CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50298 – net: enetc: allocate vf_state during PF probes
https://notcve.org/view.php?id=CVE-2024-50298
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vf_state during PF probes In the previous implementation, vf_state is allocated memory only when VF is enabled. However, net_device_ops::ndo_set_vf_mac() may be called before VF is enabled to configure the MAC address of VF. If this is the case, enetc_pf_set_vf_mac() will access vf_state, resulting in access to a null pointer. The simplified error log is as follows. root@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:... • https://git.kernel.org/stable/c/d4fd0404c1c95b17880f254ebfee3485693fa8ba •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50296 – net: hns3: fix kernel crash when uninstalling driver
https://notcve.org/view.php?id=CVE-2024-50296
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. During the second calling, num_VFs is not 0 and the resource release function is called. However, the corresponding resource has been released d... • https://git.kernel.org/stable/c/b06ad258e01389ca3ff13bc180f3fcd6a608f1cd •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50292 – ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove
https://notcve.org/view.php?id=CVE-2024-50292
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [... • https://git.kernel.org/stable/c/794df9448edb55978e50372f083aeedade1b2844 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50290 – media: cx24116: prevent overflows on SNR calculus
https://notcve.org/view.php?id=CVE-2024-50290
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that. • https://git.kernel.org/stable/c/8953db793d5bdeea5ac92c9e97f57d3ff8a7dccf •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50289 – media: av7110: fix a spectre vulnerability
https://notcve.org/view.php?id=CVE-2024-50289
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50287 – media: v4l2-tpg: prevent the risk of a division by zero
https://notcve.org/view.php?id=CVE-2024-50287
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero. If this ever happens, this will cause a division by zero. Instead, add a WARN_ON_ONCE() to trigger such cases and return without doing any precalculation. • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50282 – drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()
https://notcve.org/view.php?id=CVE-2024-50282
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434) • https://git.kernel.org/stable/c/673bdb4200c092692f83b5f7ba3df57021d52d29 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-50280 – dm cache: fix flushing uninitialized delayed_work on cache_ctr error
https://notcve.org/view.php?id=CVE-2024-50280
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192"... • https://git.kernel.org/stable/c/6a3e412c2ab131c54945327a7676b006f000a209 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50279 – dm cache: fix out-of-bounds access to the dirty bitset when resizing
https://notcve.org/view.php?id=CVE-2024-50279
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access. Reproduce steps: 1. create a cache device of 1024 cache blocks (128 bytes dirty bitset) dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 131072 linear /dev/sdc 8192" dm... • https://git.kernel.org/stable/c/f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50278 – dm cache: fix potential out-of-bounds access on the first resume
https://notcve.org/view.php?id=CVE-2024-50278
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast device requires reloading the cache table for cache_create to allocate new in-core data structures that fit the new size, and the check in cache_preresume is not performed during the first resume, leading to the issu... • https://git.kernel.org/stable/c/f494a9c6b1b6dd9a9f21bbb75d9210d478eeb498 •