CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44966 – binfmt_flat: Fix corruption when not offsetting data start
https://notcve.org/view.php?id=CVE-2024-44966
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers. However, it did not disable the code which initializes the array, resulting in the corruption of sizeof(long) bytes before the DATA segment, generally the end of the TEXT se... • https://git.kernel.org/stable/c/04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44965 – x86/mm: Fix pti_clone_pgtable() alignment assumption
https://notcve.org/view.php?id=CVE-2024-44965
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end con... • https://git.kernel.org/stable/c/16a3fe634f6a568c6234b8747e5d50487fed3526 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44963 – btrfs: do not BUG_ON() when freeing tree block after error
https://notcve.org/view.php?id=CVE-2024-44963
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). The error most likely to happen is -ENOMEM, and we have a comment mentioning that only -ENOMEM can happen, but that is not true, because in case qgroups are enabled any error returned from btrfs_qgroup_trace_extent_post() (can be -EUCLE... • https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-44960 – usb: gadget: core: Check for unset descriptor
https://notcve.org/view.php?id=CVE-2024-44960
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug duri... • https://git.kernel.org/stable/c/d1c188d330ca33cc35d1590441ba276f31144299 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44958 – sched/smt: Fix unbalance sched_smt_present dec/inc
https://notcve.org/view.php?id=CVE-2024-44958
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44957 – xen: privcmd: Switch from mutex to spinlock for irqfds
https://notcve.org/view.php?id=CVE-2024-44957
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can't use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock. In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wak... • https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44954 – ALSA: line6: Fix racy access to midibuf
https://notcve.org/view.php?id=CVE-2024-44954
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6:... • https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44951 – serial: sc16is7xx: fix TX fifo corruption
https://notcve.org/view.php?id=CVE-2024-44951
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on channel A is transmitted on channel B. In other words, the Tx buffer data on channel B is corrupted with data from channel A. The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change EFR lock to o... • https://git.kernel.org/stable/c/4409df5866b7ff7686ba27e449ca97a92ee063c9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44950 – serial: sc16is7xx: fix invalid FIFO access with special register set
https://notcve.org/view.php?id=CVE-2024-44950
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DLL register, resulting in erroneous FIFO reading. Call graph example: sc16is7xx_startup(): entry sc16is7xx_ms_proc(): entry sc16is7xx_set_termios... • https://git.kernel.org/stable/c/dfeae619d781dee61666d5551b93ba3be755a86b •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44949 – parisc: fix a possible DMA corruption
https://notcve.org/view.php?id=CVE-2024-44949
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As ... • https://git.kernel.org/stable/c/00baca74fb5879e5f9034b6156671301f500f8ee •