CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42145 – IB/core: Implement a limit on UMAD receive List
https://notcve.org/view.php?id=CVE-2024-42145
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such... • https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42144 – thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
https://notcve.org/view.php?id=CVE-2024-42144
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could p... • https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42142 – net/mlx5: E-switch, Create ingress ACL when needed
https://notcve.org/view.php?id=CVE-2024-42142
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can be disabled using the following devlink command: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \ value false cmode runtime If i... • https://git.kernel.org/stable/c/1749c4c51c16e3e078faae0a876d01bafb187a74 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42141 – Bluetooth: ISO: Check socket flag instead of hcon
https://notcve.org/view.php?id=CVE-2024-42141
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk... • https://git.kernel.org/stable/c/fbdc4bc47268953c80853489f696e02d61f9a2c6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42140 – riscv: kexec: Avoid deadlock in kexec crash path
https://notcve.org/view.php?id=CVE-2024-42140
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use... • https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42139 – ice: Fix improper extts handling
https://notcve.org/view.php?id=CVE-2024-42139
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause a kernel crash. As a side effect, when the driver is reloaded and application is started again, remaining extts event for the channel from a previous run will keep firing and the message "extts on unexpected channel... • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42138 – mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
https://notcve.org/view.php?id=CVE-2024-42138
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxsw_linecard_types_init() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init() calls mlxsw_linecard_types_fini() which performs memory deallocation again. Add pointer reset to NULL. Found by Linux Verification Center (linuxt... • https://git.kernel.org/stable/c/b217127e5e4ee0ecfce7c5f84cfe082238123bda •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42137 – Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
https://notcve.org/view.php?id=CVE-2024-42137
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown(... • https://git.kernel.org/stable/c/e84ec6e25df9bb0968599e92eacedaf3a0a5b587 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42136 – cdrom: rearrange last_media_change check to avoid unintentional overflow
https://notcve.org/view.php?id=CVE-2024-42136
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please conver... • https://git.kernel.org/stable/c/0c97527e916054acc4a46ffb02842988acb2e92b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42135 – vhost_task: Handle SIGKILL by flushing work and exiting
https://notcve.org/view.php?id=CVE-2024-42135
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL by flushing work and exiting Instead of lingering until the device is closed, this has us handle SIGKILL by: 1. marking the worker as killed so we no longer try to use it with new virtqueues and new flush operations. 2. setting the virtqueue to worker mapping so no new works are queued. 3. running all the exiting works. In the Linux kernel, the following vulnerability has been resolved: vhost_task: Handle SIGKILL ... • https://git.kernel.org/stable/c/abe067dc3a662eef7d5cddbbc41ed50a0b68b0af •