CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38627 – stm class: Fix a double free in stm_register_device()
https://notcve.org/view.php?id=CVE-2024-38627
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase stm: corrige un doble free en stm_register_device() La llamada put_device(&stm->dev) activará stm_device_release() que libera "stm" para que vfree(stm) en el La siguiente línea es un doble libre. • https://git.kernel.org/stable/c/389b6699a2aa0b457aa69986e9ddf39f3b4030fd https://git.kernel.org/stable/c/b0351a51ffda593b2b1b35dd0c00a73505edb256 https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931 https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695 https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36 https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247 https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21e • CWE-415: Double Free •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-38626 – fuse: clear FR_SENT when re-adding requests into pending list
https://notcve.org/view.php?id=CVE-2024-38626
In the Linux kernel, the following vulnerability has been resolved: fuse: clear FR_SENT when re-adding requests into pending list The following warning was reported by lee bruce: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 8264 at fs/fuse/dev.c:300 fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300 Modules linked in: CPU: 0 PID: 8264 Comm: ab2 Not tainted 6.9.0-rc7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:fuse_request_end+0x685/0x7e0 fs/fuse/dev.c:300 ...... Call Trace: <TASK> fuse_dev_do_read.constprop.0+0xd36/0x1dd0 fs/fuse/dev.c:1334 fuse_dev_read+0x166/0x200 fs/fuse/dev.c:1367 call_read_iter include/linux/fs.h:2104 [inline] new_sync_read fs/read_write.c:395 [inline] vfs_read+0x85b/0xba0 fs/read_write.c:476 ksys_read+0x12f/0x260 fs/read_write.c:619 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xce/0x260 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f ...... </TASK> The warning is due to the FUSE_NOTIFY_RESEND notify sent by the write() syscall in the reproducer program and it happens as follows: (1) calls fuse_dev_read() to read the INIT request The read succeeds. During the read, bit FR_SENT will be set on the request. (2) calls fuse_dev_write() to send an USE_NOTIFY_RESEND notify The resend notify will resend all processing requests, so the INIT request is moved from processing list to pending list again. (3) calls fuse_dev_read() with an invalid output address fuse_dev_read() will try to copy the same INIT request to the output address, but it will fail due to the invalid address, so the INIT request is ended and triggers the warning in fuse_request_end(). Fix it by clearing FR_SENT when re-adding requests into pending list. • https://git.kernel.org/stable/c/760eac73f9f69aa28fcb3050b4946c2dcc656d12 https://git.kernel.org/stable/c/533070db659a9589310a743e9de14cf9d651ffaf https://git.kernel.org/stable/c/246014876d782bbf2e652267482cd2e799fb5fcd •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38625 – fs/ntfs3: Check 'folio' pointer for NULL
https://notcve.org/view.php?id=CVE-2024-38625
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check 'folio' pointer for NULL It can be NULL if bmap is called. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 https://git.kernel.org/stable/c/6c8054d590668629bb2eb6fb4cbf22455d08ada8 https://git.kernel.org/stable/c/ff1068929459347f9e47f8d14c409dcf938c2641 https://git.kernel.org/stable/c/1cd6c96219c429ebcfa8e79a865277376c563803 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38624 – fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow
https://notcve.org/view.php?id=CVE-2024-38624
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use 64 bit variable to avoid 32 bit overflow For example, in the expression: vbo = 2 * vbo + skip • https://git.kernel.org/stable/c/b46acd6a6a627d876898e1c84d3f84902264b445 https://git.kernel.org/stable/c/2d1ad595d15f36a925480199bf1d9ad72614210b https://git.kernel.org/stable/c/98db3155b54d3684ef0ab5bfa0b856d13f65843d https://git.kernel.org/stable/c/109d85a98345ee52d47c650405dc51bdd2bc7d40 https://git.kernel.org/stable/c/847db4049f6189427ddaefcfc967d4d235b73c57 https://git.kernel.org/stable/c/e931f6b630ffb22d66caab202a52aa8cbb10c649 •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38623 – fs/ntfs3: Use variable length array instead of fixed size
https://notcve.org/view.php?id=CVE-2024-38623
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Use variable length array instead of fixed size Should fix smatch warning: ntfs_set_label() error: __builtin_memcpy() 'uni->name' too small (20 vs 256) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: fs/ntfs3: use una matriz de longitud variable en lugar de un tamaño fijo. Debería corregirse la advertencia de coincidencia: error ntfs_set_label(): __builtin_memcpy() 'uni->name' demasiado pequeño (20 vs 256) • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e https://git.kernel.org/stable/c/a2de301d90b782ac5d7a5fe32995caaee9ab3a0f https://git.kernel.org/stable/c/3839a9b19a4b70eff6b6ad70446f639f7fd5a3d7 https://git.kernel.org/stable/c/1fe1c9dc21ee52920629d2d9b9bd84358931a8d1 https://git.kernel.org/stable/c/cceef44b34819c24bb6ed70dce5b524bd3e368d1 https://git.kernel.org/stable/c/1997cdc3e727526aa5d84b32f7cbb3f56459b7ef • CWE-129: Improper Validation of Array Index •