CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35960 – net/mlx5: Properly link new fs rules into the tree
https://notcve.org/view.php?id=CVE-2024-35960
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent ste... • https://git.kernel.org/stable/c/74491de937125d0c98c9b9c9208b4105717a3caa • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35958 – net: ena: Fix incorrect descriptor free behavior
https://notcve.org/view.php?id=CVE-2024-35958
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all descriptors in a TX queue and unmaps + frees every descriptor that hasn't been acknowledged yet by the device (uncompleted TX transactions). The function as... • https://git.kernel.org/stable/c/548c4940b9f1f527f81509468dd60b61418880b6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35956 – btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
https://notcve.org/view.php?id=CVE-2024-35956
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a... • https://git.kernel.org/stable/c/e85fde5162bf1b242cbd6daf7dba0f9b457d592b •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-35955 – kprobes: Fix possible use-after-free issue on kprobe registration
https://notcve.org/view.php?id=CVE-2024-35955
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succee... • https://git.kernel.org/stable/c/1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35951 – drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
https://notcve.org/view.php?id=CVE-2024-35951
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Subject: [PATCH] drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let... • https://git.kernel.org/stable/c/187d2929206e6b098312c174ea873e4cedf5420d •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35950 – drm/client: Fully protect modes[] with dev->mode_config.mutex
https://notcve.org/view.php?id=CVE-2024-35950
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/client: Protege completamente los modos[] con dev-&... • https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35949 – btrfs: make sure that WRITTEN is set on all metadata blocks
https://notcve.org/view.php?id=CVE-2024-35949
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checking, because we could end up with corruption on disk where WRITTEN isn't set on the leaf, and then the extended leaf checks don't get run which we rely on to valid... • https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35947 – dyndbg: fix old BUG_ON in >control parser
https://notcve.org/view.php?id=CVE-2024-35947
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dyndbg: corrige el antiguo BUG_ON en >control parser. Corrige un BUG_ON de 2009. Incluso si parece "unreachable" (realmente no lo miré), asegurémonos eliminándolo. haciendo pr_err y... • https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35945 – net: phy: phy_device: Prevent nullptr exceptions on ISR
https://notcve.org/view.php?id=CVE-2024-35945
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: phy: phy_device: Prevent nullptr exceptions on ISR If phydev->irq is set unconditionally, check for valid interrupt handler or fall back to polling mode to prevent nullptr exceptions in interrupt service routine. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: phy_device: previene excepciones nullptr en ISR. Si phydev->irq está configurado incondicionalmente, verifique si hay un controlador de interrupci... • https://git.kernel.org/stable/c/7a71f61ebf95cedd3f245db6da397822971d8db5 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35944 – VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
https://notcve.org/view.php?id=CVE-2024-35944
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24) WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237 dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237 Some code commentry, based on my understanding: 544... • https://git.kernel.org/stable/c/e87bb99d2df6512d8ee37a5d63d2ca9a39a8c051 •