CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38632 – vfio/pci: fix potential memory leak in vfio_intx_enable()
https://notcve.org/view.php?id=CVE-2024-38632
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. • https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899 https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897 https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3 https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834 https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d2374 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38631 – iio: adc: PAC1934: fix accessing out of bounds array index
https://notcve.org/view.php?id=CVE-2024-38631
In the Linux kernel, the following vulnerability has been resolved: iio: adc: PAC1934: fix accessing out of bounds array index Fix accessing out of bounds array index for average current and voltage measurements. The device itself has only 4 channels, but in sysfs there are "fake" channels for the average voltages and currents too. • https://git.kernel.org/stable/c/0fb528c8255bd2de6a2fba26ed28d75a7f0cb630 https://git.kernel.org/stable/c/8dbcb3a8cfdf8ff5afce62dad50790278ff0d3b7 https://git.kernel.org/stable/c/51fafb3cd7fcf4f4682693b4d2883e2a5bfffe33 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38630 – watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
https://notcve.org/view.php?id=CVE-2024-38630
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it and will return directly. If the port region is released by release_region() and then the timer handler cpu5wdt_trigger() calls outb() to write into the region that is released, the use-after-free bug will happen. Change del_timer() to timer_shutdown_sync() in order that the timer handler could be finished before the port region is released. • https://git.kernel.org/stable/c/e09d9c3e9f85b8190ca1e495890f4cf5ee30baf6 https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314 https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38629 – dmaengine: idxd: Avoid unnecessary destruction of file_ida
https://notcve.org/view.php?id=CVE-2024-38629
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Avoid unnecessary destruction of file_ida file_ida is allocated during cdev open and is freed accordingly during cdev release. This sequence is guaranteed by driver file operations. Therefore, there is no need to destroy an already empty file_ida when the WQ cdev is removed. Worse, ida_free() in cdev release may happen after destruction of file_ida per WQ cdev. This can lead to accessing an id in file_ida after it has been destroyed, resulting in a kernel panic. Remove ida_destroy(&file_ida) to address these issues. • https://git.kernel.org/stable/c/e6fd6d7e5f0fe4a17a08e892afb5db800e7794ec https://git.kernel.org/stable/c/9eb15f24a0b9b017b39cde8b8c07243676b63687 https://git.kernel.org/stable/c/15edb906211bf53e7b5574f7326ab734d6bff4f9 https://git.kernel.org/stable/c/76e43fa6a456787bad31b8d0daeabda27351a480 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38628 – usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind.
https://notcve.org/view.php?id=CVE-2024-38628
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind. Hang on to the control IDs instead of pointers since those are correctly handled with locks. • https://git.kernel.org/stable/c/02de698ca8123782c0c6fb8ed99080e2f032b0d2 https://git.kernel.org/stable/c/89e66809684485590ea0b32c3178e42cba36ac09 https://git.kernel.org/stable/c/453d3fa9266e53f85377b911c19b9a4563fa88c0 https://git.kernel.org/stable/c/bea73b58ab67fe581037ad9cdb93c2557590c068 https://git.kernel.org/stable/c/1b739388aa3f8dfb63a9fca777e6dfa6912d0464 •