CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42240 – x86/bhi: Avoid warning in #DB handler due to BHI mitigation
https://notcve.org/view.php?id=CVE-2024-42240
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is invoked with the TF flag set then entry_SYSENTER_compat() uses CLEAR_BRANCH_HISTORY and calls the clear_bhb_loop() before the TF flag is cleared. In the Linux kernel, the following vulnerability has been resolved: x86/bhi: Avoid warning in #DB handler due to BHI mitigation When BHI mitigation is enabled, if SYSENTER is in... • https://git.kernel.org/stable/c/bd53ec80f21839cfd4d852a6088279d602d67e5b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42239 – bpf: Fail bpf_timer_cancel when callback is being cancelled
https://notcve.org/view.php?id=CVE-2024-42239
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer_cancel(timer2); bpf_timer_cancel(timer1); Both bpf_timer_cancel calls would wait for the other callback to finish executing, introducing a lockup. In the Linux kernel, the following vulnerability has been resolved: bpf: Fail bpf_timer_cancel when callback is being cancelled Given a schedule: timer1 cb timer2 cb bpf_timer... • https://git.kernel.org/stable/c/b00628b1c7d595ae5b544e059c27b1f5828314b4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42238 – firmware: cs_dsp: Return error if block header overflows file
https://notcve.org/view.php?id=CVE-2024-42238
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. ... A denial of serv... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42237 – firmware: cs_dsp: Validate payload length before processing block
https://notcve.org/view.php?id=CVE-2024-42237
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. ... • https://git.kernel.org/stable/c/f6bc909e7673c30abcbdb329e7d0aa2e83c103d7 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42236 – usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()
https://notcve.org/view.php?id=CVE-2024-42236
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. ... • https://git.kernel.org/stable/c/a444c3fc264119801575ab086e03fb4952f23fd0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42235 – s390/mm: Add NULL pointer check to crst_table_free() base_crst_free()
https://notcve.org/view.php?id=CVE-2024-42235
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() crst_table_free() used to work with NULL pointers before the conversion to ptdescs. In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add NULL pointer check to crst_table_free() base_crst_free() crst_table_free() used to work with NULL pointers before the conversion to ptdescs. ... • https://git.kernel.org/stable/c/6326c26c1514757242829b292b26eac589013200 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42234 – mm: fix crashes from deferred split racing folio migration
https://notcve.org/view.php?id=CVE-2024-42234
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags when freeing, yet the flags shown are not bad: PG_locked had been set and cleared??)... In the Linux kernel, the following vulnerability has been resolved: mm: fix crashes from deferred split racing folio migration Even on 6.10-rc6, I've been seeing elusive "Bad page state"s (often on flags wh... • https://git.kernel.org/stable/c/9bcef5973e31020e5aa8571eb994d67b77318356 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42233 – filemap: replace pte_offset_map() with pte_offset_map_nolock()
https://notcve.org/view.php?id=CVE-2024-42233
07 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). ... In the Linux kernel, the following vulnerability has been resolved: filemap: replace pte_offset_map() with pte_offset_map_nolock() The vmf->ptl in filemap_fault_recheck_pte_none() is still set from handle_pte_fault(). • https://git.kernel.org/stable/c/58f327f2ce80f9c7b4a70e9cf017ae8810d44a20 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42232 – libceph: fix race between delayed_work() and ceph_monc_stop()
https://notcve.org/view.php?id=CVE-2024-42232
07 Aug 2024 — To fix this: - clear monc->cur_mon and monc->hunting as part of closing the session in ceph_monc_stop() - bail from delayed_work() if monc->cur_mon is cleared, similar to how it's done in mon_fault() and finish_hunting() (based on monc->hunting) - call cancel_delayed_work_sync() after the session is closed In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to... • https://git.kernel.org/stable/c/1177afeca833174ba83504688eec898c6214f4bf •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2024-7055 – FFmpeg pnmdec.c pnm_decode_frame heap-based overflow
https://notcve.org/view.php?id=CVE-2024-7055
06 Aug 2024 — A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical. This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. • https://ffmpeg.org • CWE-122: Heap-based Buffer Overflow •