CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38663 – blk-cgroup: fix list corruption from resetting io stat
https://notcve.org/view.php?id=CVE-2024-38663
24 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resetting io stat Since commit 3b8cc6298724 ("blk-cgroup: Optimize blkcg_rstat_flush()"), each iostat instance is added to blkcg percpu list, so blkcg_reset_stats() can't reset the stat instance by memset(), otherwise the llist may be corrupted. Fix the issue by only resetting the counter part. In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from resett... • https://git.kernel.org/stable/c/3b8cc6298724021da845f2f9fd7dd4b6829a6817 • CWE-665: Improper Initialization •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38384 – blk-cgroup: fix list corruption from reorder of WRITE ->lqueued
https://notcve.org/view.php?id=CVE-2024-38384
24 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix list corruption from reorder of WRITE ->lqueued __blkcg_rstat_flush() can be run anytime, especially when blk_cgroup_bio_start is being executed. If WRITE of `->lqueued` is re-ordered with READ of 'bisc->lnode.next' in the loop of __blkcg_rstat_flush(), `next_bisc` can be assigned with one stat instance being added in blk_cgroup_bio_start(), then the local list in __blkcg_rstat_flush() could be corrupted. Fix the issue by ad... • https://git.kernel.org/stable/c/3b8cc6298724021da845f2f9fd7dd4b6829a6817 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36481 – tracing/probes: fix error check in parse_btf_field()
https://notcve.org/view.php?id=CVE-2024-36481
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/probes: fix error check in parse_btf_field() btf_find_struct_member() might return NULL or an error via the ERR_PTR() macro. However, its caller in parse_btf_field() only checks for the NULL condition. Fix this by using IS_ERR() and returning the error up the stack. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo/sondas: corrección de verificación de errores en parse_btf_field() btf_find_struct_member() pu... • https://git.kernel.org/stable/c/c440adfbe30257dde905adc1fce51131145f7245 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36477 – tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer
https://notcve.org/view.php?id=CVE-2024-36477
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As such, it does not account for the 4 bytes of header that prepends the SPI data frame. This can result in out-of-bounds accesses and was confirmed with KASAN. Introduce SPI_HDRSIZE to account for the header and use to allocate the transf... • https://git.kernel.org/stable/c/a86a42ac2bd652fdc7836a9d880c306a2485c142 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-34777 – dma-mapping: benchmark: fix node id validation
https://notcve.org/view.php?id=CVE-2024-34777
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: fix node id validation While validating node ids in map_benchmark_ioctl(), node_possible() may be provided with invalid argument outside of [0,MAX_NUMNODES-1] range leading to: BUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214) Read of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971 CPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37 Hardware name: QEMU Stan... • https://git.kernel.org/stable/c/65789daa8087e125927230ccb7e1eab13999b0cf •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39277 – dma-mapping: benchmark: handle NUMA_NO_NODE correctly
https://notcve.org/view.php?id=CVE-2024-39277
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28 index -1 is out of range for type 'cpumask [64][1]' CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38780 – dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
https://notcve.org/view.php?id=CVE-2024-38780
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugf... • https://git.kernel.org/stable/c/a6aa8fca4d792c72947e341d7842d2f700534335 • CWE-667: Improper Locking •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38662 – bpf: Allow delete from sockmap/sockhash only if update is allowed
https://notcve.org/view.php?id=CVE-2024-38662
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_delete on a sockmap/sockhash. We don't intend to support this artificial use scenario. Extend the existing verifier allowed-program-type check for updating sockmap/sockhash to also cover deleting from a map. From now on only BPF progra... • https://git.kernel.org/stable/c/dd54b48db0c822ae7b520bc80751f0a0a173ef75 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38659 – enic: Validate length of nl attributes in enic_set_vf_port
https://notcve.org/view.php?id=CVE-2024-38659
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID... • https://git.kernel.org/stable/c/f8bd909183acffad68780b10c1cdf36161cfd5d1 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38637 – greybus: lights: check return of get_channel_from_mode
https://notcve.org/view.php?id=CVE-2024-38637
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places. This was originally reported in [0]: Found by Linux Verification Center (linuxtesting.org) with SVACE. [0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru En el kernel de Linux, se resolvió... • https://git.kernel.org/stable/c/2870b52bae4c81823ffcb3ed2b0626fb39d64f48 •