CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48804 – vt_ioctl: fix array_index_nospec in vt_setactivate
https://notcve.org/view.php?id=CVE-2022-48804
Decreasing the value by one afterwards causes a transient integer underflow. vsa.console should be decreased first and then sanitized with array_index_nospec. Kasper Acknowledgements: Jakob Koschel, Brian Johannesmeyer, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida from the VUSec group at VU Amsterdam. • https://git.kernel.org/stable/c/830c5aa302ec16b4ee641aec769462c37f802c90 https://git.kernel.org/stable/c/2a45a6bd1e6d651770aafff57ab3e1d3bb0b42e0 https://git.kernel.org/stable/c/170325aba4608bde3e7d21c9c19b7bc266ac0885 https://git.kernel.org/stable/c/ae3d57411562260ee3f4fd5e875f410002341104 https://git.kernel.org/stable/c/778302ca09498b448620edd372dc908bebf80bdf https://git.kernel.org/stable/c/ffe54289b02e9c732d6f04c8ebbe3b2d90d32118 https://git.kernel.org/stable/c/6550bdf52846f85a2a3726a5aa0c7c4399f2fc02 https://git.kernel.org/stable/c/61cc70d9e8ef5b042d4ed87994d20100e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41000 – block/ioctl: prefer different overflow check
https://notcve.org/view.php?id=CVE-2024-41000
In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ..... arch_exit_to_user_mode_prepare+0x3a/0x60 [ 63.001479] entry_SYSCALL_64_after_hwframe+0x6f/0x77 [ 63.001535] RIP: 0033:0x7f7fd3ebf539 [ 63.001551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 14 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 63.001562] RSP: 002b:00007f7fd32570c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 63.001584] RAX: ffffffffffffffda RBX: 00007f7fd3ff3f80 RCX: 00007f7fd3ebf539 [ 63.001590] RDX: 4db6d1e4f7e43360 RSI: 0000000020000000 RDI: 0000000000000004 [ 63.001595] RBP: 00007f7fd3f1e496 R08: 0000000000000000 R09: 0000000000000000 [ 63.001599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 63.001604] R13: 0000000000000006 R14: 00007f7fd3ff3f80 R15: 00007ffd415ad2b8 ... [ 63.018142] ---[ end trace ]--- Historically, the signed integer overflow sanitizer did not work in the kernel due to its interaction with `-fwrapv` but this has since been changed [1] in the newest version of Clang; It was re-enabled in the kernel with Commit 557f8c582a9ba8ab ("ubsan: Reintroduce signed overflow sanitizer"). Let's rework this overflow checking logic to not actually perform an overflow during the check itself, thus avoiding the UBSAN splat. [1]: https://github.com/llvm/llvm-project/pull/82432 • https://git.kernel.org/stable/c/58706e482bf45c4db48b0c53aba2468c97adda24 https://git.kernel.org/stable/c/3220c90f4dbdc6d20d0608b164d964434a810d66 https://git.kernel.org/stable/c/61ec76ec930709b7bcd69029ef1fe90491f20cf9 https://git.kernel.org/stable/c/fd841ee01fb4a79cb7f5cc424b5c96c3a73b2d1e https://git.kernel.org/stable/c/54160fb1db2de367485f21e30196c42f7ee0be4e https://git.kernel.org/stable/c/ccb326b5f9e623eb7f130fbbf2505ec0e2dcaff9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40994 – ptp: fix integer overflow in max_vclocks_store
https://notcve.org/view.php?id=CVE-2024-40994
In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. • https://git.kernel.org/stable/c/44c494c8e30e35713c7d11ca3c5ab332cbfabacf https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0 •
CVSS: 9.0EPSS: 0%CPEs: -EXPL: 0CVE-2024-37310 – EVerest has an integer overflow in the "v2g_incoming_v2gtp" function
https://notcve.org/view.php?id=CVE-2024-37310
An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. • https://github.com/EVerest/everest-core/commit/f73620c4c0f626e1097068a47e10cc27b369ad8e https://github.com/EVerest/everest-core/releases/tag/2024.3.1 https://github.com/EVerest/everest-core/releases/tag/2024.6.0 https://github.com/EVerest/everest-core/security/advisories/GHSA-8g9q-7qr9-vc96 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23695
https://notcve.org/view.php?id=CVE-2024-23695
In CacheOpPMRExec of cache_km.c, there is a possible out of bounds write due to an integer overflow. • https://source.android.com/security/bulletin/2024-06-01 • CWE-190: Integer Overflow or Wraparound •