CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35963 – Bluetooth: hci_sock: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35963
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_sock: solución que no valida la entrada del usuario setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. Ubuntu Security Notice 7179-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel containe... • https://git.kernel.org/stable/c/09572fca7223bcf32c9f0d5e100d8381a81d55f4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35962 – netfilter: complete validation of user input
https://notcve.org/view.php?id=CVE-2024-35962
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the @optlen validation before even calling xt_alloc_table_info() with the following check: if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL; En el kernel de Linux, se resolvió la siguiente vulnerabilida... • https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35961 – net/mlx5: Register devlink first under devlink lock
https://notcve.org/view.php?id=CVE-2024-35961
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, the driver will report the error to user via devlink. This will trigger a WARN_ON, since mlx5 is calling devlink_register() last. In order to avoid the WARN_ON[1], change mlx5 to invoke devl_register() first under devlink lock. [1] WARNING: CPU: 5 PID: 227 at net/devlink/health.c:483 devlink_recover_notify.constprop.0+0xb8/0xc0 CP... • https://git.kernel.org/stable/c/cf530217408e3686f7002429769ede59dd931151 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35960 – net/mlx5: Properly link new fs rules into the tree
https://notcve.org/view.php?id=CVE-2024-35960
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent ste... • https://git.kernel.org/stable/c/74491de937125d0c98c9b9c9208b4105717a3caa • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35959 – net/mlx5e: Fix mlx5e_priv_init() cleanup flow
https://notcve.org/view.php?id=CVE-2024-35959
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockdep_is_held(). Acquire the state_lock in mlx5e_selq_cleanup(). Kernel log: ============================= WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted ----------------------------- drivers/net/ethernet/mellanox... • https://git.kernel.org/stable/c/8bf30be75069d6080659de9a28565c048f6cef9b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35958 – net: ena: Fix incorrect descriptor free behavior
https://notcve.org/view.php?id=CVE-2024-35958
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all descriptors in a TX queue and unmaps + frees every descriptor that hasn't been acknowledged yet by the device (uncompleted TX transactions). The function as... • https://git.kernel.org/stable/c/548c4940b9f1f527f81509468dd60b61418880b6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35956 – btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
https://notcve.org/view.php?id=CVE-2024-35956
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a... • https://git.kernel.org/stable/c/e85fde5162bf1b242cbd6daf7dba0f9b457d592b •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-35955 – kprobes: Fix possible use-after-free issue on kprobe registration
https://notcve.org/view.php?id=CVE-2024-35955
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succee... • https://git.kernel.org/stable/c/1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35954 – scsi: sg: Avoid sg device teardown race
https://notcve.org/view.php?id=CVE-2024-35954
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. The resulting NULL pointer exception will then crash the kernel. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/db59133e927916d8a25ee1fd8264f2808040909d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35953 – accel/ivpu: Fix deadlock in context_xa
https://notcve.org/view.php?id=CVE-2024-35953
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context. It requires XA_FLAGS_LOCK_IRQ flag to be passed during initialization otherwise the lock could be acquired from a thread and interrupted by an IRQ that locks it for the second time causing the deadlock. This deadlock was reported by lockdep and observed in internal tests. En el kernel de Linux, se resolvió la siguiente vulnerabili... • https://git.kernel.org/stable/c/35b137630f08d913fc2e33df33ccc2570dff3f7d •