CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36969 – drm/amd/display: Fix division by zero in setup_dsc_config
https://notcve.org/view.php?id=CVE-2024-36969
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display moni... • https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36968 – Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
https://notcve.org/view.php?id=CVE-2024-36968
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR(... • https://git.kernel.org/stable/c/6ed58ec520ad2b2fe3f955c8a5fd0eecafccebdf • CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36967 – KEYS: trusted: Fix memory leak in tpm2_key_encode()
https://notcve.org/view.php?id=CVE-2024-36967
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KEYS: confiable: corrige la pérdida de memoria en tpm2_key_encode() 'scratch' nunca se libera. Solucione este problema llamando a kfree() en caso de éxito y de error. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/f2219745250f388edacabe6cca73654131c67d0a • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36965 – remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
https://notcve.org/view.php?id=CVE-2024-36965
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perfor... • https://git.kernel.org/stable/c/3efa0ea743b77d1611501f7d8b4f320d032d73ae •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36031 – keys: Fix overwrite of key expiration on instantiation
https://notcve.org/view.php?id=CVE-2024-36031
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry. En el kernel de Linux, se... • https://git.kernel.org/stable/c/97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac • CWE-324: Use of a Key Past its Expiration Date CWE-665: Improper Initialization •
CVSS: 7.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36016 – tty: n_gsm: fix possible out-of-bounds in gsm0_receive()
https://notcve.org/view.php?id=CVE-2024-36016
29 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() Assuming the following: - side A configures the n_gsm in basic option mode - side B sends the header of a basic option mode frame with data length 1 - side A switches to advanced option mode - side B sends 2 data bytes which exceeds gsm->len Reason: gsm->len is not used in advanced option mode. - side A switches to basic option mode - side B keeps sending until gsm0_receive() writes p... • https://git.kernel.org/stable/c/e1eaea46bb4020b38a141b84f88565d4603f8dd0 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36015 – ppdev: Add an error check in register_device
https://notcve.org/view.php?id=CVE-2024-36015
29 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after ida_simple_get. When the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ppde... • https://git.kernel.org/stable/c/9a69645dde1188723d80745c1bc6ee9af2cbe2a7 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36014 – drm/arm/malidp: fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-36014
29 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that mw_state is checked before calling __drm_atomic_helper_connector_reset. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/arm/malidp: corrige una posible desreferencia del puntero nulo En malidp_mw_connector_rese... • https://git.kernel.org/stable/c/8cbc5caf36ef7a299b5cbedf55f27fd898d700bf •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2785 – Arbitrary Memory read in BPF Linux Kernel
https://notcve.org/view.php?id=CVE-2022-2785
23 Sep 2022 — There exists an arbitrary memory read within the Linux Kernel BPF - Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned by BPF. An attacker with CAP_BPF can arbitrarily read memory from anywhere on the system. We recommend upgrading past commit 86f44fcec22c Se presenta una lectura de memoria arbitraria dentro del BPF del Kernel de Linux - Las constantes proporcionadas para rellenar los punteros en los structs pasados a b... • https://git.kernel.org/bpf/bpf/c/86f44fcec22c • CWE-125: Out-of-bounds Read •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 0CVE-2014-0069 – kernel: cifs: incorrect handling of bogus user pointers during uncached writes
https://notcve.org/view.php?id=CVE-2014-0069
28 Feb 2014 — The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer. La función cifs_iovec_write en fs/cifs/file.c en el kernel de Linux hasta 3.13.5 no maneja debidamente opera... • http://article.gmane.org/gmane.linux.kernel.cifs/9401 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •