CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50006 – ext4: fix i_data_sem unlock order in ext4_ind_migrate()
https://notcve.org/view.php?id=CVE-2024-50006
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system cal... • https://git.kernel.org/stable/c/4192adefc9c570698821c5eb9873320eac2fcbf1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50004 – drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35
https://notcve.org/view.php?id=CVE-2024-50004
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system hang. Remove EnhancedPrefetchScheduleAccelerationFinal value override to match HW spec. (cherry picked from commit 9dad21f910fcea2bdcff4af46159101d7f9cd8ba) • https://git.kernel.org/stable/c/945dc25eda88b5d6e30c9686dc619ab981c22d0e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50003 – drm/amd/display: Fix system hang while resume with TBT monitor
https://notcve.org/view.php?id=CVE-2024-50003
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during the resume procedure and call the drm_client_modeset_probe() while struct drm_connector connector->dev->master is NULL. It will mess up the pipe topology after resume. [How] Skip the TBT monitor HPD during the resume procedure beca... • https://git.kernel.org/stable/c/eb9329cd882aa274e92bdb1003bc088433fdee86 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49997 – net: ethernet: lantiq_etop: fix memory disclosure
https://notcve.org/view.php?id=CVE-2024-49997
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. • https://git.kernel.org/stable/c/504d4721ee8e432af4b5f196a08af38bc4dac5fe •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49995 – tipc: guard against string buffer overrun
https://notcve.org/view.php?id=CVE-2024-49995
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility... • https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49994 – block: fix integer overflow in BLKSECDISCARD
https://notcve.org/view.php?id=CVE-2024-49994
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_secto... • https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49992 – drm/stm: Avoid use-after-free issues with crtc and plane
https://notcve.org/view.php?id=CVE-2024-49992
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with parameters allocated with devm_kzalloc() to avoid use-after-free issues [1]. Use allocations managed by the DRM framework. Found by Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtn... • https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49991 – drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
https://notcve.org/view.php?id=CVE-2024-49991
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug. • https://git.kernel.org/stable/c/e7831613cbbcd9058d3658fbcdc5d5884ceb2e0c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49989 – drm/amd/display: fix double free issue during amdgpu module unload
https://notcve.org/view.php?id=CVE-2024-49989
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double free issue may occur when unloading the amdgpu module. [ 279.190523] RIP: 0010:__slab_free+0x152/0x2f0 [ 279.190577] Call Trace: [ 279.190580]
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49987 – bpftool: Fix undefined behavior in qsort(NULL, 0, ...)
https://notcve.org/view.php?id=CVE-2024-49987
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports: net.c:827:2: runtime error: null pointer passed as argument 1, which is declared to never be null Although the C standard does not explicitly state whether calling qsort with a NULL pointer when the size is 0 constitutes undefined behavior, Section ... • https://git.kernel.org/stable/c/c2d9f9a7837ab29ccae0c42252f17d436bf0a501 •