CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42260 – drm/v3d: Validate passed in drm syncobj handles in the performance extension
https://notcve.org/view.php?id=CVE-2024-42260
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Validate passed in drm syncobj handles in the performance extension If userspace provides an unknown or invalid handle anywhere in the handle array the rest of the driver will not handle that well. Fix it by checking handle was looked up successfully or otherwise fail the extension by jumping into the existing unwind. (cherry picked from commit a546b7e4d73c23838d7e4d2c92882b3ca902d213) In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/bae7cb5d68001a8d4ceec5964dda74bb9aab7220 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42259 – drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
https://notcve.org/view.php?id=CVE-2024-42259
14 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending addresses, the total size is now deduced from the difference between the end and start addresses. Additionally, the calculations have been rewritt... • https://git.kernel.org/stable/c/c58305af1835095ddc25ee6f548ac05915e66ac5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42258 – mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines
https://notcve.org/view.php?id=CVE-2024-42258
12 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT should cover all 32 bit machines. [1] https://lore.kernel.org/linux-mm/CAHbLzkr1LwH3pcTgM+aGQ31ip2bKqiqEQ8=FQB+t2c3dhNKNHA@mail.gmail.com/ In th... • https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42257 – ext4: use memtostr_pad() for s_volume_name
https://notcve.org/view.php?id=CVE-2024-42257
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: use memtostr_pad() for s_volume_name As with the other strings in struct ext4_super_block, s_volume_name is not NUL terminated. The other strings were marked in commit 072ebb3bffe6 ("ext4: add nonstring annotations to ext4.h"). Using strscpy() isn't the right replacement for strncpy(); it should use memtostr_pad() instead. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: use memtostr_pad() para s_volume_name Al ig... • https://git.kernel.org/stable/c/744a56389f7398f286231e062c2e63f0de01bcc6 •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42256 – cifs: Fix server re-repick on subrequest retry
https://notcve.org/view.php?id=CVE-2024-42256
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op before renegotiating credits; it then calls cifs_issue_write() which invokes smb2_async_writev() - which re-repicks the server. If a different server is then selected, this causes the increment of server->in_flight to happen against one record and the decrement t... • https://git.kernel.org/stable/c/3ee1a1fc39819906f04d6c62c180e760cd3a689d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42255 – tpm: Use auth only after NULL check in tpm_buf_check_hmac_response()
https://notcve.org/view.php?id=CVE-2024-42255
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tpm: Use auth only after NULL check in tpm_buf_check_hmac_response() Dereference auth after NULL check in tpm_buf_check_hmac_response(). Otherwise, unless tpm2_sessions_init() was called, a call can cause NULL dereference, when TCG_TPM2_HMAC is enabled. [jarkko: adjusted the commit message.] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tpm: use autenticación solo después de la verificación NULL en tpm_buf_check_hmac_re... • https://git.kernel.org/stable/c/7ca110f2679b7d1f3ac1afc90e6ffbf0af3edf0d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42254 – io_uring: fix error pbuf checking
https://notcve.org/view.php?id=CVE-2024-42254
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: fix error pbuf checking Syz reports a problem, which boils down to NULL vs IS_ERR inconsistent error handling in io_alloc_pbuf_ring(). KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:__io_remove_buffers+0xac/0x700 io_uring/kbuf.c:341 Call Trace:
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42253 – gpio: pca953x: fix pca953x_irq_bus_sync_unlock race
https://notcve.org/view.php?id=CVE-2024-42253
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs(). The problem occurred when a request raced against irq_bus_sync_unlock() approximately once per thousand reboots on an i.MX8MP based system. * N... • https://git.kernel.org/stable/c/58a5c93bd1a6e949267400080f07e57ffe05ec34 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42252 – closures: Change BUG_ON() to WARN_ON()
https://notcve.org/view.php?id=CVE-2024-42252
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/closure.c:21! 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP 03240 Modules linked in: 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not... • https://git.kernel.org/stable/c/c894a74756478bb7aec894bcc513add3d554c0cf •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42251 – mm: page_ref: remove folio_try_get_rcu()
https://notcve.org/view.php?id=CVE-2024-42251
08 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: page_ref: remove folio_try_get_rcu() The below bug was reported on a non-SMP kernel: [ 275.267158][ T4335] ------------[ cut here ]------------ [ 275.267949][ T4335] kernel BUG at include/linux/page_ref.h:275! [ 275.268526][ T4335] invalid opcode: 0000 [#1] KASAN PTI [ 275.269001][ T4335] CPU: 0 PID: 4335 Comm: trinity-c3 Not tainted 6.7.0-rc4-00061-gefa7df3e3bb5 #1 [ 275.269787][ T4335] Hardware name: QEMU Standard PC (i440FX + PIIX, 1... • https://git.kernel.org/stable/c/57edfcfd3419b4799353d8cbd6ce49da075cfdbd •