CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35854 – mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
https://notcve.org/view.php?id=CVE-2024-35854
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the resul... • https://git.kernel.org/stable/c/c9c9af91f1d9a636aecc55302c792538e549a430 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35853 – mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
https://notcve.org/view.php?id=CVE-2024-35853
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the migration fails, the code tries to migrate the filters back to the old region. However, the rollback itself can also fail in which case another migration will be err... • https://git.kernel.org/stable/c/843500518509128a935edab96bd8efef7c54669e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35852 – mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
https://notcve.org/view.php?id=CVE-2024-35852
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately. After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer indicative of t... • https://git.kernel.org/stable/c/c9c9af91f1d9a636aecc55302c792538e549a430 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35849 – btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
https://notcve.org/view.php?id=CVE-2024-35849
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include... • https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35848 – eeprom: at24: fix memory corruption race condition
https://notcve.org/view.php?id=CVE-2024-35848
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: eeprom: at24: corrige la condición de ejecución ... • https://git.kernel.org/stable/c/b20eb4c1f0261eebe6e1b9221c0d6e4048837778 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35847 – irqchip/gic-v3-its: Prevent double free on error
https://notcve.org/view.php?id=CVE-2024-35847
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoki... • https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35843 – iommu/vt-d: Use device rbtree in iopf reporting path
https://notcve.org/view.php?id=CVE-2024-35843
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot(). This function searches the list of all PCI devices until the desired device is found. To improve lookup efficiency, replace it with device_rbtree_find() to search the device within the probed device rbtree. The I/O page fault is initiated by the device, which does not have any sy... • https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35839 – netfilter: bridge: replace physindev with physinif in nf_bridge_info
https://notcve.org/view.php?id=CVE-2024-35839
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: replace physindev with physinif in nf_bridge_info An skb can be added to a neigh->arp_queue while waiting for an arp reply. Where original skb's skb->dev can be different to neigh's neigh->dev. For instance in case of bridging dnated skb from one veth to another, the skb would be added to a neigh->arp_queue of the bridge. As skb->dev can be reset back to nf_bridge->physindev and used, and as there is no explicit mechanism... • https://git.kernel.org/stable/c/c4e70a87d975d1f561a00abfe2d3cefa2a486c95 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52698 – calipso: fix memory leak in netlbl_calipso_add_pass()
https://notcve.org/view.php?id=CVE-2023-52698
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: calipso: fix memory leak in netlbl_calipso_add_pass() If IPv6 support is disabled at boot (ipv6.disable=1), the calipso_init() -> netlbl_calipso_ops_register() function isn't called, and the netlbl_calipso_ops_get() function always returns NULL. In this case, the netlbl_calipso_add_pass() function allocates memory for the doi_def variable but doesn't free it with the calipso_doi_free(). BUG: memory leak unreferenced object 0xffff888011d6818... • https://git.kernel.org/stable/c/cb72d38211eacda2dd90b09540542b6582da614e •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52696 – powerpc/powernv: Add a null pointer check in opal_powercap_init()
https://notcve.org/view.php?id=CVE-2023-52696
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_powercap_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/powernv: agregue una verificación de puntero null en opal_powercap_init() kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ser NULL en caso de fallo. In the Linux kernel, the followin... • https://git.kernel.org/stable/c/b9ef7b4b867f56114bedbe6bf104cfaba0ca818e • CWE-476: NULL Pointer Dereference •