CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26902 – perf: RISCV: Fix panic on pmu overflow handler
https://notcve.org/view.php?id=CVE-2024-26902
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042. [ 273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 273.320851] Oops [#1] [ 273.323179] Modules linked in: [ 273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted 6.6.0-r... • https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26901 – do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-26901
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. [1] "BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc... • https://git.kernel.org/stable/c/990d6c2d7aee921e3bce22b2d6a750fd552262be • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26898 – aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
https://notcve.org/view.php?id=CVE-2024-26898
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could lead to a deni... • https://git.kernel.org/stable/c/7562f876cd93800f2f8c89445f2a563590b24e09 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26894 – ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
https://notcve.org/view.php?id=CVE-2024-26894
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex dump (first 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (... • https://git.kernel.org/stable/c/3d339dcbb56d8d70c1b959aff87d74adc3a84eea • CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-26889 – Bluetooth: hci_core: Fix possible buffer overflow
https://notcve.org/view.php?id=CVE-2024-26889
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_core: soluciona un posible desbordamiento del búfer struct hci_dev_info tiene un campo de nombre de tamaño fijo... • https://git.kernel.org/stable/c/194ab82c1ea187512ff2f822124bd05b63fc9f76 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26884 – bpf: Fix hashtab overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26884
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP... • https://git.kernel.org/stable/c/daaf427c6ab392bedcd018e326b2ffa1e1110cd6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-26883 – bpf: Fix stackmap overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26883
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVM... • https://git.kernel.org/stable/c/063c722dd9d285d877e6fd499e753d6224f4c046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26882 – net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
https://notcve.org/view.php?id=CVE-2024-26882
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") 1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure t... • https://git.kernel.org/stable/c/c54419321455631079c7d6e60bc732dd0c5914c5 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26880 – dm: call the resume method on internal suspend
https://notcve.org/view.php?id=CVE-2024-26880
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not paired correctly; there were two consecutive calls to the origin_postsuspend function. The second call attempts to remove the "hash_list" entry from a list, while it was already removed by the first call. Fix __dm_internal_resume so ... • https://git.kernel.org/stable/c/ffcc39364160663cda1a3c358f4537302a92459b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26878 – quota: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-26878
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&dquots[cnt]->dq_dqb_lock) (3) .... If dquot_free_inode(or other routines) checks inode's quota pointers (1) before quota_off sets it to NULL(2) and use it (3) after... • https://git.kernel.org/stable/c/8514899c1a4edf802f03c408db901063aa3f05a1 • CWE-476: NULL Pointer Dereference •