CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40988 – drm/radeon: fix UBSAN warning in kv_dpm.c
https://notcve.org/view.php?id=CVE-2024-40988
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. • https://git.kernel.org/stable/c/07e8f15fa16695cf4c90e89854e59af4a760055b • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40987 – drm/amdgpu: fix UBSAN warning in kv_dpm.c
https://notcve.org/view.php?id=CVE-2024-40987
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. • https://git.kernel.org/stable/c/4ad7d49059358ceadd352b4e2511425bdb68f400 •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40986 – dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr()
https://notcve.org/view.php?id=CVE-2024-40986
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix data synchronisation in xdma_channel_isr() Requests the vchan lock before using xdma->stop_request. • https://git.kernel.org/stable/c/6a40fb8245965b481b4dcce011cd63f20bf91ee0 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40985 – net/tcp_ao: Don't leak ao_info on error-path
https://notcve.org/view.php?id=CVE-2024-40985
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-path It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 [1] of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo. [1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/ In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-p... • https://git.kernel.org/stable/c/0aadc73995d08f6b0dc061c14a564ffa46f5914e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40984 – ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
https://notcve.org/view.php?id=CVE-2024-40984
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlapping page boundaries, as it can trigger warnings if different page attributes are present. • https://git.kernel.org/stable/c/d410ee5109a1633a686a5663c6743a92e1181f9b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40983 – tipc: force a dst refcount before doing decryption
https://notcve.org/view.php?id=CVE-2024-40983
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: force a dst refcount before doing decryption As it says in commit 3bc07321ccc2 ("xfrm: Force a dst refcount before entering the xfrm type handlers"): "Crypto requests might return asynchronous. In this case we leave the rcu protected region, so force a refcount on the skb's destination entry before we enter the xfrm type input/output handlers." On TIPC decryption path it has the same problem, and skb_dst_force() should be called befor... • https://git.kernel.org/stable/c/fc1b6d6de2208774efd2a20bf0daddb02d18b1e0 • CWE-911: Improper Update of Reference Count •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40982 – ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
https://notcve.org/view.php?id=CVE-2024-40982
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attemptin... • https://git.kernel.org/stable/c/c5dc2d8eb3981bae261ea7d1060a80868e886813 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40981 – batman-adv: bypass empty buckets in batadv_purge_orig_ref()
https://notcve.org/view.php?id=CVE-2024-40981
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40980 – drop_monitor: replace spin_lock by raw_spin_lock
https://notcve.org/view.php?id=CVE-2024-40980
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47 preempt_count: 1, ex... • https://git.kernel.org/stable/c/594e47957f3fe034645e6885393ce96c12286334 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40979 – wifi: ath12k: fix kernel crash during resume
https://notcve.org/view.php?id=CVE-2024-40979
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix kernel crash during resume Currently during resume, QMI target memory is not properly handled, resulting in kernel crash in case DMA remap is not supported: BUG: Bad page state in process kworker/u16:54 pfn:36e80 page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x36e80 page dumped because: nonzero _refcount Call Trace: bad_page free_page_is_bad_report __free_pages_ok __free_pages dma_direct_free dma_free_... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •