CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36244 – net/sched: taprio: extend minimum interval restriction to entire cycle too
https://notcve.org/view.php?id=CVE-2024-36244
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We need one more restriction, which is that the cycle time itself must be larger than N * ETH_ZLEN bit times, where N is the number of schedule ent... • https://git.kernel.org/stable/c/b5b73b26b3ca34574124ed7ae9c5ba8391a7f176 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-33621 – ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound
https://notcve.org/view.php?id=CVE-2024-33621
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound Raw packet from PF_PACKET socket ontop of an IPv6-backed ipvlan device will hit WARN_ON_ONCE() in sk_mc_loop() through sch_direct_xmit() path. WARNING: CPU: 2 PID: 0 at net/core/sock.c:775 sk_mc_loop+0x2d/0x70 Modules linked in: sch_netem ipvlan rfkill cirrus drm_shmem_helper sg drm_kms_helper CPU: 2 PID: 0 Comm: swapper/2 Kdump: loaded Not tainted 6.9.0+ #279 Hardware name: QEMU St... • https://git.kernel.org/stable/c/2ad7bf3638411cb547f2823df08166c13ab04269 • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-33619 – efi: libstub: only free priv.runtime_map when allocated
https://notcve.org/view.php?id=CVE-2024-33619
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: efi: libstub: only free priv.runtime_map when allocated priv.runtime_map is only allocated when efi_novamap is not set. Otherwise, it is an uninitialized value. In the error path, it is freed unconditionally. Avoid passing an uninitialized value to free_pool. Free priv.runtime_map only when it was allocated. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. In the Linux kernel, the... • https://git.kernel.org/stable/c/f80d26043af91ceb5036c478101c015edb9e7630 •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-31076 – genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
https://notcve.org/view.php?id=CVE-2024-31076
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the next instance of the interrupt being triggered on the original CPU. When the interrupt next triggers on the original CPU, the new affinity is enforced within __irq_move_irq(). A vector is allocated from the new CPU, b... • https://git.kernel.org/stable/c/f0383c24b4855f6a4b5a358c7b2d2c16e0437e9b • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52884 – Input: cyapa - add missing input core locking to suspend/resume functions
https://notcve.org/view.php?id=CVE-2023-52884
21 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: cyapa - add missing input core locking to suspend/resume functions Grab input->mutex during suspend/resume functions like it is done in other input drivers. This fixes the following warning during system suspend/resume cycle on Samsung Exynos5250-based Snow Chromebook: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1680 at drivers/input/input.c:2291 input_device_enabled+0x68/0x6c Modules linked in: ... CPU: 1 PID: 1680 Com... • https://git.kernel.org/stable/c/d69f0a43c677e8afc67a222e1e7b51b9acc69cd3 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-4439 – isdn: cpai: check ctr->cnr to avoid array index out of bound
https://notcve.org/view.php?id=CVE-2021-4439
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->task = kthread_run(cmtp_session, session, "kcmtpd_ctr_%d", session->num); During this process, the kernel thread would call detach_capi_ctr() to detach a register controller. if the controller was not attached yet, detach_capi_ctr() would ... • https://git.kernel.org/stable/c/e8b8de17e164c9f1b7777f1c6f99d05539000036 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52883 – drm/amdgpu: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2023-52883
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix possible null pointer dereference abo->tbo.resource may be NULL in amdgpu_vm_bo_update. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu: se corrigió la posible desreferencia del puntero nulo abo->tbo.resource puede ser NULL en amdgpu_vm_bo_update. • https://git.kernel.org/stable/c/1802537820389183dfcd814e0f6a60d1496a75ef • CWE-476: NULL Pointer Dereference •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48771 – drm/vmwgfx: Fix stale file descriptors on failed usercopy
https://notcve.org/view.php?id=CVE-2022-48771
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables userland to refer to a dangling 'file' object through that still valid file descriptor, leading to all kinds of use-after-free exploitation scenarios. Fix this by deferring the call to fd_install() until after the usercopy has succeeded.... • https://git.kernel.org/stable/c/c906965dee22d5e95d0651759ba107b420212a9f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48770 – bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack()
https://notcve.org/view.php?id=CVE-2022-48770
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_task_stack() task_pt_regs() can return NULL on powerpc for kernel threads. This is then used in __bpf_get_stack() to check for user mode, resulting in a kernel oops. Guard against this by checking return value of task_pt_regs() before trying to obtain the call chain. In the Linux kernel, the following vulnerability has been resolved: bpf: Guard against accessing NULL pt_regs in bpf_get_ta... • https://git.kernel.org/stable/c/fa28dcb82a38f8e3993b0fae9106b1a80b59e4f0 •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48769 – efi: runtime: avoid EFIv2 runtime services on Apple x86 machines
https://notcve.org/view.php?id=CVE-2022-48769
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a call to QueryVariableInfo(), which we did not use to call on Apple x86 machines in the past as they only upgraded from EFI v1.10 to EFI v2.40 firmware fairly recently, and QueryVariableInfo() (along with UpdateCapsule() et al) was added... • https://git.kernel.org/stable/c/b0f1cc093bc2493ac259c53766fd2b800e085807 •