CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41032 – mm: vmalloc: check if a hash-index is in cpu_possible_mask
https://notcve.org/view.php?id=CVE-2024-41032
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: check if a hash-index is in cpu_possible_mask The problem is that there are systems where cpu_possible_mask has gaps between set CPUs, for example SPARC. In this scenario addr_to_vb_xa() hash function can return an index which accesses to not-possible and not setup CPU area using per_cpu() macro. This results in an oops on SPARC. A per-cpu vmap_block_queue is also used as hash table, incorrectly assuming the cpu_possible_mask h... • https://git.kernel.org/stable/c/062eacf57ad91b5c272f89dc964fd6dd9715ea7d • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41031 – mm/filemap: skip to create PMD-sized page cache if needed
https://notcve.org/view.php?id=CVE-2024-41031
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6... • https://git.kernel.org/stable/c/4687fdbb805a92ce5a9f23042c436dc64fef8b77 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41030 – ksmbd: discard write access to the directory open
https://notcve.org/view.php?id=CVE-2024-41030
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when opening a directory. list_add corruption. next is NULL. ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:26! pc : __list_add_... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41029 – nvmem: core: limit cell sysfs permissions to main attribute ones
https://notcve.org/view.php?id=CVE-2024-41029
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute should not provide more access to the nvmem data than the main attribute itself. For example if nvme_config::root_only was set, the cell attribute would still provide read access to everybody. Mask out permissions not available on the main attribute. In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permi... • https://git.kernel.org/stable/c/0331c611949fffdf486652450901a4dc52bc5cca •
CVSS: 6.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41028 – platform/x86: toshiba_acpi: Fix array out-of-bounds access
https://notcve.org/view.php?id=CVE-2024-41028
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix array out-of-bounds access In order to use toshiba_dmi_quirks[] together with the standard DMI matching functions, it must be terminated by a empty entry. Since this entry is missing, an array out-of-bounds access occurs every time the quirk list is processed. Fix this by adding the terminating empty entry. In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshiba_acpi: Fix arr... • https://git.kernel.org/stable/c/3cb1f40dfdc3b9f5449076c96b4e2523139f5cd0 •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41027 – Fix userfaultfd_api to return EINVAL as expected
https://notcve.org/view.php?id=CVE-2024-41027
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Fix userfaultfd_api to return EINVAL as expected Currently if we request a feature that is not set in the Kernel config we fail silently and return all the available features. However, the man page indicates we should return an EINVAL. We need to fix this issue since we can end up with a Kernel warning should a program request the feature UFFD_FEATURE_WP_UNPOPULATED on a kernel with the config not set with this feature. [ 200.812896] WARNIN... • https://git.kernel.org/stable/c/e06f1e1dd4998ffc9da37f580703b55a93fc4de4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41026 – mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length
https://notcve.org/view.php?id=CVE-2024-41026
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the data to be transmiited. This causes a kernel panic when this size exceeds the sg_miter's length. Limit the number of transmitted bytes to sgm->length. In the Linux kernel, the following vulnerability has been resolved: mmc: davinci_mmc: Prevent transmitted data size from exceeding sgm's length No check is done on the size of the d... • https://git.kernel.org/stable/c/ed01d210fd910f7fa7933638df14ffb8d4aac2a9 •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41025 – misc: fastrpc: Fix memory leak in audio daemon attach operation
https://notcve.org/view.php?id=CVE-2024-41025
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon send the name as part of the init IOCTL call. This name needs to be copied to kernel for which memory is allocated. This memory is never freed which might result in memory leak. Free the memory when it is not needed. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix memory leak in audio daemon attach operation Audio PD daemon... • https://git.kernel.org/stable/c/0871561055e666da421d779397efcc1e5e964cab •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41023 – sched/deadline: Fix task_struct reference leak
https://notcve.org/view.php?id=CVE-2024-41023
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak concerning the task_struct: unreferenced object 0xffff8881305b8000 (size 16136): comm "stress-ng", pid 614, jiffies 4294883961 (age 286.412s) object hex dump (first 32 bytes): 02 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .@............ • https://git.kernel.org/stable/c/feff2e65efd8d84cf831668e182b2ce73c604bbb • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41022 – drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()
https://notcve.org/view.php?id=CVE-2024-41022
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of ser... • https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8 •