CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26937 – drm/i915/gt: Reset queue_priority_hint on parking
https://notcve.org/view.php?id=CVE-2024-26937
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. T... • https://git.kernel.org/stable/c/22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26935 – scsi: core: Fix unremoved procfs host directory regression
https://notcve.org/view.php?id=CVE-2024-26935
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potential duplicate call to the hostdir_rm() routine, since it's also called from scsi_host_dev_release(). That triggered a regression report, which was then fixe... • https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26934 – USB: core: Fix deadlock in usb_deauthorize_interface()
https://notcve.org/view.php?id=CVE-2024-26934
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a c... • https://git.kernel.org/stable/c/310d2b4124c073a2057ef9d952d4d938e9b1dfd9 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26933 – USB: core: Fix deadlock in port "disable" sysfs attribute
https://notcve.org/view.php?id=CVE-2024-26933
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and... • https://git.kernel.org/stable/c/f061f43d7418cb62b8d073e221ec75d3f5b89e17 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26931 – scsi: qla2xxx: Fix command flush on cable pull
https://notcve.org/view.php?id=CVE-2024-26931
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_... • https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26930 – scsi: qla2xxx: Fix double free of the ha->vp_map pointer
https://notcve.org/view.php?id=CVE-2024-26930
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Corrección de doble liberación del puntero ha->vp_map Coverity scan informó ... • https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52648 – drm/vmwgfx: Unmap the surface before resetting it on a plane state
https://notcve.org/view.php?id=CVE-2023-52648
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the variable indicating whether the surface is currently mapped was not being reset. This leads to crashes as the duplicated state, incorrectly, indicates the that surface is mapped even when no surface is present. That's ... • https://git.kernel.org/stable/c/485d98d472d53f9617ffdfba5e677ac29ad4fe20 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26928 – smb: client: fix potential UAF in cifs_debug_files_proc_show()
https://notcve.org/view.php?id=CVE-2024-26928
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_debug_files_proc_show() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A flaw was found in the Linux kernel. The following vulnerability has been resolved... • https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26927 – ASoC: SOF: Add some bounds checking to firmware data
https://notcve.org/view.php?id=CVE-2024-26927
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: agregue algunas comprobaciones de los límites a los datos del firmwa... • https://git.kernel.org/stable/c/d2458baa799fff377660d86323dd20a3f4deecb4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52646 – aio: fix mremap after fork null-deref
https://notcve.org/view.php?id=CVE-2023-52646
26 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set to NULL. [jmoyer@redhat.com: fix 80 column issue] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: aio: corrige mremap después de la bifurcación null-deref Commit e4a0d3e720e7 ("aio: Make it posible reasignar el anillo ... • https://git.kernel.org/stable/c/e4a0d3e720e7e508749c1439b5ba3aff56c92976 •