CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42113 – net: txgbe: initialize num_q_vectors for MSI/INTx interrupts
https://notcve.org/view.php?id=CVE-2024-42113
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in wx_alloc_q_vectors() to allocate queue vectors. In the Linux kernel, the following vulnerability has been resolved: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts When using MSI/INTx interrupts, wx->num_q_vectors is uninitialized. Thus there will be kernel panic in ... • https://git.kernel.org/stable/c/3f703186113fac0f3c965204b2cbb22a03322e2c •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42112 – net: txgbe: free isb resources at the right time
https://notcve.org/view.php?id=CVE-2024-42112
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: txgbe: free isb resources at the right time When using MSI/INTx interrupt, the shared interrupts are still being handled in the device remove routine, before free IRQs. So isb memory is still read after it is freed. Thus move wx_free_isb_resources() from txgbe_close() to txgbe_remove(). And fix the improper isb free action in txgbe_open() error handling path. In the Linux kernel, the following vulnerability has been resolved: net: txgb... • https://git.kernel.org/stable/c/aefd013624a10f39b0bfaee8432a235128705380 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42111 – btrfs: always do the basic checks for btrfs_qgroup_inherit structure
https://notcve.org/view.php?id=CVE-2024-42111
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: always do the basic checks for btrfs_qgroup_inherit structure [BUG] Syzbot reports the following regression detected by KASAN: BUG: KASAN: slab-out-of-bounds in btrfs_qgroup_inherit+0x42e/0x2e20 fs/btrfs/qgroup.c:3277 Read of size 8 at addr ffff88814628ca50 by task syz-executor318/5171 CPU: 0 PID: 5171 Comm: syz-executor318 Not tainted 6.10.0-rc2-syzkaller-00010-g2ab795141095 #0 Hardware name: Google Google Compute Engine/Google Comp... • https://git.kernel.org/stable/c/b5357cb268c41b4e2b7383d2759fc562f5b58c33 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42110 – net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
https://notcve.org/view.php?id=CVE-2024-42110
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Ha... • https://git.kernel.org/stable/c/548c237c0a9972df5d1afaca38aa733ee577128d • CWE-372: Incomplete Internal State Distinction •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42109 – netfilter: nf_tables: unconditionally flush pending work before notifier
https://notcve.org/view.php?id=CVE-2024-42109
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831 KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530 KASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 net/netfilter/nf_tables_api.c:9597 Read of size 2 at addr ffff88802b0051c4 by task kworker/1:1/45 [..] Workqueue: events nf_tables_trans_destroy_w... • https://git.kernel.org/stable/c/f22954f8c58fd5f5489f5980796914e306757e77 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42108 – net: rswitch: Avoid use-after-free in rswitch_poll()
https://notcve.org/view.php?id=CVE-2024-42108
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitch_poll() The use-after-free is actually in rswitch_tx_free(), which is inlined in rswitch_poll(). Since `skb` and `gq->skbs[gq->dirty]` are in fact the same pointer, the skb is first freed using dev_kfree_skb_any(), then the value in skb->len is used to update the interface statistics. Let's move around the instructions to use skb->len before the skb is freed. This bug is trivial to reproduce usin... • https://git.kernel.org/stable/c/271e015b91535dd87fd0f5df0cc3b906c2eddef9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42107 – ice: Don't process extts if PTP is disabled
https://notcve.org/view.php?id=CVE-2024-42107
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Don't process extts if PTP is disabled The ice_ptp_extts_event() function can race with ice_ptp_release() and result in a NULL pointer dereference which leads to a kernel panic. Panic occurs because the ice_ptp_extts_event() function calls ptp_clock_event() with a NULL pointer. The ice driver has already released the PTP clock by the time the interrupt for the next external timestamp event occurs. To fix this, modify the ice_ptp_extts_... • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42106 – inet_diag: Initialize pad field in struct inet_diag_req_v2
https://notcve.org/view.php?id=CVE-2024-42106
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_diag_get_exact_compat() converts inet_diag_req to inet_diag_req_v2, but leaves the pad field uninitialized. So the issue occurs when raw_lookup(... • https://git.kernel.org/stable/c/432490f9d455fb842d70219f22d9d2c812371676 •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42105 – nilfs2: fix inode number range checks
https://notcve.org/view.php?id=CVE-2024-42105
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default... • https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42104 – nilfs2: add missing check for inode numbers on directory entries
https://notcve.org/view.php?id=CVE-2024-42104
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile... • https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479 •