CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36897 – drm/amd/display: Atom Integrated System Info v2_2 for DCN35
https://notcve.org/view.php?id=CVE-2024-36897
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Atom Integr... • https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36896 – USB: core: Fix access violation during port device removal
https://notcve.org/view.php?id=CVE-2024-36896
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix access violation during port device removal Testing with KASAN and syzkaller revealed a bug in port.c:disable_store(): usb_hub_to_struct_hub() can return NULL if the hub that the port belongs to is concurrently removed, but the function does not check for this possibility before dereferencing the returned value. It turns out that the first dereference is unnecessary, since hub->intfdev is the parent of the port device, so it ... • https://git.kernel.org/stable/c/f061f43d7418cb62b8d073e221ec75d3f5b89e17 • CWE-170: Improper Null Termination CWE-476: NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36895 – usb: gadget: uvc: use correct buffer size when parsing configfs lists
https://notcve.org/view.php?id=CVE-2024-36895
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: use correct buffer size when parsing configfs lists This commit fixes uvc gadget support on 32-bit platforms. Commit 0df28607c5cb ("usb: gadget: uvc: Generalise helper functions for reuse") introduced a helper function __uvcg_iter_item_entries() to aid with parsing lists of items on configfs attributes stores. This function is a generalization of another very similar function, which used a stack-allocated temporary buffer ... • https://git.kernel.org/stable/c/0df28607c5cb4fe60bba591e9858a8f7ba39aa4a •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36894 – usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete
https://notcve.org/view.php?id=CVE-2024-36894
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario where the FFS application issues an AIO cancel call, while the UDC is handling a soft disconnect. For a DWC3 based implementation, the callstack looks like the following: DWC3 Gadget FFS Application dwc3_gadget_soft_disconnect() ... --... • https://git.kernel.org/stable/c/2e4c7553cd6f9c68bb741582dcb614edcbeca70f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36893 – usb: typec: tcpm: Check for port partner validity before consuming it
https://notcve.org/view.php?id=CVE-2024-36893
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Check for port partner validity before consuming it typec_register_partner() does not guarantee partner registration to always succeed. In the event of failure, port->partner is set to the error value or NULL. Given that port->partner validity is not checked, this results in the following crash: Unable to handle kernel NULL pointer dereference at virtual address xx pc : run_state_machine+0x1bc8/0x1c08 lr : run_state_machin... • https://git.kernel.org/stable/c/31220bd89c22a18478f52fcd8069e8e2adb8f4f2 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36891 – maple_tree: fix mas_empty_area_rev() null pointer dereference
https://notcve.org/view.php?id=CVE-2024-36891
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix mas_empty_area_rev() null pointer dereference Currently the code calls mas_start() followed by mas_data_end() if the maple state is MA_START, but mas_start() may return with the maple state node == NULL. This will lead to a null pointer dereference when checking information in the NULL node, which is done in mas_data_end(). Avoid setting the offset if there is no node by waiting until after the maple state is checked for an ... • https://git.kernel.org/stable/c/54a611b605901c7d5d05b6b8f5d04a6ceb0962aa • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36890 – mm/slab: make __free(kfree) accept error pointers
https://notcve.org/view.php?id=CVE-2024-36890
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slab: make __free(kfree) accept error pointers Currently, if an automatically freed allocation is an error pointer that will lead to a crash. An example of this is in wm831x_gpio_dbg_show(). 171 char *label __free(kfree) = gpiochip_dup_line_label(chip, i); 172 if (IS_ERR(label)) { 173 dev_err(wm831x->dev, "Failed to duplicate label\n"); 174 continue; 175 } The auto clean up function should check for error pointers as well, otherwise we'r... • https://git.kernel.org/stable/c/3c6cc62ce1265aa5623e2e1b29c0fe258bf6e232 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36889 – mptcp: ensure snd_nxt is properly initialized on connect
https://notcve.org/view.php?id=CVE-2024-36889
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_nxt is properly initialized on connect Christoph reported a splat hinting at a corrupted snd_una: WARNING: CPU: 1 PID: 38 at net/mptcp/protocol.c:1005 __mptcp_clean_una+0x4b3/0x620 net/mptcp/protocol.c:1005 Modules linked in: CPU: 1 PID: 38 Comm: kworker/1:1 Not tainted 6.9.0-rc1-gbbeac67456c9 #59 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 Workqueue: events mptcp_worker RIP: 0010:__... • https://git.kernel.org/stable/c/8fd738049ac3d67a937d36577763b47180aae1ad • CWE-665: Improper Initialization •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36888 – workqueue: Fix selection of wake_cpu in kick_pool()
https://notcve.org/view.php?id=CVE-2024-36888
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Fix selection of wake_cpu in kick_pool() With cpu_possible_mask=0-63 and cpu_online_mask=0-7 the following kernel oops was observed: smp: Bringing up secondary CPUs ... smp: Brought up 1 node, 8 CPUs Unable to handle kernel pointer dereference in virtual kernel address space Failing address: 0000000000000000 TEID: 0000000000000803 [..] Call Trace: arch_vcpu_is_preempted+0x12/0x80 select_idle_sibling+0x42/0x560 select_task_rq_fair... • https://git.kernel.org/stable/c/8639ecebc9b1796d7074751a350462f5e1c61cd4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36887 – e1000e: change usleep_range to udelay in PHY mdic access
https://notcve.org/view.php?id=CVE-2024-36887
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: e1000e: change usleep_range to udelay in PHY mdic access This is a partial revert of commit 6dbdd4de0362 ("e1000e: Workaround for sporadic MDI error on Meteor Lake systems"). The referenced commit used usleep_range inside the PHY access routines, which are sometimes called from an atomic context. This can lead to a kernel panic in some scenarios, such as cable disconnection and reconnection on vPro systems. Solve this by changing the usleep... • https://git.kernel.org/stable/c/1d16cd91cd319d5bf6230c8493feb56a61e486a1 •