CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41096 – PCI/MSI: Fix UAF in msi_capability_init
https://notcve.org/view.php?id=CVE-2024-41096
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c pci_alloc_irq_vectors+0x18/0x28 kfence-#12: 0x0000000008614900-0x00000000e06c228d, size=104, cache=kmalloc-128 allocated by task 81 on cpu 7 at 10.808142s: __kmem_... • https://git.kernel.org/stable/c/bf6e054e0e3fbc9614355b760e18c8a14f952a4e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41095 – drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
https://notcve.org/view.php?id=CVE-2024-41095
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. A flaw was found in the Linux kernel’s nouveau module. The return value of the drm_mode_duplicate function is not checked in the nv17_tv_get_ld_modes function in t... • https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41094 – drm/fbdev-dma: Only set smem_start is enable per module option
https://notcve.org/view.php?id=CVE-2024-41094
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-dma: Only set smem_start is enable per module option Only export struct fb_info.fix.smem_start if that is required by the user and the memory does not come from vmalloc(). Setting struct fb_info.fix.smem_start breaks systems where DMA memory is backed by vmalloc address space. An example error is shown below. [ 3.536043] ------------[ cut here ]------------ [ 3.540716] virt_to_phys used for non-linear address: 000000007fc4f540 (0x... • https://git.kernel.org/stable/c/a51c7663f144606a5f08e772fa3e1e4f2277a614 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41093 – drm/amdgpu: avoid using null object of framebuffer
https://notcve.org/view.php?id=CVE-2024-41093
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling ... • https://git.kernel.org/stable/c/7f35e01cb0ea4d295f5c067bb5c67dfcddaf05bc • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41092 – drm/i915/gt: Fix potential UAF by revoke of fence registers
https://notcve.org/view.php?id=CVE-2024-41092
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix potential UAF by revoke of fence registers CI has been sporadically reporting the following issue triggered by igt@i915_selftest@live@hangcheck on ADL-P and similar machines: <6> [414.049203] i915: Running intel_hangcheck_live_selftests/igt_reset_evict_fence ... <6> [414.068804] i915 0000:00:02.0: [drm] GT0: GUC: submission enabled <6> [414.068812] i915 0000:00:02.0: [drm] GT0: GUC: SLPC enabled <3> [414.070354] Unable to p... • https://git.kernel.org/stable/c/0d86ee35097ae0f1c2c50f2b8035ef480e25e4f1 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41089 – drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes
https://notcve.org/view.php?id=CVE-2024-41089
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes In nv17_tv_get_hd_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). The same applies to drm_cvt_mode(). Add a check to avoid null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer... • https://git.kernel.org/stable/c/ffabad4aa91e33ced3c6ae793fb37771b3e9cb51 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41088 – can: mcp251xfd: fix infinite loop when xmit fails
https://notcve.org/view.php?id=CVE-2024-41088
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERROR in mcp251xfd_start_xmit: -16 [ 441.306498] mcp251xfd spi2.0 can0: Transmit Event FIFO buffer not empty. (seq=0x000017c7, tef_tail=0x000017cf,... • https://git.kernel.org/stable/c/55e5b97f003e85e66babb55f357627d52081a264 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41087 – ata: libata-core: Fix double free on error
https://notcve.org/view.php?id=CVE-2024-41087
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will trigger a call to ata_host_release(). ata_host_release() calls kfree(host), so executing the kfree(host) in ata_host_alloc() will lead to a double free: kernel BUG at mm/slub.c:553! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: ... • https://git.kernel.org/stable/c/dafd6c496381c1cd1f5ba9ad953e810bdcc931bc •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41086 – bcachefs: Fix sb_field_downgrade validation
https://notcve.org/view.php?id=CVE-2024-41086
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: Fix sb_field_downgrade validation - bch2_sb_downgrade_validate() wasn't checking for a downgrade entry extending past the end of the superblock section - for_each_downgrade_entry() is used in to_text() and needs to work on malformed input; it also was missing a check for a field extending past the end of the section • https://git.kernel.org/stable/c/84f1638795da1ff2084597de4251e9054f1ad728 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41085 – cxl/mem: Fix no cxl_nvd during pmem region auto-assembling
https://notcve.org/view.php?id=CVE-2024-41085
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address: 0000000000000078 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page RIP: 0010:cxl_pmem_region_probe+0x22e/0x360 [cxl_pmem] Call Trace: