CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41040 – net/sched: Fix UAF when resolving a clash
https://notcve.org/view.php?id=CVE-2024-41040
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by task handler130/6469 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41039 – firmware: cs_dsp: Fix overflow checking of wmfw header
https://notcve.org/view.php?id=CVE-2024-41039
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmware data buffer contained enough bytes for the sums of the size of the structs wmfw_header + wmfw_adsp1_sizes + wmfw_footer But wmfw_adsp1_sizes is only used on ADSP1 firmware. For ADSP2 and Halo Core the equivalent struct is wmfw_adsp... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41038 – firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers
https://notcve.org/view.php?id=CVE-2024-41038
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the algorithm block header. This means the overall header length is variable, and the position of most fields varies depending on the length of the string fields. Each field must be checked to ensure that it does not overfl... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41037 – ASoC: SOF: Intel: hda: fix null deref on system suspend entry
https://notcve.org/view.php?id=CVE-2024-41037
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: fix null deref on system suspend entry When system enters suspend with an active stream, SOF core calls hw_params_upon_resume(). On Intel platforms with HDA DMA used to manage the link DMA, this leads to call chain of hda_dsp_set_hw_params_upon_resume() -> hda_dsp_dais_suspend() -> hda_dai_suspend() -> hda_ipc4_post_trigger() A bug is hit in hda_dai_suspend() as hda_link_dma_cleanup() is run first, which clears hext_s... • https://git.kernel.org/stable/c/2b009fa0823c1510700fd17a0780ddd06a460fb4 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41036 – net: ks8851: Fix deadlock with the SPI chip variant
https://notcve.org/view.php?id=CVE-2024-41036
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0x100/0x284 do_raw_spin_lock+0x34/0x44 ks8851_start_xmit_spi+0x30/0xb8 ks8851_start_xmit+0x14/0x20 netdev_start_xmit+0x40/0x6c dev_hard_start_xmi... • https://git.kernel.org/stable/c/1092525155eaad5c69ca9f3b6f3e7895a9424d66 •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-41035 – USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor
https://notcve.org/view.php?id=CVE-2024-41035
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoint descriptor's bEndpointAddress field will always be 0. As a result of the bug, the endpoint_is_duplicate() routine in config.c (and possibly other routines as well) may believe that two descriptors are for distinct endpoints, even th... • https://git.kernel.org/stable/c/0a8fd1346254974c3a852338508e4a4cddbb35f1 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41034 – nilfs2: fix kernel bug on rename operation of broken directory
https://notcve.org/view.php?id=CVE-2024-41034
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return locat... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41033 – cachestat: do not flush stats in recency check
https://notcve.org/view.php?id=CVE-2024-41033
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachestat: do not flush stats in recency check syzbot detects that cachestat() is flushing stats, which can sleep, in its RCU read section (see [1]). This is done in the workingset_test_recent() step (which checks if the folio's eviction is recent). Move the stat flushing step to before the RCU read section of cachestat, and skip stat flushing during the recency check. [1]: https://lore.kernel.org/cgroups/000000000000f71227061bdf97e0@google... • https://git.kernel.org/stable/c/b006847222623ac3cda8589d15379eac86a2bcb7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41032 – mm: vmalloc: check if a hash-index is in cpu_possible_mask
https://notcve.org/view.php?id=CVE-2024-41032
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: check if a hash-index is in cpu_possible_mask The problem is that there are systems where cpu_possible_mask has gaps between set CPUs, for example SPARC. In this scenario addr_to_vb_xa() hash function can return an index which accesses to not-possible and not setup CPU area using per_cpu() macro. This results in an oops on SPARC. A per-cpu vmap_block_queue is also used as hash table, incorrectly assuming the cpu_possible_mask h... • https://git.kernel.org/stable/c/062eacf57ad91b5c272f89dc964fd6dd9715ea7d • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41031 – mm/filemap: skip to create PMD-sized page cache if needed
https://notcve.org/view.php?id=CVE-2024-41031
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/filemap: skip to create PMD-sized page cache if needed On ARM64, HPAGE_PMD_ORDER is 13 when the base page size is 64KB. The PMD-sized page cache can't be supported by xarray as the following error messages indicate. ------------[ cut here ]------------ WARNING: CPU: 35 PID: 7484 at lib/xarray.c:1025 xas_split_alloc+0xf8/0x128 Modules linked in: nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib \ nft_reject_inet nf_reject_ipv4 nf_reject_ipv6... • https://git.kernel.org/stable/c/4687fdbb805a92ce5a9f23042c436dc64fef8b77 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •