CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40965 – i2c: lpi2c: Avoid calling clk_get_rate during transfer
https://notcve.org/view.php?id=CVE-2024-40965
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. When this clock provider adds its clock, the clk mutex is locked already, it needs to access i2c, which in return needs the mutex for clk_get_rate as well. A vulnerability was found in the lpi2c driver i... • https://git.kernel.org/stable/c/d038693e08adf9c162c6377800495e4f5a2df045 • CWE-833: Deadlock •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40964 – ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind()
https://notcve.org/view.php?id=CVE-2024-40964
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() The cs35l41_hda_unbind() function clears the hda_component entry matching it's index and then dereferences the codec pointer held in the first element of the hda_component array, this is an issue when the device index was 0. Instead use the codec pointer stashed in the cs35l41_hda structure as it will still be valid. In the Linux kernel, the following vulnerabilit... • https://git.kernel.org/stable/c/7cf5ce66dfda2be444ea668c3d48f732ba4a7fd1 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40963 – mips: bmips: BCM6358: make sure CBR is correctly set
https://notcve.org/view.php?id=CVE-2024-40963
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: mips: bmips: BCM6358: make sure CBR is correctly set It was discovered that some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called. This was notice in situation where the system is booted from TP1 and BMIPS_GET_CBR() returns 0 instead of a valid address and !!(read_c0_brcm_cmt_local() & (1 << 31)); not failing. The current check whether RAC flush should be disabled or not are not enough hence let... • https://git.kernel.org/stable/c/d65de5ee8b72868fbbbd39ca73017d0e526fa13a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40962 – btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes
https://notcve.org/view.php?id=CVE-2024-40962
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that when he's running fstests' test-case btrfs/167 on emulated zoned devices, he's seeing the following NULL pointer dereference in 'btrfs_zone_finish_endio()': Oops: general protection fault, probably for non-canonical address 0xdffffc0000000011: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000088-0x000000000000008f] CPU... • https://git.kernel.org/stable/c/cbfce4c7fbde23cc8bcba44822a58c728caf6ec9 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40961 – ipv6: prevent possible NULL deref in fib6_nh_init()
https://notcve.org/view.php?id=CVE-2024-40961
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x00000000000005e0-0x00000000000005e7] CPU: 0 PID: 11237 Comm: syz-executor.3 N... • https://git.kernel.org/stable/c/428604fb118facce1309670779a35baf27ad044c • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40960 – ipv6: prevent possible NULL dereference in rt6_probe()
https://notcve.org/view.php?id=CVE-2024-40960
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000658-0x000000000000065f] CPU: 1 PID: 22444 Comm: syz-executor.0 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardwa... • https://git.kernel.org/stable/c/52e1635631b342803aecaf81a362c1464e3da2e5 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40959 – xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
https://notcve.org/view.php?id=CVE-2024-40959
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 PID: 12 Comm: kworker/u8:1 Not tainted 6.10.0-rc2-syzkaller-00383-gb8481381d4e2 #0 Hardware name... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40958 – netns: Make get_net_ns() handle zero refcount net
https://notcve.org/view.php?id=CVE-2024-40958
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 7890 at lib/refcount.c:25 refcount_warn_saturate+0xdf/0x1d0 Modules linked in: CPU: 3 PID: 7890 Comm: tun Not tainted 6.10.0-rc3-00100-gcaa4f9578aba-dirty #310 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0xdf/0x1d0 Code: 41 49 04 31 ff ... • https://git.kernel.org/stable/c/0c3e0e3bb623c3735b8c9ab8aa8332f944f83a9f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40957 – seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors
https://notcve.org/view.php?id=CVE-2024-40957
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer dereference, as below: [74830.647293] BUG: kernel NULL pointer dereference, address: 0000000000000090 [74830.655633] #PF: supervisor read access i... • https://git.kernel.org/stable/c/7a3f5b0de3647c854e34269c3332d7a1e902901a • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40956 – dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list
https://notcve.org/view.php?id=CVE-2024-40956
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed via idxd_desc_complete() and there's a slight chance may cause issue for the list iterator when the descriptor is reused by another thread without it being deleted from the list. A vulnerability was found in the Linux kernel's DMA eng... • https://git.kernel.org/stable/c/16e19e11228ba660d9e322035635e7dcf160d5c2 • CWE-416: Use After Free •