CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42134 – virtio-pci: Check if is_avq is NULL
https://notcve.org/view.php?id=CVE-2024-42134
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio-pci: Check if is_avq is NULL [bug] In the virtio_pci_common.c function vp_del_vqs, vp_dev->is_avq is involved to determine whether it is admin virtqueue, but this function vp_dev->is_avq may be empty. For installations, virtio_pci_legacy does not assign a value to vp_dev->is_avq. [fix] Check whether it is vp_dev->is_avq before use. [test] Test with virsh Attach device Before this patch, the following command would crash the guest sys... • https://git.kernel.org/stable/c/5e2024b0b9b3d5709e3f7e9b92951d7e29154106 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42133 – Bluetooth: Ignore too large handle values in BIG
https://notcve.org/view.php?id=CVE-2024-42133
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belonging to ida id range, otherwise ida will be erroneously released in hci_conn_cleanup. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Ignore too large handle values in BIG hci_le_big_sync_established_evt is necessary to filter out cases where the handle value is belon... • https://git.kernel.org/stable/c/84cb0143fb8a03bf941c7aaedd56c938c99dafad •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42132 – bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX
https://notcve.org/view.php?id=CVE-2024-42132
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX Syzbot hit warning in hci_conn_del() caused by freeing handle that was not allocated using ida allocator. This is caused by handle bigger than HCI_CONN_HANDLE_MAX passed by hci_le_big_sync_established_evt(), which makes code think it's unset connection. Add same check for handle upper bound as in hci_conn_set_handle() to prevent warning. In the Linux kernel, the followin... • https://git.kernel.org/stable/c/84cb0143fb8a03bf941c7aaedd56c938c99dafad •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42131 – mm: avoid overflows in dirty throttling logic
https://notcve.org/view.php?id=CVE-2024-42131
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). If limits end up being larger, we will hit overflows, possible divisions by 0 etc. Fix these problems by never allowing so large dirty limits as they have dubious practical value anyway. For dirty_bytes / dirty_background_bytes inter... • https://git.kernel.org/stable/c/2b2d2b8766db028bd827af34075f221ae9e9efff • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42130 – nfc/nci: Add the inconsistency check between the input data length and count
https://notcve.org/view.php?id=CVE-2024-42130
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc/nci: Add the inconsistency check between the input data length and count write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf) Syzbot constructed a write() call with a data length of 3 bytes but a count value of 15, which passed too little data to meet the basic requirements of the function nci_rf_intf_activated_ntf_packet(). Therefore, increasing the comparison between data length and count value to avoid problems caused by inc... • https://git.kernel.org/stable/c/f07bcd8bba803c9e6ad2048543185d6c56587a2f •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42129 – leds: mlxreg: Use devm_mutex_init() for mutex initialization
https://notcve.org/view.php?id=CVE-2024-42129
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: mlxreg: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead. In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/172ffd26a5af13e951d0e82df7cfc5a95b04fa80 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42128 – leds: an30259a: Use devm_mutex_init() for mutex initialization
https://notcve.org/view.php?id=CVE-2024-42128
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: an30259a: Use devm_mutex_init() for mutex initialization In this driver LEDs are registered using devm_led_classdev_register() so they are automatically unregistered after module's remove() is done. led_classdev_unregister() calls module's led_set_brightness() to turn off the LEDs and that callback uses mutex which was destroyed already in module's remove() so use devm API instead. In the Linux kernel, the following vulnerability has ... • https://git.kernel.org/stable/c/3ead19aa341de89a8c3d88a091d8093ebea622e8 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42127 – drm/lima: fix shared irq handling on driver remove
https://notcve.org/view.php?id=CVE-2024-42127
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix shared irq handling on driver remove lima uses a shared interrupt, so the interrupt handlers must be prepared to be called at any time. At driver removal time, the clocks are disabled early and the interrupts stay registered until the very end of the remove process due to the devm usage. This is potentially a bug as the interrupts access device registers which assumes clocks are enabled. A crash can be triggered by removing th... • https://git.kernel.org/stable/c/0d60c43df59ef01c08dc7b0c45495178f9d05a13 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42126 – powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt.
https://notcve.org/view.php?id=CVE-2024-42126
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are called through DEFINE_INTERRUPT_HANDLER_NMI() wrapper which invokes nmi_enter/nmi_exit calls. We don't see any issue when percpu allocation is fr... • https://git.kernel.org/stable/c/fb6675db04c4b79883373edc578d5df7bbc84848 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42125 – wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband
https://notcve.org/view.php?id=CVE-2024-42125
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband We have some policy via BIOS to block uses of 6 GHz. In this case, 6 GHz sband will be NULL even if it is WiFi 7 chip. So, add NULL handling here to avoid crash. In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband We have some policy via BIOS to block uses of 6 GHz. In this cas... • https://git.kernel.org/stable/c/e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd • CWE-476: NULL Pointer Dereference •