CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2024-50269 – usb: musb: sunxi: Fix accessing an released usb phy
https://notcve.org/view.php?id=CVE-2024-50269
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy(). 2) register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is relea... • https://git.kernel.org/stable/c/6ed05c68cbcae42cd52b8e53b66952bfa9c002ce •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50267 – USB: serial: io_edgeport: fix use after free in debug printk
https://notcve.org/view.php?id=CVE-2024-50267
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue. • https://git.kernel.org/stable/c/984f68683298ba53af32f909de1f9452fbb37ccb • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50265 – ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
https://notcve.org/view.php?id=CVE-2024-50265
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereferenc... • https://git.kernel.org/stable/c/399ff3a748cf4c8c853e96dd477153202636527b •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50264 – vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
https://notcve.org/view.php?id=CVE-2024-50264
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. Ubuntu Security Notice 7179-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate re... • https://git.kernel.org/stable/c/06a8fc78367d070720af960dcecec917d3ae5f3b • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52921 – drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
https://notcve.org/view.php?id=CVE-2023-52921
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security. • https://git.kernel.org/stable/c/9a2393af1f35d1975204fc00035c64a1c792b278 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50256 – netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()
https://notcve.org/view.php?id=CVE-2024-50256
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt later to push an Ethernet header. Use LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c. [1] skbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3... • https://git.kernel.org/stable/c/c8d7b98bec43faaa6583c3135030be5eb4693acb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 1CVE-2024-50251 – netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
https://notcve.org/view.php?id=CVE-2024-50251
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed. An incorrect buffer length flaw was found in the ... • https://github.com/slavin-ayu/CVE-2024-50251-PoC •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50237 – wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower
https://notcve.org/view.php?id=CVE-2024-50237
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Avoid potentially crashing in the driver because of uninitialized private data • https://git.kernel.org/stable/c/5b3dc42b1b0db0264bbbe4ae44c15ab97bfd1e93 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50234 – wifi: iwlegacy: Clear stale interrupts before resuming device
https://notcve.org/view.php?id=CVE-2024-50234
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop. The reason seems to be a stale interrupt which isn't being cleared out before interrupts are enabled. We end up with a race beween the resume trying to bring things back up, and the restart work (queued form the interrupt handler) trying to bring things down. Eventually the whole thing blows up. Fix the problem by cleari... • https://git.kernel.org/stable/c/271d282ecc15d7012e71ca82c89a6c0e13a063dd •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50233 – staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()
https://notcve.org/view.php?id=CVE-2024-50233
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() In the ad9832_write_frequency() function, clk_get_rate() might return 0. This can lead to a division by zero when calling ad9832_calc_freqreg(). The check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect against the case when fout is 0. The ad9832_write_frequency() function is called from ad9832_write(), and fout is derived from a text buffer, which ca... • https://git.kernel.org/stable/c/ea707584bac187c9c6c64c4eacd1c09bcc08f37b •