CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36937 – xdp: use flags field to disambiguate broadcast redirect
https://notcve.org/view.php?id=CVE-2024-36937
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will set up the redirect destination information in struct bpf_redirect_info (using the __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect() function will read this information after the XDP program returns and pass the frame on to the right redirect destination. When using the BPF_F_BROADCAST flag to... • https://git.kernel.org/stable/c/e624d4ed4aa8cc3c69d1359b0aaea539203ed266 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36934 – bna: ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36934
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bna: asegúrese de... • https://git.kernel.org/stable/c/7afc5dbde09104b023ce04465ba71aaba0fc4346 •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36933 – nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
https://notcve.org/view.php?id=CVE-2024-36933
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls skb_mac_gso_segment() to in... • https://git.kernel.org/stable/c/c411ed854584a71b0e86ac3019b60e4789d88086 • CWE-457: Use of Uninitialized Variable •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36931 – s390/cio: Ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36931
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/cio: asegúrese de que el buf co... • https://git.kernel.org/stable/c/a4f17cc726712a52122ad38540bc3ff3a052d1a4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36930 – spi: fix null pointer dereference within spi_sync
https://notcve.org/view.php?id=CVE-2024-36930
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message(). With function inlining disabled, the call stack might look like this: _raw_spin_lock_irqsave from complete_with_fl... • https://git.kernel.org/stable/c/ae7d2346dc89ae89a6e0aabe6037591a11e593c0 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36929 – net: core: reject skb_copy(_expand) for fraglist GSO skbs
https://notcve.org/view.php?id=CVE-2024-36929
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: core: rechazar skb_copy(_expand) para fraglist GSO skbs Los skbs SKB_GSO_FRAGLIST no deben l... • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 • CWE-822: Untrusted Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36928 – s390/qeth: Fix kernel panic after setting hsuid
https://notcve.org/view.php?id=CVE-2024-36928
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi function pointer that is NULL. Example: --------------------------------------------------------------------------- [ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP [ 2057.572702] Modules linked in: af_iucv qe... • https://git.kernel.org/stable/c/64e3affee2881bb22df7ce45dd1f1fd7990e382b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-36927 – ipv4: Fix uninit-value access in __ip_make_skb()
https://notcve.org/view.php?id=CVE-2024-36927
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL while __ip_make_skb() is running, the function will access icmphdr in the skb even if it is not included. This causes the issue reported by KMSAN. Check FLOWI_FLAG_KNOW... • https://git.kernel.org/stable/c/99e5acae193e369b71217efe6f1dad42f3f18815 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36926 – powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE
https://notcve.org/view.php?id=CVE-2024-36926
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is attached to. There are execptions where the partition firmware might not provide this property for the PE at the time of LPAR boot up. One of the scenario is where the firmware has frozen the PE due to some error con... • https://git.kernel.org/stable/c/b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36924 – scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
https://notcve.org/view.php?id=CVE-2024-36924
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the hbalock to avoid potential deadlock. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Libere hbalock antes de llamar a lpfc_worker_wake_up() lpfc_worker_wake_up() llama a la rutina lpfc_work_done(... • https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd • CWE-833: Deadlock •