CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26635 – llc: Drop support for ETH_P_TR_802_2.
https://notcve.org/view.php?id=CVE-2024-26635
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16) llc_conn_handler() initialises local variables {saddr,daddr}.mac based on skb in llc_pdu_decode_sa()/llc_pdu_decod... • https://git.kernel.org/stable/c/211ed865108e24697b44bee5daac502ee6bdd4a4 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52615 – hwrng: core - Fix page fault dead lock on mmap-ed hwrng
https://notcve.org/view.php?id=CVE-2023-52615
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: hwrng: core - Fix page fault dead lock on mmap-ed hwrng There is a dead-lock in the hwrng device read path. This triggers when the user reads from /dev/hwrng into memory also mmap-ed from /dev/hwrng. The resulting page fault triggers a recursive read which then dead-locks. Fix this by using a stack buffer when calling copy_to_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwrng: core: soluciona el bloqueo de falla de ... • https://git.kernel.org/stable/c/9996508b3353063f2d6c48c1a28a84543d72d70b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52614 – PM / devfreq: Fix buffer overflow in trans_stat_show
https://notcve.org/view.php?id=CVE-2023-52614
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exceeding PAGE_SIZE and exit early from loop. Also add at the end a warning that we exceeded PAGE_SIZE and that stats is disabled. Return -EFBIG in the case where we don't have enough space to write the full transition table. • https://git.kernel.org/stable/c/e552bbaf5b987f57c43e6981a452b8a3c700b1ae • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-26633 – ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
https://notcve.org/view.php?id=CVE-2024-26633
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/i... • https://git.kernel.org/stable/c/fbfa743a9d2a0ffa24251764f10afc13eb21e739 • CWE-20: Improper Input Validation •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52612 – crypto: scomp - fix req->dst buffer overflow
https://notcve.org/view.php?id=CVE-2023-52612
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: scomp - fix req->dst buffer overflow The req->dst buffer size should be checked before copying from the scomp_scratch->dst to avoid req->dst buffer overflow problem. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: scomp - corrige el desbordamiento del búfer req->dst. El tamaño del búfer req->dst debe verificarse antes de copiar desde scomp_scratch->dst para evitar el problema de desbordamiento del... • https://git.kernel.org/stable/c/1ab53a77b772bf7369464a0e4fa6fd6499acf8f1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52609 – binder: fix race between mmput() and do_exit()
https://notcve.org/view.php?id=CVE-2023-52609
18 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix race between mmput() and do_exit() Task A calls binder_update_page_range() to allocate and insert pages on a remote address space from Task B. For this, Task A pins the remote mm via mmget_not_zero() first. This can race with Task B do_exit() and the final mmput() refcount decrement will come from Task A. Task A | Task B ------------------+------------------ mmget_not_zero() | | do_exit() | exit_mm() | mmput() mmput() | exit_mma... • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47131 – net/tls: Fix use-after-free after the TLS device goes down and up
https://notcve.org/view.php?id=CVE-2021-47131
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socket stays alive, and it still points to the TLS context, which is now deallocated. If a netdev goes up, while the connection is still active, and the data flow resumes after a number of TCP retransmissions, it will lead to a use-after-f... • https://git.kernel.org/stable/c/e8f69799810c32dd40c6724d829eccc70baad07f •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47122 – net: caif: fix memory leak in caif_device_notify
https://notcve.org/view.php?id=CVE-2021-47122
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in caif_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: caif: corrige la pérdida de memoria en caif_device_notify En caso de que falle caif_enroll_dev(), el link_support asignado no se asignará a la estructura correspondi... • https://git.kernel.org/stable/c/7c18d2205ea76eef9674e59e1ecae4f332a53e9e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47121 – net: caif: fix memory leak in cfusbl_device_notify
https://notcve.org/view.php?id=CVE-2021-47121
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: net: caif: fix memory leak in cfusbl_device_notify In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: caif: corrige la pérdida de memoria en cfusbl_device_notify En caso de que falle caif_enroll_dev(), el link_support asignado no se asignará a la estructura corres... • https://git.kernel.org/stable/c/7ad65bf68d705b445ef10b77ab50dab22be185ee •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47119 – ext4: fix memory leak in ext4_fill_super
https://notcve.org/view.php?id=CVE-2021-47119
15 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and subsequently that bh will be leaked. If blocksizes differ, sb_set_blocksize() will kill current buffers and page cache by using kill_bdev(). And then super block will be reread again but using correct blocksize this time. sb_set_blocksiz... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •