO: Check socket flag instead of hcon
https://notcve.org/view.php?id=CVE-2024-42141
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk... • https://git.kernel.org/stable/c/fbdc4bc47268953c80853489f696e02d61f9a2c6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42140 – riscv: kexec: Avoid deadlock in kexec crash path
https://notcve.org/view.php?id=CVE-2024-42140
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use... • https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42139 – ice: Fix improper extts handling
https://notcve.org/view.php?id=CVE-2024-42139
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause a kernel crash. As a side effect, when the driver is reloaded and application is started again, remaining extts event for the channel from a previous run will keep firing and the message "extts on unexpected channel... • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42138 – mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
https://notcve.org/view.php?id=CVE-2024-42138
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxsw_linecard_types_init() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init() calls mlxsw_linecard_types_fini() which performs memory deallocation again. Add pointer reset to NULL. Found by Linux Verification Center (linuxt... • https://git.kernel.org/stable/c/b217127e5e4ee0ecfce7c5f84cfe082238123bda •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42137 – Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
https://notcve.org/view.php?id=CVE-2024-42137
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown(... • https://git.kernel.org/stable/c/e84ec6e25df9bb0968599e92eacedaf3a0a5b587 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42136 – cdrom: rearrange last_media_change check to avoid unintentional overflow
https://notcve.org/view.php?id=CVE-2024-42136
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please conver... • https://git.kernel.org/stable/c/0c97527e916054acc4a46ffb02842988acb2e92b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42135 – vhost_task: Handle SIGKILL by flushing work and exiting
https://notcve.org/view.php?id=CVE-2024-42135
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flush operations. 2. setting the virtqueue to worker mapping so no new works are queued. 3. running all the exiting works. In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL ... • https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42134 – virtio-pci: Check if is_avq is NULL
https://notcve.org/view.php?id=CVE-2024-42134
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq. [fix] Check whether it is vp_dev->is_avq before use. [test] Test with virsh Attach device Before this patch, the following command would crash the guest sys... • https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42133 – Bluetooth: Ignore too large handle values in BIG
https://notcve.org/view.php?id=CVE-2024-42133
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belon... • https://git.kernel.org/stable/c/84cb0143fb8a03bf941c7aaedd56c938c99dafad •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42132 – bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
https://notcve.org/view.php?id=CVE-2024-42132
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning. In the Linux kernel, the followin... • https://git.kernel.org/stable/c/84cb0143fb8a03bf941c7aaedd56c938c99dafad •