CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42077 – ocfs2: fix DIO failure due to insufficient transaction credits
https://notcve.org/view.php?id=CVE-2024-42077
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not take into account that the IO could be arbitrarily large and can contain arbitrary number of extents. Extent tree manipulations do often extend the current transaction but not in all of the cases. For example if we have only single block... • https://git.kernel.org/stable/c/c15471f79506830f80eca0e7fe09b8213953ab5f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42076 – net: can: j1939: Initialize unused data in j1939_send_one()
https://notcve.org/view.php?id=CVE-2024-42076
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: Initialize unused data in j1939_send_one() syzbot reported kernel-infoleak in raw_recvmsg() [1]. j1939_send_one() creates full frame including unused data, but it doesn't initialize it. This causes the kernel-infoleak issue. Fix this by initializing unused data. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in copy_to_user_iter lib/iov_iter.c... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42075 – bpf: Fix remap of arena.
https://notcve.org/view.php?id=CVE-2024-42075
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. Add a refcnt for multiple mmap events to prevent use-after-free in arena_vm_close. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix remap of arena. The bpf arena logic didn't account for mremap operation. • https://git.kernel.org/stable/c/317460317a02a1af512697e6e964298dedd8a163 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42074 – ASoC: amd: acp: add a null check for chip_pdev structure
https://notcve.org/view.php?id=CVE-2024-42074
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: add a null check for chip_pdev structure When acp platform device creation is skipped, chip->chip_pdev value will remain NULL. Add NULL check for chip->chip_pdev structure in snd_acp_resume() function to avoid null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: add a null check for chip_pdev structure When acp platform device creation is skipped, chip->chip_pdev value... • https://git.kernel.org/stable/c/088a40980efbc2c449b72f0f2c7ebd82f71d08e2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42073 – mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
https://notcve.org/view.php?id=CVE-2024-42073
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems The following two shared buffer operations make use of the Shared Buffer Status Register (SBSR): # devlink sb occupancy snapshot pci/0000:01:00.0 # devlink sb occupancy clearmax pci/0000:01:00.0 The register has two masks of 256 bits to denote on which ingress / egress ports the register should operate on. Spectrum-4 has more than 256 ports, so the register was extended b... • https://git.kernel.org/stable/c/f8538aec88b46642553a9ba9efa0952f5958dbed •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42072 – bpf: Fix may_goto with negative offset.
https://notcve.org/view.php?id=CVE-2024-42072
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix may_goto with negative offset. Zac's syzbot crafted a bpf prog that exposed two bugs in may_goto. The 1st bug is the way may_goto is patched. When offset is negative it should be patched differently. The 2nd bug is in the verifier: when current state may_goto_depth is equal to visited state may_goto_depth it means there is an actual infinite loop. It's not correct to prune exploration of the program at this point. Note, that this c... • https://git.kernel.org/stable/c/011832b97b311bb9e3c27945bc0d1089a14209c9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42071 – ionic: use dev_consume_skb_any outside of napi
https://notcve.org/view.php?id=CVE-2024-42071
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napi_consume_skb(), specifically we need to call it with budget==0 to signal to it that we're not in a safe context. This was found while running some configuration stress testing of traffic and a change queue config loop running, and this curious note popped out: [ 4371.402645] BUG: using smp_processor_id() in pree... • https://git.kernel.org/stable/c/386e69865311044b576ff536c99c6ee9cc98a228 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42070 – netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
https://notcve.org/view.php?id=CVE-2024-42070
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers. This vulnerability allows... • https://git.kernel.org/stable/c/96518518cc417bb0a8c80b9fb736202e28acdf96 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42069 – net: mana: Fix possible double free in error handling path
https://notcve.org/view.php?id=CVE-2024-42069
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function adev_release calls kfree(madev). We shouldn't call kfree(madev) again in the error handling path. Set 'madev' to NULL. In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns e... • https://git.kernel.org/stable/c/a69839d4327d053b18d8e1b0e7ddeee78db78f4f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42068 – bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
https://notcve.org/view.php?id=CVE-2024-42068
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_memory_ro() can fail, leaving memory unprotected. Check its return and take it into account as an error. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several securi... • https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03 •