CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42146 – drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf
https://notcve.org/view.php?id=CVE-2024-42146
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add outer runtime_pm protection to xe_live_ktest@xe_dma_buf Any kunit doing any memory access should get their own runtime_pm outer references since they don't use the standard driver API entries. In special this dma_buf from the same driver. Found by pre-merge CI on adding WARN calls for unprotected inner callers: <6> [318.639739] # xe_dma_buf_kunit: running xe_test_dmabuf_import_same_driver <4> [318.639957] ------------[ cut here ... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42145 – IB/core: Implement a limit on UMAD receive List
https://notcve.org/view.php?id=CVE-2024-42145
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such... • https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42144 – thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
https://notcve.org/view.php?id=CVE-2024-42144
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could p... • https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42142 – net/mlx5: E-switch, Create ingress ACL when needed
https://notcve.org/view.php?id=CVE-2024-42142
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can be disabled using the following devlink command: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \ value false cmode runtime If i... • https://git.kernel.org/stable/c/1749c4c51c16e3e078faae0a876d01bafb187a74 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42141 – Bluetooth: ISO: Check socket flag instead of hcon
https://notcve.org/view.php?id=CVE-2024-42141
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk... • https://git.kernel.org/stable/c/fbdc4bc47268953c80853489f696e02d61f9a2c6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42140 – riscv: kexec: Avoid deadlock in kexec crash path
https://notcve.org/view.php?id=CVE-2024-42140
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use... • https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42139 – ice: Fix improper extts handling
https://notcve.org/view.php?id=CVE-2024-42139
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause a kernel crash. As a side effect, when the driver is reloaded and application is started again, remaining extts event for the channel from a previous run will keep firing and the message "extts on unexpected channel... • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42138 – mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
https://notcve.org/view.php?id=CVE-2024-42138
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxsw_linecard_types_init() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init() calls mlxsw_linecard_types_fini() which performs memory deallocation again. Add pointer reset to NULL. Found by Linux Verification Center (linuxt... • https://git.kernel.org/stable/c/b217127e5e4ee0ecfce7c5f84cfe082238123bda •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42137 – Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot
https://notcve.org/view.php?id=CVE-2024-42137
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot Commit 272970be3dab ("Bluetooth: hci_qca: Fix driver shutdown on closed serdev") will cause below regression issue: BT can't be enabled after below steps: cold boot -> enable BT -> disable BT -> warm reboot -> BT enable failure if property enable-gpios is not configured within DT|ACPI for QCA6390. The commit is to fix a use-after-free issue within qca_serdev_shutdown(... • https://git.kernel.org/stable/c/e84ec6e25df9bb0968599e92eacedaf3a0a5b587 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42136 – cdrom: rearrange last_media_change check to avoid unintentional overflow
https://notcve.org/view.php?id=CVE-2024-42136
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372036854775808 - 346321 cannot be represented in type '__s64' (aka 'long long') [ 366.025894] program syz-executor.4 is using a deprecated SCSI ioctl, please conver... • https://git.kernel.org/stable/c/0c97527e916054acc4a46ffb02842988acb2e92b •