CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35791 – KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
https://notcve.org/view.php?id=CVE-2024-35791
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where region and/or its array of pages could be freed by a different task, e.g. if userspace has __unregister_enc_region_locked() already queued up for the region. Note, the "obvious" alternative of using local variables doesn't fully resolve t... • https://git.kernel.org/stable/c/4f627ecde7329e476a077bb0590db8f27bb8f912 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35790 – usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
https://notcve.org/view.php?id=CVE-2024-35790
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creat... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35789 – wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
https://notcve.org/view.php?id=CVE-2024-35789
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: comprobar/borrar fast rx para cambios de VLAN ... • https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921 •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35785 – tee: optee: Fix kernel panic caused by incorrect error handling
https://notcve.org/view.php?id=CVE-2024-35785
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c [ 15.406913] Mem abort info: [ 15.409722] ESR = 0x0000000096000005 [ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = ... • https://git.kernel.org/stable/c/a953e45ebeae9a5ce342c012f7eb2a92cc8af89b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35784 – btrfs: fix deadlock with fiemap and extent locking
https://notcve.org/view.php?id=CVE-2024-35784
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our normal code, we just don't have lockdep annotations with the extent locking so we've never noticed it. Since we're copying the fiemap extent to user space on every iteration we have the chance of pagefaulting. Becau... • https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27436 – ALSA: usb-audio: Stop parsing channels bits when all channels are found.
https://notcve.org/view.php?id=CVE-2024-27436
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: deja de analizar bits de canales cuando se encuentran todos los canales. Si un dispositivo de audio USB establece más bits que la cantidad de canales, podría escribir fuera de la mat... • https://git.kernel.org/stable/c/04324ccc75f96b3ed7aad1c866d1b7925e977bdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27435 – nvme: fix reconnection fail due to reserved tag allocation
https://notcve.org/view.php?id=CVE-2024-27435
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found it may caused by a ABBA deadlock due to tag allocation. In my case, the tag was hold by a keep alive request waiting inside admin_q, as we quiesced admin_q while reset ctrl, so the request maked as idle and will no... • https://git.kernel.org/stable/c/ed01fee283a067c72b2d6500046080dbc1bb9dae •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27434 – wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
https://notcve.org/view.php?id=CVE-2024-27434
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: no configure el indicador MFP para GTK El firmware no necesita el in... • https://git.kernel.org/stable/c/5c75a208c2449c6ea24f07610cc052f6a352246c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27433 – clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()
https://notcve.org/view.php?id=CVE-2024-27433
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling mtk_free_clk_data() explicitly in the remove function would lead to a double-free. Remove the redundant call. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: clk: mediatek: mt7622-apmixedsys: se corrigió una ruta de manejo de errores en clk_mt8135_apmixed_probe() 'clk_d... • https://git.kernel.org/stable/c/c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27432 – net: ethernet: mtk_eth_soc: fix PPE hanging issue
https://notcve.org/view.php?id=CVE-2024-27432
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtk_ppe_stop() function, the PPE scan mode is not disabled before disabling the PPE. This can potentially lead to a hang during the process of disabling the PPE. Without this patch, the PPE may experience a hang during the reboot test. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet:... • https://git.kernel.org/stable/c/ba37b7caf1ed2395cc84d8f823ff933975f1f789 •