CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42160 – f2fs: check validation of fault attrs in f2fs_build_fault_attr()
https://notcve.org/view.php?id=CVE-2024-42160
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f... • https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42159 – scsi: mpi3mr: Sanitise num_phys
https://notcve.org/view.php?id=CVE-2024-42159
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed. A vulnerability was found in the Linux kernel's mpi3mr driver in the mpi3mr... • https://git.kernel.org/stable/c/c4f7ac64616ee513f9ac4ae6c4d8c3cccb6974df • CWE-787: Out-of-bounds Write •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42158 – s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings
https://notcve.org/view.php?id=CVE-2024-42158
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770) In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42157 – s390/pkey: Wipe sensitive data on failure
https://notcve.org/view.php?id=CVE-2024-42157
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. ... Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42156 – s390/pkey: Wipe copies of clear-key structures on failure
https://notcve.org/view.php?id=CVE-2024-42156
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 1.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42155 – s390/pkey: Wipe copies of protected- and secure-keys
https://notcve.org/view.php?id=CVE-2024-42155
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visibl... • https://git.kernel.org/stable/c/e80d4af0a320972aac58e2004d0ba4e44ef4c5c7 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42154 – tcp_metrics: validate source addr length
https://notcve.org/view.php?id=CVE-2024-42154
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated). In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at le... • https://git.kernel.org/stable/c/3e7013ddf55af7bc191792b8aea0c2b94fb0fef5 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42153 – i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr
https://notcve.org/view.php?id=CVE-2024-42153
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr When del_timer_sync() is called in an interrupt context it throws a warning because of potential deadlock. In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr When del_timer_sync() is called in an interrupt context it throws a warning because of potential deadlock... • https://git.kernel.org/stable/c/41561f28e76a47dc6de0a954da85d0b5c42874eb •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42152 – nvmet: fix a possible leak when destroy a ctrl during qp establishment
https://notcve.org/view.php?id=CVE-2024-42152
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primarily), and drop the final reference on the ctrl. In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a po... • https://git.kernel.org/stable/c/2f3c22b1d3d7e86712253244797a651998c141fa • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42151 – bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
https://notcve.org/view.php?id=CVE-2024-42151
30 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first parameter of the test_1() function. In the Linux kernel, the following vulnerability has been resolved: bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable Test case dummy_st_ops/dummy_init_ret_value passes NULL as the first parameter of the test_1() function. ... • https://git.kernel.org/stable/c/c196906d50e360d82ed9aa5596a9d0ce89b7ab78 •