CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36880 – Bluetooth: qca: add missing firmware sanity checks
https://notcve.org/view.php?id=CVE-2024-36880
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: agregar comprobaciones de integridad del firmware faltantes Agregue las comprobaciones de integridad del firmware faltantes al analizar los archivos de firmware antes de descargarlos para evitar acceder y dañar la memoria más allá del búfer vmalloced. • https://git.kernel.org/stable/c/83e81961ff7ef75f97756f316caea5aa6bcc19cc https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307 https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36033 – Bluetooth: qca: fix info leak when fetching board id
https://notcve.org/view.php?id=CVE-2024-36033
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching board id Add the missing sanity check when fetching the board id to avoid leaking slab data when later requesting the firmware. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: corrige la fuga de información al obtener la identificación de la placa. Agregue la verificación de cordura que falta al recuperar la identificación de la placa para evitar fugas de datos de losa cuando luego solicite el firmware. • https://git.kernel.org/stable/c/a7f8dedb4be2cc930a29af24427b885405ecd15d https://git.kernel.org/stable/c/f30c37cb4549baf8377434892d520fe7769bdba7 https://git.kernel.org/stable/c/0adcf6be1445ed50bfd4a451a7a782568f270197 https://git.kernel.org/stable/c/a3dff121a7f5104c4c2d47edaa2351837ef645dd https://git.kernel.org/stable/c/bcccdc947d2ca5972b1e92d0dea10803ddc08ceb https://git.kernel.org/stable/c/ba307abed5e09759845c735ba036f8c12f55b209 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36032 – Bluetooth: qca: fix info leak when fetching fw build id
https://notcve.org/view.php?id=CVE-2024-36032
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: qca: corrige la fuga de información al recuperar el ID de compilación del firmware. Agregue las comprobaciones de cordura que faltan y mueva el búfer de ID de compilación de 255 bytes fuera de la pila para evitar la filtración de datos de la pila a través de debugfs en en caso de que la respuesta de información de compilación esté mal formada. • https://git.kernel.org/stable/c/c0187b0bd3e94c48050687d87b2c3c9fbae98ae9 https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488 https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1 https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36031 – keys: Fix overwrite of key expiration on instantiation
https://notcve.org/view.php?id=CVE-2024-36031
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: claves: se corrige la sobrescritura de la caducidad de la clave al crear instancias. El tiempo de caducidad de una clave se sobrescribe incondicionalmente durante la creación de instancias, y de forma predeterminada se vuelve permanente. • https://git.kernel.org/stable/c/97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac https://git.kernel.org/stable/c/2552b32b0b349df160a509fe49f5f308cb922f2b https://git.kernel.org/stable/c/791d5409cdb974c31a1bc7a903ea729ddc7d83df https://git.kernel.org/stable/c/afc360e8a1256acb7579a6f5b6f2c30b85b39301 https://git.kernel.org/stable/c/39299bdd2546688d92ed9db4948f6219ca1b9542 https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d • CWE-324: Use of a Key Past its Expiration Date •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52882 – clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change
https://notcve.org/view.php?id=CVE-2023-52882
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change While PLL CPUX clock rate change when CPU is running from it works in vast majority of cases, now and then it causes instability. This leads to system crashes and other undefined behaviour. After a lot of testing (30+ hours) while also doing a lot of frequency switches, we can't observe any instability issues anymore when doing reparenting to stable clock like 24 MHz oscillator. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: sunxi-ng: h6: CPUX reparent durante el cambio de velocidad de CPUX de PLL. Mientras que el cambio de velocidad de reloj de CPUX de PLL cuando la CPU se está ejecutando, funciona en la gran mayoría de los casos, de vez en cuando provoca inestabilidad. • https://git.kernel.org/stable/c/524353ea480b0094c16f2b5684ce7e0a23ab3685 https://git.kernel.org/stable/c/fe11826ffa200e1a7a826e745163cb2f47875f66 https://git.kernel.org/stable/c/bfc78b4628497eb6df09a6b5bba9dd31616ee175 https://git.kernel.org/stable/c/f1fa9a9816204ac4b118b2e613d3a7c981355019 https://git.kernel.org/stable/c/70f64cb29014e4c4f1fabd3265feebd80590d069 https://git.kernel.org/stable/c/0b82eb134d2942ecc669e2ab2be3f0a58d79428a https://git.kernel.org/stable/c/9708e5081cfc4f085690294163389bcf82655f90 https://git.kernel.org/stable/c/7e91ed763dc07437777bd012af7a2bd44 •