CVE-2024-40779 – webkitgtk: webkit2gtk: Out-of-bounds read was addressed with improved bounds checking
https://notcve.org/view.php?id=CVE-2024-40779
Processing malicious web content can trigger an out-of-bounds read due to improper bounds checking, causing an unexpected process crash, resulting in a denial of service. • https://support.apple.com/en-us/HT214121 https://support.apple.com/en-us/HT214117 https://support.apple.com/en-us/HT214116 https://support.apple.com/en-us/HT214124 https://support.apple.com/en-us/HT214119 https://support.apple.com/en-us/HT214123 https://support.apple.com/en-us/HT214122 http://seclists.org/fulldisclosure/2024/Jul/16 http://seclists.org/fulldisclosure/2024/Jul/15 http://seclists.org/fulldisclosure/2024/Jul/23 http://seclists.org/fulldisclosure/202 • CWE-125: Out-of-bounds Read •
CVE-2024-41818 – ReDOS at currency parsing fast-xml-parser
https://notcve.org/view.php?id=CVE-2024-41818
A regular expression denial of service (ReDoS) flaw was found in fast-xml-parser in the currency.js script. By sending a specially crafted regex input, a remote attacker could cause a denial of service condition. • https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-mpg4-rc92-vx8v https://github.com/NaturalIntelligence/fast-xml-parser/commit/ba5f35e7680468acd7906eaabb2f69e28ed8b2aa https://github.com/NaturalIntelligence/fast-xml-parser/commit/d0bfe8a3a2813a185f39591bbef222212d856164 https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/src/v5/valueParsers/currency.js#L10 https://access.redhat.com/security/cve/CVE-2024-41818 https://bugzilla.redhat.com/show_bug.cgi?id=2300499 • CWE-400: Uncontrolled Resource Consumption •
CVE-2024-41095 – drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes
https://notcve.org/view.php?id=CVE-2024-41095
The return value of the drm_mode_duplicate function is not checked in the nv17_tv_get_ld_modes function in the drivers/gpu/drm/nouveau/dispnv04/tvnv17.c file, possibly causing a NULL pointer dereference and resulting in a denial of service. • https://git.kernel.org/stable/c/9289cd3450d1da3e271ef4b054d4d2932c41243e https://git.kernel.org/stable/c/dbd75f32252508ed6c46c3288a282c301a57ceeb https://git.kernel.org/stable/c/259549b2ccf795b7f91f7b5aba47286addcfa389 https://git.kernel.org/stable/c/0d17604f2e44b3df21e218fe8fb3b836d41bac49 https://git.kernel.org/stable/c/f95ed0f54b3d3faecae1140ddab854f904a6e7c8 https://git.kernel.org/stable/c/cb751e48bbcffd292090f7882b23b215111b3d72 https://git.kernel.org/stable/c/bdda5072494f2a7215d94fc4124ad1949a218714 https://git.kernel.org/stable/c/66edf3fb331b6c55439b10f9862987b09 • CWE-476: NULL Pointer Dereference •
CVE-2024-41091 – tun: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41091
Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tun_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted for IFF_TAP. This is to drop any frame shorter than the Ethernet header size just like how tun_get_user() does. CVE: CVE-2024-41091 A denial of service (DoS) attack was found in the mlx5 driver in the Linux kernel. • https://git.kernel.org/stable/c/043d222f93ab8c76b56a3b315cd8692e35affb6c https://git.kernel.org/stable/c/32b0aaba5dbc85816898167d9b5d45a22eae82e9 https://git.kernel.org/stable/c/6100e0237204890269e3f934acfc50d35fd6f319 https://git.kernel.org/stable/c/589382f50b4a5d90d16d8bc9dcbc0e927a3e39b2 https://git.kernel.org/stable/c/ad6b3f622ccfb4bfedfa53b6ebd91c3d1d04f146 https://git.kernel.org/stable/c/d5ad89b7d01ed4e66fd04734fc63d6e78536692a https://git.kernel.org/stable/c/a9d1c27e2ee3b0ea5d40c105d6e728fc114470bb https://git.kernel.org/stable/c/8418f55302fa1d2eeb73e16e345167e54 • CWE-20: Improper Input Validation •
CVE-2024-41090 – tap: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41090
Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata. In the alternative path, tap_get_user() already prohibits short frame which has the length less than Ethernet header size from being transmitted. This is to drop any frame shorter than the Ethernet header size just like how tap_get_user() does. CVE: CVE-2024-41090 A denial of service (DoS) attack was found in the mlx5 driver in the Linux kernel. • https://git.kernel.org/stable/c/0efac27791ee068075d80f07c55a229b1335ce12 https://git.kernel.org/stable/c/8be915fc5ff9a5e296f6538be12ea75a1a93bdea https://git.kernel.org/stable/c/7431144b406ae82807eb87d8c98e518475b0450f https://git.kernel.org/stable/c/e5e5e63c506b93b89b01f522b6a7343585f784e6 https://git.kernel.org/stable/c/ee93e6da30377cf2a75e16cd32bb9fcd86a61c46 https://git.kernel.org/stable/c/aa6a5704cab861c9b2ae9f475076e1881e87f5aa https://git.kernel.org/stable/c/73d462a38d5f782b7c872fe9ae8393d9ef5483da https://git.kernel.org/stable/c/e1a786b9bbb767fd1c922d424aaa8078c • CWE-20: Improper Input Validation •