CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41015 – ocfs2: add bounds checking to ocfs2_check_dir_entry()
https://notcve.org/view.php?id=CVE-2024-41015
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. • https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41014 – xfs: add bounds checking to xlog_recover_process_data
https://notcve.org/view.php?id=CVE-2024-41014
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. We can create a crafted image to trigger an out of bounds read by following these steps: 1) Mount an image of xfs, and do some file operations to leave records 2) Before umounting, copy the image for subsequent steps to simulate abnormal exit. Because umount will ens... • https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41013 – xfs: don't walk off the end of a directory data block
https://notcve.org/view.php?id=CVE-2024-41013
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simply checks that the start offset of the dup and dep is within the range. So in a crafted image, if last entry is xfs_dir2_data_unused, we can change dup->length to dup->length-1 and leave 1 byte of space. In the next traversal, this sp... • https://git.kernel.org/stable/c/ca96d83c93071f95cf962ce92406621a472df31b • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41091 – tun: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41091
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one-->eth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse t... • https://git.kernel.org/stable/c/043d222f93ab8c76b56a3b315cd8692e35affb6c • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41090 – tap: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41090
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tap_get_user_xdp()-->skb_set_network_header() may assume the size is more than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the unde... • https://git.kernel.org/stable/c/0efac27791ee068075d80f07c55a229b1335ce12 • CWE-20: Improper Input Validation •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41012 – filelock: Remove locks reliably when fcntl/close race is detected
https://notcve.org/view.php?id=CVE-2024-41012
23 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait(). However, LSMs can allow the first do_lock_file_wait() that created the lock while denying the second do_lock_file_wait() that tries to remove the lock. Separately, posix_lock_file() could also fail to remove a lock due to GFP_KERNEL allocation failure (when splitting a range in the mi... • https://git.kernel.org/stable/c/c293621bbf678a3d85e3ed721c3921c8a670610d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41011 – drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
https://notcve.org/view.php?id=CVE-2024-41011
18 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We remap the HDP flush registers into this space to allow userspace (CPU or GPU) to flush the HDP when it updates VRAM. However, on systems with >4K pages, we end up exposing PAGE_SIZE of MMIO space. En el kernel de Linux, se ha resuelto la ... • https://git.kernel.org/stable/c/d8e408a82704c86ba87c3d58cfe69dcdb758aa07 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41010 – bpf: Fix too early release of tcx_entry
https://notcve.org/view.php?id=CVE-2024-41010
17 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix too early release of tcx_entry Pedro Pinto and later independently also Hyunwoo Kim and Wongi Lee reported an issue that the tcx_entry can be released too early leading to a use after free (UAF) when an active old-style ingress or clsact qdisc with a shared tc block is later replaced by another ingress or clsact instance. Essentially, the sequence to trigger the UAF (one example) can be as follows: 1. A network namespace is created... • https://git.kernel.org/stable/c/e420bed025071a623d2720a92bc2245c84757ecb • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41009 – bpf: Fix overrunning reservations in ringbuf
https://notcve.org/view.php?id=CVE-2024-41009
17 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which is the producer counter denoting the amount of data reserved by all producers. Each time a record is reserved, the producer that "owns" the reco... • https://git.kernel.org/stable/c/457f44363a8894135c85b7a9afd2bd8196db24ab • CWE-121: Stack-based Buffer Overflow CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48866 – HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts
https://notcve.org/view.php?id=CVE-2022-48866
16 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts Syzbot reported an slab-out-of-bounds Read in thrustmaster_probe() bug. The root case is in missing validation check of actual number of endpoints. Code should not blindly access usb_host_interface::endpoint array, since it may contain less endpoints than code expects. Fix it by adding missing validaion check and print an error if number of endpoints do not match expected number... • https://git.kernel.org/stable/c/c49c33637802a2c6957a78119eb8be3b055dd9e9 • CWE-125: Out-of-bounds Read •