CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50049 – drm/amd/display: Check null pointer before dereferencing se
https://notcve.org/view.php?id=CVE-2024-50049
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before dereferencing se [WHAT & HOW] se is null checked previously in the same function, indicating it might be null; therefore, it must be checked when used again. This fixes 1 FORWARD_NULL issue reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before dereferencing se [WHAT & HOW] se is null checked previously in the same functi... • https://git.kernel.org/stable/c/f4149eec960110ffd5bcb161075dd9f1d7773075 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50048 – fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
https://notcve.org/view.php?id=CVE-2024-50048
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param { uint8_t type; struct tiocl_selection ts; }; int main() { struct fb_con2fbmap con2fb; struct param param; int fd = open("/dev/fb1", 0, 0); con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); param.type = 2; param.ts.xs = 0; param.ts.ys = 0; p... • https://git.kernel.org/stable/c/8266ae6eafdcd5a3136592445ff4038bbc7ee80e •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50047 – smb: client: fix UAF in async decryption
https://notcve.org/view.php?id=CVE-2024-50047
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff8... • https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50044 – Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
https://notcve.org/view.php?id=CVE-2024-50044
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it causing the following trace: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ------------------------------------------------... • https://git.kernel.org/stable/c/3241ad820dbb172021e0268b5611031991431626 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50039 – net/sched: accept TCA_STAB only for root qdisc
https://notcve.org/view.php?id=CVE-2024-50039
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCA_STAB only for root qdisc Most qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers. Unfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1] We can't support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage. [1] [ 88.796496] BUG: kernel NULL pointer dereference,... • https://git.kernel.org/stable/c/175f9c1bba9b825d22b142d183c9e175488b260c •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50035 – ppp: fix ppp_async_encode() illegal access
https://notcve.org/view.php?id=CVE-2024-50035
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is called with an empty skb. BUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] ppp_asy... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50017 – x86/mm/ident_map: Use gbpages only where full GB page should be mapped.
https://notcve.org/view.php?id=CVE-2024-50017
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm/ident_map: Use gbpages only where full GB page should be mapped. When ident_pud_init() uses only GB pages to create identity maps, large ranges of addresses not actually requested can be included in the resulting table; a 4K request will map a full GB. This can include a lot of extra address space past that requested, including areas marked reserved by the BIOS. That allows processor speculation into reserved regions, that on UV syst... • https://git.kernel.org/stable/c/d80a99892f7a992d103138fa4636b2c33abd6740 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50016 – drm/amd/display: Avoid overflow assignment in link_dp_cts
https://notcve.org/view.php?id=CVE-2024-50016
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow assignment in link_dp_cts sampling_rate is an uint8_t but is assigned an unsigned int, and thus it can overflow. As a result, sampling_rate is changed to uint32_t. Similarly, LINK_QUAL_PATTERN_SET has a size of 2 bits, and it should only be assigned to a value less or equal than 4. This fixes 2 INTEGER_OVERFLOW issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: dr... • https://git.kernel.org/stable/c/a1495acc6234fa79b775599d3f49009afd53299f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50014 – ext4: fix access to uninitialised lock in fc replay path
https://notcve.org/view.php?id=CVE-2024-50014
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static key. The code is fine but needs lockdep annotation, or maybe you didn't initialize this object before use? turning off the locking correctness validator. CPU: 0 PID: 866 Comm: mount Not tainted 6.10.0+ #11 Hardware... • https://git.kernel.org/stable/c/d157fc20ca5239fd56965a5a8aa1a0e25919891a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50012 – cpufreq: Avoid a bad reference count on CPU node
https://notcve.org/view.php?id=CVE-2024-50012
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args returns an error, then the reference to the CPU device node that was acquired at the start of the function would not be properly decremented. Address this by declaring the variable with the __free(device_node) cleanup attribute. In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad ... • https://git.kernel.org/stable/c/6c3d8387839252f1a0fc6367f314446e4a2ebd0b •