CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40904 – USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
https://notcve.org/view.php?id=CVE-2024-40904
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft lockup - CPU... • https://git.kernel.org/stable/c/9908a32e94de2141463e104c9924279ed3509447 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40903 – usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
https://notcve.org/view.php?id=CVE-2024-40903
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). This could happen when: * new (say invalid) source caps are advertised * the existing source caps are unregistered * tcpm_register_source_caps() returns with an error as usb_power_delivery_register_capabilities() fails This causes port->partner_source_caps to hold on to the now freed source ca... • https://git.kernel.org/stable/c/cfcd544a9974c6b6fb37ca385146e4796dcaf66d • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40902 – jfs: xattr: fix buffer overflow for invalid xattr
https://notcve.org/view.php?id=CVE-2024-40902
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer. Fix this all up by properly restricting the size of the debug hex dump in the kernel log. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ... • https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40901 – scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
https://notcve.org/view.php?id=CVE-2024-40901
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. The test_bit() and set_bit() functions operate on long values, and when testing or setting a single word, they can exceed the word boundary. KASAN detects this issue and produces a dump: BUG: KASAN: slab-out-of-bounds in _scsih_add_device.constprop.0 (./arch/x86/include/asm/bitops.h:60 ./inc... • https://git.kernel.org/stable/c/c696f7b83edeac804e898952058089143f49ca0a •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40900 – cachefiles: remove requests from xarray during flushing requests
https://notcve.org/view.php?id=CVE-2024-40900
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILES_DEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_A->done... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40899 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
https://notcve.org/view.php?id=CVE-2024-40899
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0 Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962 CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #542 Call... • https://git.kernel.org/stable/c/e73fa11a356ca0905c3cc648eaacc6f0f2d2c8b3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39510 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
https://notcve.org/view.php?id=CVE-2024-39510
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60 Read of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963 CPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564 Call T... • https://git.kernel.org/stable/c/0a7e54c1959c0feb2de23397ec09c7692364313e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39509 – HID: core: remove unnecessary WARN_ON() in implement()
https://notcve.org/view.php?id=CVE-2024-39509
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers. [1] WARNING: CPU: 0 PID... • https://git.kernel.org/stable/c/95d1c8951e5bd50bb89654a99a7012b1e75646bd •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39508 – io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
https://notcve.org/view.php?id=CVE-2024-39508
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags Utilize set_bit() and test_bit() on worker->flags within io_uring/io-wq to address potential data races. The structure io_worker->flags may be accessed through various data paths, leading to concurrency issues. When KCSAN is enabled, it reveals data races occurring in io_worker_handle_work and io_wq_activate_free_worker functions. BUG: KCSAN: data-race in io_worker_handle_work / ... • https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0 • CWE-364: Signal Handler Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39507 – net: hns3: fix kernel crash problem in concurrent scenario
https://notcve.org/view.php?id=CVE-2024-39507
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash problem in concurrent scenario When link status change, the nic driver need to notify the roce driver to handle this event, but at this time, the roce driver may uninit, then cause kernel crash. To fix the problem, when link status change, need to check whether the roce registered, and when uninit, need to wait link update finish. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix ... • https://git.kernel.org/stable/c/45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab •