CVSS: 3.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36945 – net/smc: fix neighbour and rtable leak in smc_ib_find_route()
https://notcve.org/view.php?id=CVE-2024-36945
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable resolved by ip_route_output_flow() are not released or put before return. It may cause the refcount leak, so fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: corrige la fuga de vecino y rtable en smc_ib_find_route() En smc_ib_find_route(), el vecino encontrado por neigh_loo... • https://git.kernel.org/stable/c/e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36944 – Reapply "drm/qxl: simplify qxl_fence_wait"
https://notcve.org/view.php?id=CVE-2024-36944
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got out was: [ 93.607888] Testing event system initcall: OK [ 93.667730] Running tests on all trace events: [ 93.669757] Testing all events: OK [ 95.631064] ------------[ cut here ]------------ Timed out after 60 secon... • https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea • CWE-833: Deadlock •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36942 – Bluetooth: qca: fix firmware check error path
https://notcve.org/view.php?id=CVE-2024-36942
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: corregir ruta de error de verificación de firmware Una confirmación reciente corri... • https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 •
CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36941 – wifi: nl80211: don't free NULL coalescing rule
https://notcve.org/view.php?id=CVE-2024-36941
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: no liberar la regla de fusión NULL Si el análisis falla, podemos desreferenciar un puntero NULL aquí. • https://git.kernel.org/stable/c/be29b99a9b51b0338eea3c66a58de53bbd01de24 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36940 – pinctrl: core: delete incorrect free in pinctrl_enable()
https://notcve.org/view.php?id=CVE-2024-36940
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: core: elimina... • https://git.kernel.org/stable/c/6118714275f0a313ecc296a87ed1af32d9691bed • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36939 – nfs: Handle error of rpc_proc_register() in nfs_net_init().
https://notcve.org/view.php?id=CVE-2024-36939
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning [0] triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least the initial commit 1da177e4c3f4 ("Linux-2.6.12-rc2"). Recently, commit d47151b79e32 ("nfs: expose /proc/net/sunrpc/nfs in net namespaces") converted the procfs to per-netns and made the problem more visible. Even ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36938 – bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
https://notcve.org/view.php?id=CVE-2024-36938
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue write to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1: sk_psock_stop_verdict net/core/skmsg.c:1257 [inline] sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843 sk_psock_put include/linux/skmsg.h:459 [inlin... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36937 – xdp: use flags field to disambiguate broadcast redirect
https://notcve.org/view.php?id=CVE-2024-36937
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will set up the redirect destination information in struct bpf_redirect_info (using the __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect() function will read this information after the XDP program returns and pass the frame on to the right redirect destination. When using the BPF_F_BROADCAST flag to do... • https://git.kernel.org/stable/c/e624d4ed4aa8cc3c69d1359b0aaea539203ed266 •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36934 – bna: ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36934
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bna: asegúrese de q... • https://git.kernel.org/stable/c/7afc5dbde09104b023ce04465ba71aaba0fc4346 •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36933 – nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
https://notcve.org/view.php?id=CVE-2024-36933
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls skb_mac_gso_segment() to invoke in... • https://git.kernel.org/stable/c/c411ed854584a71b0e86ac3019b60e4789d88086 • CWE-457: Use of Uninitialized Variable •