CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50010 – exec: don't WARN for racy path_noexec check
https://notcve.org/view.php?id=CVE-2024-50010
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy path_noexec check Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two commits: 633fb6ac3980 ("exec: move S_ISREG() check earlier") 0fd338b2d2cd ("exec: move path_noexec() check earlier") Instead of being removed said checks are WARN_ON'ed instead, which has some debug value. However... • https://git.kernel.org/stable/c/c9b77438077d5a20c79ead95bcdaf9bd4797baaf •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50009 – cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value
https://notcve.org/view.php?id=CVE-2024-50009
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/5f250d44b8191d612355dd97b89b37bbc1b5d2cb •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50008 – wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
https://notcve.org/view.php?id=CVE-2024-50008
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`. With this, fix the following warning: elo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------ elo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field "ext_scan->tlv_buffer" at drivers/net/wire... • https://git.kernel.org/stable/c/b55c8848fdc81514ec047b2a0ec782ffe9ab5323 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50007 – ALSA: asihpi: Fix potential OOB array access
https://notcve.org/view.php?id=CVE-2024-50007
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity check of the array index to fit in the array size. • https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50006 – ext4: fix i_data_sem unlock order in ext4_ind_migrate()
https://notcve.org/view.php?id=CVE-2024-50006
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system cal... • https://git.kernel.org/stable/c/4192adefc9c570698821c5eb9873320eac2fcbf1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50004 – drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35
https://notcve.org/view.php?id=CVE-2024-50004
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override to match HW spec. (cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba) • https://git.kernel.org/stable/c/945dc25eda88b5d6e30c9686dc619ab981c22d0e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50003 – drm/amd/display: Fix system hang while resume with TBT monitor
https://notcve.org/view.php?id=CVE-2024-50003
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during the resume procedure and call the drm_client_modeset_probe() while struct drm_connector connector->dev->master is NULL. It will mess up the pipe topology after resume. [How] Skip the TBT monitor HPD during the resume procedure beca... • https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49997 – net: ethernet: lantiq_etop: fix memory disclosure
https://notcve.org/view.php?id=CVE-2024-49997
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. • https://git.kernel.org/stable/c/504d4721ee8e432af4b5f196a08af38bc4dac5fe •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49995 – tipc: guard against string buffer overrun
https://notcve.org/view.php?id=CVE-2024-49995
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility... • https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49994 – block: fix integer overflow in BLKSECDISCARD
https://notcve.org/view.php?id=CVE-2024-49994
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_secto... • https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa •