CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27050 – libbpf: Use OPTS_SET() macro in bpf_xdp_query()
https://notcve.org/view.php?id=CVE-2024-27050
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing out of boun... • https://git.kernel.org/stable/c/13ce2daa259a3bfbc9a5aeeee8b9a87058703731 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27048 – wifi: brcm80211: handle pmk_op allocation failure
https://notcve.org/view.php?id=CVE-2024-27048
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcm80211: maneja el error de asignación de pmk_op El kzalloc() en ... • https://git.kernel.org/stable/c/a96202acaea47fa8377088e0952bb63bd02a3bab •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27047 – net: phy: fix phy_get_internal_delay accessing an empty array
https://notcve.org/view.php?id=CVE-2024-27047
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test shou... • https://git.kernel.org/stable/c/92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27046 – nfp: flower: handle acti_netdevs allocation failure
https://notcve.org/view.php?id=CVE-2024-27046
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again. En el kernel de Linux, se ha resuelto la siguiente vulnerabilid... • https://git.kernel.org/stable/c/bb9a8d031140f186d13d82f57b0f5646d596652f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27045 – drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
https://notcve.org/view.php?id=CVE-2024-27045
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona un posible desbordamiento del búfe... • https://git.kernel.org/stable/c/c06e09b76639657f284bfaf1cce29557a2515e85 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27044 – drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
https://notcve.org/view.php?id=CVE-2024-27044
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875) En el kernel de Linux, se resolvió la siguiente vulnerabili... • https://git.kernel.org/stable/c/ddef02de0d71d483ad4398393717cc0d53fc990a •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27043 – media: edia: dvbdev: fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-27043
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put... • https://git.kernel.org/stable/c/b61901024776b25ce7b8edc31bb1757c7382a88e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27042 – drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
https://notcve.org/view.php?id=CVE-2024-27042
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' The issue arises when the array 'adev->vcn.vcn_config' is accessed before checking if the index 'adev->vcn.num_vcn_inst' is within the bounds of the array. The fix involves moving the bounds check before the array access. This ensures that 'adev->vcn.num_vcn_inst' is within the bounds of the array before it is used as an index. Fixes the below: drivers/gpu/... • https://git.kernel.org/stable/c/a0ccc717c4ab3ef572f023fdceffb4b6df496a0d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27041 – drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
https://notcve.org/view.php?id=CVE-2024-27041
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() Since 'adev->dm.dc' in amdgpu_dm_fini() might turn out to be NULL before the call to dc_enable_dmub_notifications(), check beforehand to ensure there will not be a possible NULL-ptr-deref there. Also, since commit 1e88eb1b2c25 ("drm/amd/display: Drop CONFIG_DRM_AMD_DC_HDCP") there are two separate checks for NULL in 'adev->dm.dc' before dc_deinit_callbacks() and dc_dmub_sr... • https://git.kernel.org/stable/c/81927e2808be5adace93c2012d45d6938d3a7aa0 • CWE-476: NULL Pointer Dereference •
CVSS: 6.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27040 – drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
https://notcve.org/view.php?id=CVE-2024-27040
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' In the first if statement, we're checking if 'replay' is NULL. But in the second if statement, we're not checking if 'replay' is NULL again before calling replay->funcs->replay_set_power_opt(). if (replay == NULL && force_static) return false; ... if (link->replay_settings.replay_feature_enabled && replay->funcs->replay_set_power_opt) { replay->funcs->replay_set_pow... • https://git.kernel.org/stable/c/c7ddc0a800bc9f681a18c3bdd9f06b61adfabc11 •