CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40907 – ionic: fix kernel panic in XDP_TX action
https://notcve.org/view.php?id=CVE-2024-40907
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDP_TX action In the XDP_TX path, ionic driver sends a packet to the TX path with rx page and corresponding dma address. After tx is done, ionic_tx_clean() frees that page. But RX ring buffer isn't reset to NULL. So, it uses a freed page, which causes kernel panic. ... __pfx_net_rx_action+0x10/0x10 In the Linux kernel, the following vulnerability has been resolved: ionic: fix kernel panic in XDP_TX a... • https://git.kernel.org/stable/c/8eeed8373e1cca836799bf8e4a05cffa8e444908 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40906 – net/mlx5: Always stop health timer during driver removal
https://notcve.org/view.php?id=CVE-2024-40906
12 Jul 2024 — cpuidle_enter_state+0xbd/0x440 cpuidle_enter+0x2d/0x40 do_idle+0x20d/0x270 cpu_startup_entry+0x2a/0x30 rest_init+0xd0/0xd0 arch_call_rest_init+0xe/0x30 start_kernel+0x709/0xa90 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x96/0xa0 secondary_startup_64_no_verify+0x18f/0x19b ---[ end trace 0000000000000000 ]--- In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal Currently, if teardown_hca fails to execute during driver... • https://git.kernel.org/stable/c/9b98d395b85dd042fe83fb696b1ac02e6c93a520 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40905 – ipv6: fix possible race in __fib6_drop_pcpu_from()
https://notcve.org/view.php?id=CVE-2024-40905
12 Jul 2024 — [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: netns cleanup_net RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984 Code: f8 48 c1 e8 03 80 3c 28 00... • https://git.kernel.org/stable/c/d52d3997f843ffefaa8d8462790ffcaca6c74192 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40904 – USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
https://notcve.org/view.php?id=CVE-2024-40904
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages The syzbot fuzzer found that the interrupt-URB completion callback in the cdc-wdm driver was taking too long, and the driver's immediate resubmission of interrupt URBs with -EPROTO status combined with the dummy-hcd emulation to cause a CPU lockup: cdc_wdm 1-1:1.0: nonzero urb status received: -71 cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes watchdog: BUG: soft locku... • https://git.kernel.org/stable/c/9908a32e94de2141463e104c9924279ed3509447 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40903 – usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
https://notcve.org/view.php?id=CVE-2024-40903
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps There could be a potential use-after-free case in tcpm_register_source_caps(). ... En el kernel de Linux, se ha resuelto la siguiente ... • https://git.kernel.org/stable/c/cfcd544a9974c6b6fb37ca385146e4796dcaf66d • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40902 – jfs: xattr: fix buffer overflow for invalid xattr
https://notcve.org/view.php?id=CVE-2024-40902
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. ... En el kernel de Lin... • https://git.kernel.org/stable/c/f0dedb5c511ed82cbaff4997a8decf2351ba549f • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40901 – scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory
https://notcve.org/view.php?id=CVE-2024-40901
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory There is a potential out-of-bounds access when using test_bit() on a single word. ... Make the allocation at least the size of sizeof(unsigned long) so that set_bit() and test_bit() have sufficient room for read/write operations without overwriting unallocated memory. [1] Link: https://lore.kernel.org/all/ZkNcALr3W3KGYYJG@gmail.com/ In the Linux kernel, the ... • https://git.kernel.org/stable/c/c696f7b83edeac804e898952058089143f49ca0a •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40900 – cachefiles: remove requests from xarray during flushing requests
https://notcve.org/view.php?id=CVE-2024-40900
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: remove requests from xarray during flushing requests Even with CACHEFILES_DEAD set, we can still read the requests, so in the following concurrency the request may be used after it has been freed: mount | daemon_thread1 | daemon_thread2 ------------------------------------------------------------ cachefiles_ondemand_init_object cachefiles_ondemand_send_req REQ_A = kzalloc(sizeof(*req) + data_len) wait_for_completion(&REQ_... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40899 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
https://notcve.org/view.php?id=CVE-2024-40899
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0x609/0xab0 Write of size 4 at addr ffff888109164a80 by task ondemand-04-dae/4962 CPU: 11 PID: 4962 Comm: ondemand-04-dae Not tainted 6.8.0-rc7-dirty #5... • https://git.kernel.org/stable/c/e73fa11a356ca0905c3cc648eaacc6f0f2d2c8b3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39510 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
https://notcve.org/view.php?id=CVE-2024-39510
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN: slab-use-after-free in cachefiles_ondemand_daemon_read+0xb41/0xb60 Read of size 8 at addr ffff888122e84088 by task ondemand-04-dae/963 CPU: 13 PID: 963 Comm: ondemand-04-dae Not tainted 6.8.0-dirty #564... • https://git.kernel.org/stable/c/0a7e54c1959c0feb2de23397ec09c7692364313e •