CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42071 – ionic: use dev_consume_skb_any outside of napi
https://notcve.org/view.php?id=CVE-2024-42071
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: use dev_consume_skb_any outside of napi If we're not in a NAPI softirq context, we need to be careful about how we call napi_consume_skb(), specifically we need to call it with budget==0 to signal to it that we're not in a safe context. This was found while running some configuration stress testing of traffic and a change queue config loop running, and this curious note popped out: [ 4371.402645] BUG: using smp_processor_id() in pree... • https://git.kernel.org/stable/c/386e69865311044b576ff536c99c6ee9cc98a228 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42070 – netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
https://notcve.org/view.php?id=CVE-2024-42070
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set datatype so this conditional check can be removed. Otherwise, pointer to chain object can be leaked through the registers. This vulnerability allows... • https://git.kernel.org/stable/c/96518518cc417bb0a8c80b9fb736202e28acdf96 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42069 – net: mana: Fix possible double free in error handling path
https://notcve.org/view.php?id=CVE-2024-42069
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function adev_release calls kfree(madev). We shouldn't call kfree(madev) again in the error handling path. Set 'madev' to NULL. In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns e... • https://git.kernel.org/stable/c/a69839d4327d053b18d8e1b0e7ddeee78db78f4f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42068 – bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
https://notcve.org/view.php?id=CVE-2024-42068
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro() set_memory_ro() can fail, leaving memory unprotected. Check its return and take it into account as an error. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several securi... • https://git.kernel.org/stable/c/a359696856ca9409fb97655c5a8ef0f549cb6e03 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42067 – bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro()
https://notcve.org/view.php?id=CVE-2024-42067
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() set_memory_rox() can fail, leaving memory unprotected. Check return and bail out when bpf_jit_binary_lock_ro() returns an error. In the Linux kernel, the following vulnerability has been resolved: bpf: Take return from set_memory_rox() into account with bpf_jit_binary_lock_ro() set_memory_rox() can fail, leaving memory unprotected. Check return and bail out wh... • https://git.kernel.org/stable/c/08f6c05feb1db21653e98ca84ea04ca032d014c7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42066 – drm/xe: Fix potential integer overflow in page size calculation
https://notcve.org/view.php?id=CVE-2024-42066
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast tbo->page_alignment to u64 before bit-shifting to prevent overflow when assigning to min_page_size. In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix potential integer overflow in page size calculation Explicitly cast tbo->page_alignment to u64 before bit-shifting to prevent overflow when assigning to min_page_size. • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42065 – drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
https://notcve.org/view.php?id=CVE-2024-42065
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init Add an explicit check to ensure that the mgr is not NULL. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly u... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42064 – drm/amd/display: Skip pipe if the pipe idx not set properly
https://notcve.org/view.php?id=CVE-2024-42064
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes when pipe idx not set properly [how] Add code to skip the pipe that idx not set properly In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip pipe if the pipe idx not set properly [why] Driver crashes when pipe idx not set properly [how] Add code to skip the pipe that idx not set properly • https://git.kernel.org/stable/c/27df59c6071470efce7182ee92fbb16afba551e0 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42063 – bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode
https://notcve.org/view.php?id=CVE-2024-42063
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Mark bpf prog stack with kmsan_unposion_memory in interpreter mode syzbot reported uninit memory usages during map_{lookup,delete}_elem. ========== BUG: KMSAN: uninit-value in __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] BUG: KMSAN: uninit-value in dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 __dev_map_lookup_elem kernel/bpf/devmap.c:441 [inline] dev_map_lookup_elem+0xf3/0x170 kernel/bpf/devmap.c:796 ____bpf_map_loo... • https://git.kernel.org/stable/c/b30f3197a6cd080052d5d4973f9a6b479fd9fff5 •
CVSS: 0EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52887 – net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new
https://notcve.org/view.php?id=CVE-2023-52887
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This provides clearer error messages and allows for the early termination of problematic sessions. Previously, sessions were only released at the end ... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •