CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43815 – crypto: mxs-dcp - Ensure payload is zero when using key slot
https://notcve.org/view.php?id=CVE-2024-43815
In the Linux kernel, the following vulnerability has been resolved: crypto: mxs-dcp - Ensure payload is zero when using key slot We could leak stack memory through the payload field when running AES with a key from one of the hardware's key slots. • https://git.kernel.org/stable/c/3d16af0b4cfac4b2c3b238e2ec37b38c2f316978 https://git.kernel.org/stable/c/e1640fed0377bf7276efb70d03cb821a6931063d https://git.kernel.org/stable/c/dd52b5eeb0f70893f762da7254e923fd23fd1379 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42322 – ipvs: properly dereference pe in ip_vs_add_service
https://notcve.org/view.php?id=CVE-2024-42322
In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression • https://git.kernel.org/stable/c/39b9722315364121c6e2524515a6e95d52287549 https://git.kernel.org/stable/c/3dd428039e06e1967ce294e2cd6342825aaaad77 https://git.kernel.org/stable/c/c420cd5d5bc6797f3a8824e7d74f38f0c286fca5 https://git.kernel.org/stable/c/cbd070a4ae62f119058973f6d2c984e325bce6e7 https://access.redhat.com/security/cve/CVE-2024-42322 https://bugzilla.redhat.com/show_bug.cgi?id=2305467 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42321 – net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2024-42321
In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stable kernels. • https://git.kernel.org/stable/c/9b52e3f267a6835efd50ed9002d530666d16a411 https://git.kernel.org/stable/c/eb03d9826aa646577342a952d658d4598381c035 https://git.kernel.org/stable/c/4afbac11f2f629d1e62817c4e210bdfaa7521107 https://git.kernel.org/stable/c/c5d21aabf1b31a79f228508af33aee83456bc1b0 https://git.kernel.org/stable/c/120f1c857a73e52132e473dee89b340440cb692b •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42320 – s390/dasd: fix error checks in dasd_copy_pair_store()
https://notcve.org/view.php?id=CVE-2024-42320
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocation fails. • https://git.kernel.org/stable/c/a91ff09d39f9b6545254839ac91f1ff7bd21d39e https://git.kernel.org/stable/c/932600a295cc299d470ca7f5d6491bd0dfc99ea7 https://git.kernel.org/stable/c/cc8b7284d5076722e0b8062373b68d8e47c3bace https://git.kernel.org/stable/c/e511167e65d332d07b3c7a3d5a741ee9c19a8c27 https://git.kernel.org/stable/c/68d4c3722290ad300c295fb3435e835d200d5cb2 https://git.kernel.org/stable/c/8e64d2356cbc800b4cd0e3e614797f76bcf0cdb8 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42319 – mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
https://notcve.org/view.php?id=CVE-2024-42319
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ... The root cause can be deduced to be calling pm_runtime_get_sync() after calling pm_runtime_disable() as observed below: 1. • https://git.kernel.org/stable/c/623a6143a845bd485b00ba684f0ccef11835edab https://git.kernel.org/stable/c/11fa625b45faf0649118b9deaf2d31c86ac41911 https://git.kernel.org/stable/c/a8bd68e4329f9a0ad1b878733e0f80be6a971649 •