CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27059 – USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command
https://notcve.org/view.php?id=CVE-2024-27059
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands. The calculation involves division and modulus operations, which will cause a crash if either of these values is 0. While this never happens with a genuine device, it could happen with a flawed or... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27057 – ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
https://notcve.org/view.php?id=CVE-2024-27057
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the sof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during suspend the DSP is turned off, streams will be re-started after resume. If the firmware crashes during while audio is running (or when we reset the stream before suspend) then the sof_ipc4_set_multi_pipeline_state() will fail with IPC error and th... • https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27056 – wifi: iwlwifi: mvm: ensure offloading TID queue exists
https://notcve.org/view.php?id=CVE-2024-27056
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has been configured. At resume time it then tries to sync the write pointer as it may have been updated by the firmware. In the unusual event that no packets have been send on TID 0, the queue will not have been allocated and this causes a crash. Fix this by ensuring the queue exist at suspend time. En el kernel de Li... • https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27054 – s390/dasd: fix double module refcount decrement
https://notcve.org/view.php?id=CVE-2024-27054
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path causes refcount to artificially decrease on each error while it should just stay the same. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: corrige la disminución del doble recuento del módulo Una vez que la d... • https://git.kernel.org/stable/c/c020d722b110a44c613ef71e657e6dd4116e09d9 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27053 – wifi: wilc1000: fix RCU usage in connect path
https://notcve.org/view.php?id=CVE-2024-27053
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted ----------------------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_dereference_check() usage! [...] stack backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1... • https://git.kernel.org/stable/c/c460495ee072fc01a9b1e8d72c179510418cafac • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27052 – wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
https://notcve.org/view.php?id=CVE-2024-27052
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtl8xxxu: agregue cancel_work_sync() para c2hcmd_work Es posible que la cola de trabajo aún esté ejecutándose cuando se detiene el controlador. Para evitar un use-after-free, llam... • https://git.kernel.org/stable/c/e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 • CWE-416: Use After Free •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27051 – cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
https://notcve.org/view.php?id=CVE-2024-27051
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cpufreq: brcmstb-avs-cpufreq: agregar verificación para el valor de retorno de cpufreq_cpu_get cpufreq_cpu_get puede devolver NULL. Para evi... • https://git.kernel.org/stable/c/de322e085995b9417582d6f72229dadb5c09d163 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27047 – net: phy: fix phy_get_internal_delay accessing an empty array
https://notcve.org/view.php?id=CVE-2024-27047
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test shou... • https://git.kernel.org/stable/c/92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27046 – nfp: flower: handle acti_netdevs allocation failure
https://notcve.org/view.php?id=CVE-2024-27046
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again. En el kernel de Linux, se ha resuelto la siguiente vulnerabilid... • https://git.kernel.org/stable/c/bb9a8d031140f186d13d82f57b0f5646d596652f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27045 – drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
https://notcve.org/view.php?id=CVE-2024-27045
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona un posible desbordamiento del búfe... • https://git.kernel.org/stable/c/c06e09b76639657f284bfaf1cce29557a2515e85 •