CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35789 – wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
https://notcve.org/view.php?id=CVE-2024-35789
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: comprobar/borrar fast rx para cambios de VLAN ... • https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921 •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35785 – tee: optee: Fix kernel panic caused by incorrect error handling
https://notcve.org/view.php?id=CVE-2024-35785
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c [ 15.406913] Mem abort info: [ 15.409722] ESR = 0x0000000096000005 [ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = ... • https://git.kernel.org/stable/c/a953e45ebeae9a5ce342c012f7eb2a92cc8af89b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35784 – btrfs: fix deadlock with fiemap and extent locking
https://notcve.org/view.php?id=CVE-2024-35784
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our normal code, we just don't have lockdep annotations with the extent locking so we've never noticed it. Since we're copying the fiemap extent to user space on every iteration we have the chance of pagefaulting. Becau... • https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27436 – ALSA: usb-audio: Stop parsing channels bits when all channels are found.
https://notcve.org/view.php?id=CVE-2024-27436
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: deja de analizar bits de canales cuando se encuentran todos los canales. Si un dispositivo de audio USB establece más bits que la cantidad de canales, podría escribir fuera de la mat... • https://git.kernel.org/stable/c/04324ccc75f96b3ed7aad1c866d1b7925e977bdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52660 – media: rkisp1: Fix IRQ handling due to shared interrupts
https://notcve.org/view.php?id=CVE-2023-52660
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will hang as the driver tries to access the ISP registers. This can be reproduced even without the platform sharing the IRQ line: Enable CONFIG_DEBUG_SHIRQ and unload the driver, and the board will hang. Fix this by addin... • https://git.kernel.org/stable/c/25cb42af9ffabffec499e9e69e2fd3797774ce5b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27431 – cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
https://notcve.org/view.php?id=CVE-2024-27431
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of t... • https://git.kernel.org/stable/c/9216477449f33cdbc9c9a99d49f500b7fbb81702 • CWE-908: Use of Uninitialized Resource •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27419 – netrom: Fix data-races around sysctl_net_busy_read
https://notcve.org/view.php?id=CVE-2024-27419
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netrom: corrige carreras de datos alrededor de sysctl_net_busy_read Necesitamos proteger al lector que lee el valor de sysctl porque el valor se puede cambiar simultáneamente. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27417 – ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
https://notcve.org/view.php?id=CVE-2024-27417
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: soluciona una posible fuga de "struct net" en inet6_rtm_getaddr() Parece que si el espacio de usuario proporciona un valo... • https://git.kernel.org/stable/c/6ecf4c37eb3e89b0832c9616089a5cdca3747da7 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27416 – Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
https://notcve.org/view.php?id=CVE-2024-27416
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_event: Corrige el manejo de HCI_EV_IO_CAPA_REQUEST Si recibimos HCI_EV_IO_CAPA_REQUEST mientras HCI_OP_READ_REMOTE_EXT_... • https://git.kernel.org/stable/c/ccb8618c972f941ebc6b2b9db491025b3369efcb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27415 – netfilter: bridge: confirm multicast packets before passing them up the stack
https://notcve.org/view.php?id=CVE-2024-27415
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •