CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40992 – RDMA/rxe: Fix responder length checking for UD request packets
https://notcve.org/view.php?id=CVE-2024-40992
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But ... • https://git.kernel.org/stable/c/689c5421bfe0eac65526bd97a466b9590a6aad3c •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40991 – dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()
https://notcve.org/view.php?id=CVE-2024-40991
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() The of_k3_udma_glue_parse_chn_by_id() helper function erroneously invokes "of_node_put()" on the "udmax_np" device-node passed to it, without having incremented its reference count at any point. Fix it. In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() The of_k3_udma_glue_parse_chn_by_id() h... • https://git.kernel.org/stable/c/81a1f90f20af71728f900f245aa69e9425fdef84 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40990 – RDMA/mlx5: Add check for srq max_sge attribute
https://notcve.org/view.php?id=CVE-2024-40990
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum a... • https://git.kernel.org/stable/c/e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40989 – KVM: arm64: Disassociate vcpus from redistributor region on teardown
https://notcve.org/view.php?id=CVE-2024-40989
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu. A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory co... • https://git.kernel.org/stable/c/e5a35635464bc5304674b84ea42615a3fd0bd949 • CWE-825: Expired Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40988 – drm/radeon: fix UBSAN warning in kv_dpm.c
https://notcve.org/view.php?id=CVE-2024-40988
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. • https://git.kernel.org/stable/c/07e8f15fa16695cf4c90e89854e59af4a760055b • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40987 – drm/amdgpu: fix UBSAN warning in kv_dpm.c
https://notcve.org/view.php?id=CVE-2024-40987
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. • https://git.kernel.org/stable/c/4ad7d49059358ceadd352b4e2511425bdb68f400 •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40986 – dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()
https://notcve.org/view.php?id=CVE-2024-40986
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr() Requests the vchan lock before using xdma->stop_request. • https://git.kernel.org/stable/c/6a40fb8245965b481b4dcce011cd63f20bf91ee0 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40985 – net/tcp_ao: Don't leak ao_info on error-path
https://notcve.org/view.php?id=CVE-2024-40985
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-path It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 [1] of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo. [1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/ In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-p... • https://git.kernel.org/stable/c/0aadc73995d08f6b0dc061c14a564ffa46f5914e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40984 – ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
https://notcve.org/view.php?id=CVE-2024-40984
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present. • https://git.kernel.org/stable/c/d410ee5109a1633a686a5663c6743a92e1181f9b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40983 – tipc: force a dst refcount before doing decryption
https://notcve.org/view.php?id=CVE-2024-40983
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers." On TIPC decryption path it has the same problem, and skb_dst_force() should be called befor... • https://git.kernel.org/stable/c/fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 • CWE-911: Improper Update of Reference Count •