CVE-2024-38632 – vfio/pci: fix potential memory leak in vfio_intx_enable()
https://notcve.org/view.php?id=CVE-2024-38632
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. • https://git.kernel.org/stable/c/4cb0d7532126d23145329826c38054b4e9a05e7c https://git.kernel.org/stable/c/7d29d4c72c1e196cce6969c98072a272d1a703b3 https://git.kernel.org/stable/c/69276a555c740acfbff13fb5769ee9c92e1c828e https://git.kernel.org/stable/c/18c198c96a815c962adc2b9b77909eec0be7df4d https://git.kernel.org/stable/c/b18fa894d615c8527e15d96b76c7448800e13899 https://git.kernel.org/stable/c/27d40bf72dd9a6600b76ad05859176ea9a1b4897 https://git.kernel.org/stable/c/4c089cefe30924fbe20dd1ee92774ea1f5eca834 https://git.kernel.org/stable/c/0e09cf81959d9f12b75ad5c6dd53d2374 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVE-2024-38630 – watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger
https://notcve.org/view.php?id=CVE-2024-38630
In the Linux kernel, the following vulnerability has been resolved: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger When the cpu5wdt module is removing, the origin code uses del_timer() to de-activate the timer. If the timer handler is running, del_timer() could not stop it and will return directly. If the port region is released by release_region() and then the timer handler cpu5wdt_trigger() calls outb() to write into the region that is released, the use-after-free bug will happen. Change del_timer() to timer_shutdown_sync() in order that the timer handler could be finished before the port region is released. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/9b1c063ffc075abf56f63e55d70b9778ff534314 https://git.kernel.org/stable/c/f19686d616500cd0d47b30cee82392b53f7f784a https://git.kernel.org/stable/c/573601521277119f2e2ba5f28ae6e87fc594f4d4 •
CVE-2024-38627 – stm class: Fix a double free in stm_register_device()
https://notcve.org/view.php?id=CVE-2024-38627
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clase stm: corrige un doble free en stm_register_device() La llamada put_device(&stm->dev) activará stm_device_release() que libera "stm" para que vfree(stm) en el La siguiente línea es un doble libre. A vulnerability was found in the Linux kernel's stm class, where an improper memory management sequence in stm_register_device() could lead to a double-free error. This issue occurs when the put_device(&stm->dev) call triggers stm_device_release() to free "stm", making the subsequent vfree(stm) call redundant and potentially harmful. • https://git.kernel.org/stable/c/389b6699a2aa0b457aa69986e9ddf39f3b4030fd https://git.kernel.org/stable/c/b0351a51ffda593b2b1b35dd0c00a73505edb256 https://git.kernel.org/stable/c/6cc30ef8eb6d8f8d6df43152264bbf8835d99931 https://git.kernel.org/stable/c/a0450d3f38e7c6c0a7c0afd4182976ee15573695 https://git.kernel.org/stable/c/713fc00c571dde4af3db2dbd5d1b0eadc327817b https://git.kernel.org/stable/c/7419df1acffbcc90037f6b5a2823e81389659b36 https://git.kernel.org/stable/c/4bfd48bb6e62512b9c392c5002c11e1e3b18d247 https://git.kernel.org/stable/c/370c480410f60b90ba3e96abe73ead21e • CWE-415: Double Free •
CVE-2024-38621 – media: stk1160: fix bounds checking in stk1160_copy_video()
https://notcve.org/view.php?id=CVE-2024-38621
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition is reversed that means the result of the subtraction is always negative but since it's unsigned then the result is a very high positive value. That means the overflow check is never true. Additionally, the ->bytesused doesn't actually work for this purpose because we're not writing to "buf->mem + buf->bytesused". • https://git.kernel.org/stable/c/9cb2173e6ea8f2948bd1367c93083a2500fcf08f https://git.kernel.org/stable/c/f6a392266276730bea893b55d12940e32a25f56a https://git.kernel.org/stable/c/ecf4ddc3aee8ade504c4d36b7b4053ce6093e200 https://git.kernel.org/stable/c/a16775828aaed1c54ff4e6fe83e8e4d5c6a50cb7 https://git.kernel.org/stable/c/7532bcec0797adfa08791301c3bcae14141db3bd https://git.kernel.org/stable/c/b504518a397059e1d55c521ba0ea2b545a6c4b52 https://git.kernel.org/stable/c/d410017a7181cb55e4a5c810b32b75e4416c6808 https://git.kernel.org/stable/c/a08492832cc4cacc24e0612f483c86ca8 •
CVE-2024-38381 – nfc: nci: Fix uninit-value in nci_rx_work
https://notcve.org/view.php?id=CVE-2024-38381
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: nci: corrigió el valor uninit en nci_rx_work syzbot informó el siguiente problema de acceso al valor uninit [1] nci_rx_work() analiza el paquete recibido de ndev->rx_q. Se debe validar el tamaño del encabezado, el tamaño del payload y el tamaño total del paquete antes de procesar el paquete. • https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240 https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16 https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7 https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a https://git.kernel.org/stable/c/d24b03535e5eb82e025219c2f632b485409c898f https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f600 •