CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40944 – x86/kexec: Fix bug with call depth tracking
https://notcve.org/view.php?id=CVE-2024-40944
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Fix bug with call depth tracking The call to cc_platform_has() triggers a fault and system crash if call depth tracking is active because the GS segment has been reset by load_segments() and GS_BASE is now 0 but call depth tracking uses per-CPU variables to operate. Call cc_platform_has() earlier in the function when GS is still valid. [ bp: Massage. ] In the Linux kernel, the following vulnerability has been resolved: x86/kexec:... • https://git.kernel.org/stable/c/5d8213864ade86b48fc492584ea86d65a62f892e •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40943 – ocfs2: fix races between hole punching and AIO+DIO
https://notcve.org/view.php?id=CVE-2024-40943
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/300 [ 475.296983 ] JBD2: Ignoring recovery information on journal [ 475.302473 ] ocfs2: Mounting device (253,1) on (node local, slot 0) with order... • https://git.kernel.org/stable/c/b25801038da5823bba1b5440a57ca68afc51b6bd •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40942 – wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects
https://notcve.org/view.php?id=CVE-2024-40942
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix this by flushing all corresponding items of the preq_queue in mesh_path_flush_pending(). This should take care of KASAN reports like this: unref... • https://git.kernel.org/stable/c/050ac52cbe1f3de2fb0d06f02c7919ae1f691c9e •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40941 – wifi: iwlwifi: mvm: don't read past the mfuart notifcation
https://notcve.org/view.php?id=CVE-2024-40941
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past t... • https://git.kernel.org/stable/c/bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40940 – net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
https://notcve.org/view.php?id=CVE-2024-40940
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5_lag_create_port_sel_table(), instead of previously created rules, the tainted pointer is deleted deveral times. Fix this bug by using correct flow rules pointers. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer d... • https://git.kernel.org/stable/c/352899f384d4aefa77ede6310d08c1b515612a8f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40939 – net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
https://notcve.org/view.php?id=CVE-2024-40939
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer which actually holds error code value. Fix this bug by decreasing region index before delete. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerability has been resolved: net: w... • https://git.kernel.org/stable/c/4dcd183fbd67b105decc8be262311937730ccdbf • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40938 – landlock: Fix d_parent walk
https://notcve.org/view.php?id=CVE-2024-40938
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. [mic: Fix commit message] In the Linux kernel, the following vulnerability has been resolved: la... • https://git.kernel.org/stable/c/b91c3e4ea756b12b7d992529226edce1cfd854d7 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40937 – gve: Clear napi->skb before dev_kfree_skb_any()
https://notcve.org/view.php?id=CVE-2024-40937
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed. In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly lea... • https://git.kernel.org/stable/c/9b8dd5e5ea48bbb7532d20c4093a79d8283e4029 •
CVSS: 5.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40936 – cxl/region: Fix memregion leaks in devm_cxl_add_region()
https://notcve.org/view.php?id=CVE-2024-40936
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix memregion leaks in devm_cxl_add_region() Move the mode verification to __create_region() before allocating the memregion to avoid the memregion leaks. In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix memregion leaks in devm_cxl_add_region() Move the mode verification to __create_region() before allocating the memregion to avoid the memregion leaks. • https://git.kernel.org/stable/c/6e099264185d05f50400ea494f5029264a4fe995 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40935 – cachefiles: flush all requests after setting CACHEFILES_DEAD
https://notcve.org/view.php?id=CVE-2024-40935
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: flush all requests after setting CACHEFILES_DEAD In ondemand mode, when the daemon is processing an open request, if the kernel flags the cache as CACHEFILES_DEAD, the cachefiles_daemon_write() will always return -EIO, so the daemon can't pass the copen to the kernel. Then the kernel process that is waiting for the copen triggers a hung_task. Since the DEAD state is irreversible, it can only be exited by closing /dev/cachefiles.... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •