CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49969 – drm/amd/display: Fix index out of bounds in DCN30 color transformation
https://notcve.org/view.php?id=CVE-2024-49969
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color management module. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS). The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i'... • https://git.kernel.org/stable/c/7ab69af56a23859b647dee69fa1052c689343621 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49968 – ext4: filesystems without casefold feature cannot be mounted with siphash
https://notcve.org/view.php?id=CVE-2024-49968
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SI... • https://git.kernel.org/stable/c/e1373903db6c4ac994de0d18076280ad88e12dee •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49967 – ext4: no need to continue when the number of entries is 1
https://notcve.org/view.php?id=CVE-2024-49967
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: no need to continue when the number of entries is 1 Ubuntu Security Notice 7166-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49966 – ocfs2: cancel dqi_sync_work before freeing oinfo
https://notcve.org/view.php?id=CVE-2024-49966
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled: ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c This reports that there is an active delayed work when freeing oinf... • https://git.kernel.org/stable/c/171bf93ce11f4c9929fdce6ce63df8da2f3c4475 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49962 – ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
https://notcve.org/view.php?id=CVE-2024-49962
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPICA commit 4d4547cf13cca820ff7e0f859ba83e1a610b9fd0 ACPI_ALLOCATE_ZEROED() may fail, elements might be NULL and will cause NULL pointer dereference later. [ rjw: Subject and changelog edits ] In the Linux kernel, the following vulnerability has been resolved: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() ACPICA commit... • https://git.kernel.org/stable/c/4669da66ebc5b09881487f30669b0fcdb462188e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49960 – ext4: fix timer use-after-free on failed mount
https://notcve.org/view.php?id=CVE-2024-49960
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We should guarantee the timer is no longer active before kfree(sbi). When filesystem mounting fails, the flow goes to failed_mount3, where an error occurs when ext4_stop_mmpd is called, causing a read I/O failure. This triggers the ext4_handl... • https://git.kernel.org/stable/c/cf3196e5e2f36cd80dab91ffae402e13935724bc •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49959 – jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
https://notcve.org/view.php?id=CVE-2024-49959
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while executing jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free space right away, we try other branches, and if j_committing_transaction is NULL (i.e., the tid is 0), we will get the following complain: ==========... • https://git.kernel.org/stable/c/8c3f25d8950c3e9fe6c9849f88679b3f2a071550 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49957 – ocfs2: fix null-ptr-deref when journal load failed.
https://notcve.org/view.php?id=CVE-2024-49957
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd2_update_log_tail()->jbd2_journal_update_sb_log_tail() ->lock_buffer(journal->j_sb_buffer), resulting in a null-pointer dereference error. To re... • https://git.kernel.org/stable/c/f6f50e28f0cb8d7bcdfaacc83129f005dede11b1 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49944 – sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
https://notcve.org/view.php?id=CVE-2024-49944
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_has... • https://git.kernel.org/stable/c/5e8f3f703ae4e4af65e2695e486b3cd198328863 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49940 – l2tp: prevent possible tunnel refcount underflow
https://notcve.org/view.php?id=CVE-2024-49940
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. When the session refcount drops to 0, l2tp_session_free drops the tunnel refcount if session->tunnel is non-NULL. However, session->tunnel is set in l2tp_session_create, before the tunnel refcount is incremented by l2tp_session_register, which leaves a small window where session->tunnel is non-NULL when the tunnel refcount hasn't... • https://git.kernel.org/stable/c/f7415e60c25a6108cd7955a20b2e66b6251ffe02 •