CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35829 – drm/lima: fix a memleak in lima_heap_alloc
https://notcve.org/view.php?id=CVE-2024-35829
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/lima: corregida una fuga de mem en lima_heap_alloc Cuando falla lima_vm_map_bo, es necesario desasignar los recursos o habrá fugas de memoria. In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in ... • https://git.kernel.org/stable/c/6aebc51d7aeff5a30d86485f320f0c871b5f23a4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35828 – wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
https://notcve.org/view.php?id=CVE-2024-35828
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaración for de... • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35826 – block: Fix page refcounts for unaligned buffers in __bio_release_pages()
https://notcve.org/view.php?id=CVE-2024-35826
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: Fix page refcounts for unaligned buffers in __bio_release_pages() Fix an incorrect number of pages being released for buffers that do not start at the beginning of a page. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bloquear: corregidos recuentos de páginas para buffers no alineados en __bio_release_pages() Corrige un número incorrecto de páginas que se liberan para buffers que no comienzan al principio de una pág... • https://git.kernel.org/stable/c/9025ee1079291fac79c7fcc20086e9f0015f86f4 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-35825 – usb: gadget: ncm: Fix handling of zero block length packets
https://notcve.org/view.php?id=CVE-2024-35825
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometimes and have block length zero but still contain 1-2 valid datagrams present. According to the NCM spec: "If wBlockLength = 0x0000, the block is terminated by a short packet. In this case, the USB transfer must ... • https://git.kernel.org/stable/c/ff3ba016263ee93a1c6209bf5ab1599de7ab1512 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35823 – vt: fix unicode buffer corruption when deleting characters
https://notcve.org/view.php?id=CVE-2024-35823
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to the overlaping buffers. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vt: corregida la corrupción del búfer Unicode al eliminar caracteres. Este e... • https://git.kernel.org/stable/c/81732c3b2fede049a692e58a7ceabb6d18ffb18c • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35822 – usb: udc: remove warning when queue disabled ep
https://notcve.org/view.php?id=CVE-2024-35822
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is mass storage function try to queue request from main thread, but other thread may already disable ep when function disable. As there is no function failure in ... • https://git.kernel.org/stable/c/2b002c308e184feeaeb72987bca3f1b11e5f70b8 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35821 – ubifs: Set page uptodate in the correct place
https://notcve.org/view.php?id=CVE-2024-35821
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into ubifs_write_end(), which is after we copied the new data into the page. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ubifs: establece la act... • https://git.kernel.org/stable/c/1e51764a3c2ac05a23a22b2a95ddee4d9bffb16d • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-35819 – soc: fsl: qbman: Use raw spinlock for cgr_lock
https://notcve.org/view.php?id=CVE-2024-35819
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock for cgr_lock to ensure we aren't waiting on a sleeping task. Although this bug has existed for a while, it was not apparent until commit ef2a8d5478b9 ("net: dpaa: Adjust queue depth on rate change") which invokes smp_call_function_single via qman_update... • https://git.kernel.org/stable/c/96f413f47677366e0ae03797409bfcc4151dbf9e •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35817 – drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag
https://notcve.org/view.php?id=CVE-2024-35817
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag Otherwise after the GTT bo is released, the GTT and gart space is freed but amdgpu_ttm_backend_unbind will not clear the gart page table entry and leave valid mapping entry pointing to the stale system page. Then if GPU access the gart address mistakely, it will read undefined value instead page fault, harder to debug and reproduce the real issue. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/5d5f1a7f3b1039925f79c7894f153c2a905201fb •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35815 – fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion
https://notcve.org/view.php?id=CVE-2024-35815
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion The first kiocb_set_cancel_fn() argument may point at a struct kiocb that is not embedded inside struct aio_kiocb. With the current code, depending on the compiler, the req->ki_ctx read happens either before the IOCB_AIO_RW test or after that test. Move the req->ki_ctx read such that it is guaranteed that the IOCB_AIO_RW test happens first. En el kernel de Linux, se resolvió l... • https://git.kernel.org/stable/c/337b543e274fe7a8f47df3c8293cc6686ffa620f •