CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-38554 – ax25: Fix reference count leak issue of net_device
https://notcve.org/view.php?id=CVE-2024-38554
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of net_device There is a reference count leak issue of the object "net_device" in ax25_dev_device_down(). When the ax25 device is shutting down, the ax25_dev_device_down() drops the reference count of net_device one or zero times depending on if we goto unlock_put or not, which will cause memory leak. In order to solve the above issue, decrease the reference count of net_device after dev->ax25_ptr is ... • https://git.kernel.org/stable/c/d01ffb9eee4af165d83b08dd73ebdf9fe94a519b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38553 – net: fec: remove .ndo_poll_controller to avoid deadlocks
https://notcve.org/view.php?id=CVE-2024-38553
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disable_irq() is called by .ndo_poll_controller interface of sungem driver, however, disable_irq() might sleep. After analyzing the implementation of fec_poll_co... • https://git.kernel.org/stable/c/7f5c6addcdc039c1a7c435857e6284ecac5d97c8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38552 – drm/amd/display: Fix potential index out of bounds in color transformation function
https://notcve.org/view.php?id=CVE-2024-38552
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds, an error message is logged and the function returns... • https://git.kernel.org/stable/c/b629596072e5fa901c84f9e88d845a696ee32942 •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38550 – ASoC: kirkwood: Fix potential NULL dereference
https://notcve.org/view.php?id=CVE-2024-38550
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: kirkwood: corrige una posible desreferencia NULL En kirkwood_dma_hw_params() mv_mbus_dram_info() devuelve NULL si la ma... • https://git.kernel.org/stable/c/bb6a40fc5a830cae45ddd5cd6cfa151b008522ed • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38549 – drm/mediatek: Add 0 size check to mtk_drm_gem_obj
https://notcve.org/view.php?id=CVE-2024-38549
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/mediatek: ... • https://git.kernel.org/stable/c/119f5173628aa7a0c3cf9db83460d40709e8241d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38548 – drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38548
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm... • https://git.kernel.org/stable/c/fb43aa0acdfd600c75b8c877bdf9f6e9893ffc9b • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38547 – media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries
https://notcve.org/view.php?id=CVE-2024-38547
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain: sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries() In unload_video_binaries(), it ca... • https://git.kernel.org/stable/c/a49d25364dfb9f8a64037488a39ab1f56c5fa419 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38546 – drm: vc4: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38546
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: vc4: corrige posible desreferencia del puntero nulo En vc4_hdmi_audio_init() of_get_address() puede devolver NULL, que luego se desre... • https://git.kernel.org/stable/c/bb7d78568814a31a11fa14f1479a9fe51f1582ad •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38545 – RDMA/hns: Fix UAF for cq async event
https://notcve.org/view.php?id=CVE-2024-38545
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_lock() to protect the CQ refcount. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/hns: corrige UAF para el evento cq async El recuento de CQ no está protegido por bloqueos. Cuando los eventos asincrónicos de CQ y ... • https://git.kernel.org/stable/c/9a4435375cd151e07c0c38fa601b00115986091b •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38544 – RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
https://notcve.org/view.php?id=CVE-2024-38544
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a... • https://git.kernel.org/stable/c/0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •