CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40994 – ptp: fix integer overflow in max_vclocks_store
https://notcve.org/view.php?id=CVE-2024-40994
In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this. • https://git.kernel.org/stable/c/44c494c8e30e35713c7d11ca3c5ab332cbfabacf https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40993 – netfilter: ipset: Fix suspicious rcu_dereference_protected()
https://notcve.org/view.php?id=CVE-2024-40993
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcu_dereference_protected() in ip_set_dereference(). • https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6 https://git.kernel.org/stable/c/2ba35b37f780c6410bb4bba9c3072596d8576702 https://git.kernel.org/stable/c/90ae20d47de602198eb69e6cd7a3db3420abfc08 https://git.kernel.org/stable/c/788d585e62f487bc4536d454937f737b70d39a33 https://git.kernel.org/stable/c/94dd411c18d7fff9e411555d5c662d29416501e4 https://git.kernel.org/stable/c/3fc09e1ca854bc234e007a56e0f7431f5e2defb5 https://git.kernel.org/stable/c/3799d02ae4208af08e81310770d8754863a246a1 https://git.kernel.org/stable/c/72d9611968867cc4c5509e7708b1507d6 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40992 – RDMA/rxe: Fix responder length checking for UD request packets
https://notcve.org/view.php?id=CVE-2024-40992
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But it introduces a regression issue for UD QPs. When the packet size is too large to fit in the receive buffer. `copy_data` will return error code -EINVAL. Then `send_data_in` will return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into ERROR state. • https://git.kernel.org/stable/c/689c5421bfe0eac65526bd97a466b9590a6aad3c https://git.kernel.org/stable/c/163868ec1f6c610d16da9e458fe1dd7d5de97341 https://git.kernel.org/stable/c/943c94f41dfe36536dc9aaa12c9efdf548ceb996 https://git.kernel.org/stable/c/f67ac0061c7614c1548963d3ef1ee1606efd8636 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40991 – dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()
https://notcve.org/view.php?id=CVE-2024-40991
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() The of_k3_udma_glue_parse_chn_by_id() helper function erroneously invokes "of_node_put()" on the "udmax_np" device-node passed to it, without having incremented its reference count at any point. Fix it. • https://git.kernel.org/stable/c/81a1f90f20af71728f900f245aa69e9425fdef84 https://git.kernel.org/stable/c/a5ab5f413d1e4c7ed5f64271b025f0726374509e https://git.kernel.org/stable/c/ba27e9d2207784da748b19170a2e56bd7770bd81 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40990 – RDMA/mlx5: Add check for srq max_sge attribute
https://notcve.org/view.php?id=CVE-2024-40990
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. • https://git.kernel.org/stable/c/e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511 https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2 https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3 https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d •