CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40999 – net: ena: Add validation for completion descriptors consistency
https://notcve.org/view.php?id=CVE-2024-40999
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that `first` flag is set only for the first descriptor in multi-buffer packets. In case of an invalid descriptor, a reset will occur. A new reset reason for RX data corruption has been added. In the Linux kernel, the following vulnerability has been resolved: net: ena: Add validation for completion descriptors consistency Validate that `first` flag is set only for the ... • https://git.kernel.org/stable/c/42146ee5286f16f1674a84f7c274dcca65c6ff2e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40998 – ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()
https://notcve.org/view.php?id=CVE-2024-40998
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() In the following concurrency we will access the uninitialized rs->lock: ext4_fill_super ext4_register_sysfs // sysfs registered msg_ratelimit_interval_ms // Other processes modify rs->interval to // non-zero via msg_ratelimit_interval_ms ext4_orphan_cleanup ext4_msg(sb, KERN_INFO, "Errors on filesystem, " __ext4_msg ___ratelimit(&(EXT4_SB(sb)->s_msg_ratelimit_state)... • https://git.kernel.org/stable/c/23afcd52af06880c6c913a0ad99022b8937b575c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40997 – cpufreq: amd-pstate: fix memory leak on CPU EPP exit
https://notcve.org/view.php?id=CVE-2024-40997
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that. [ rjw: Subject and changelog edits ] In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so f... • https://git.kernel.org/stable/c/448efb7ea0bfa2c4e27c5a2eb5684fd225cd12cd • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40996 – bpf: Avoid splat in pskb_pull_reason
https://notcve.org/view.php?id=CVE-2024-40996
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid splat in pskb_pull_reason syzkaller builds (CONFIG_DEBUG_NET=y) frequently trigger a debug hint in pskb_may_pull. We'd like to retain this debug check because it might hint at integer overflows and other issues (kernel code should pull headers, not huge value). In bpf case, this splat isn't interesting at all: such (nonsensical) bpf programs are typically generated by a fuzzer anyway. Do what Eric suggested and suppress such warn... • https://git.kernel.org/stable/c/8af60bb2b215f478b886f1d6d302fefa7f0b917d •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40995 – net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()
https://notcve.org/view.php?id=CVE-2024-40995
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions with the same index is sent, the second request will block forever on the first request. This holds rtnl_lock, and causes tasks to hang. Return -EAGAIN to prevent infinite looping, while keeping documented behavior. [1] INFO: task kwork... • https://git.kernel.org/stable/c/0190c1d452a91c38a3462abdd81752be1b9006a8 • CWE-833: Deadlock •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40994 – ptp: fix integer overflow in max_vclocks_store
https://notcve.org/view.php?id=CVE-2024-40994
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this. In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this. • https://git.kernel.org/stable/c/44c494c8e30e35713c7d11ca3c5ab332cbfabacf •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40993 – netfilter: ipset: Fix suspicious rcu_dereference_protected()
https://notcve.org/view.php?id=CVE-2024-40993
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The patch adds the required check to rcu_dereference_protected() in ip_set_dereference(). In the Linux kernel, the following vulnerability has been res... • https://git.kernel.org/stable/c/390b353d1a1da3e9c6c0fd14fe650d69063c95d6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40992 – RDMA/rxe: Fix responder length checking for UD request packets
https://notcve.org/view.php?id=CVE-2024-40992
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But ... • https://git.kernel.org/stable/c/689c5421bfe0eac65526bd97a466b9590a6aad3c •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40991 – dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()
https://notcve.org/view.php?id=CVE-2024-40991
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() The of_k3_udma_glue_parse_chn_by_id() helper function erroneously invokes "of_node_put()" on the "udmax_np" device-node passed to it, without having incremented its reference count at any point. Fix it. In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() The of_k3_udma_glue_parse_chn_by_id() h... • https://git.kernel.org/stable/c/81a1f90f20af71728f900f245aa69e9425fdef84 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40990 – RDMA/mlx5: Add check for srq max_sge attribute
https://notcve.org/view.php?id=CVE-2024-40990
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum a... • https://git.kernel.org/stable/c/e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c •