CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26894 – ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
https://notcve.org/view.php?id=CVE-2024-26894
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex dump (first 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (... • https://git.kernel.org/stable/c/3d339dcbb56d8d70c1b959aff87d74adc3a84eea • CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26893 – firmware: arm_scmi: Fix double free in SMC transport cleanup path
https://notcve.org/view.php?id=CVE-2024-26893
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols might share the same transport_info member, chan_free() might want to clean up the same member multiple times within the given SCMI transport implementation. In this case, it is SMC transport. This will lead to a NULL pointer dereferen... • https://git.kernel.org/stable/c/1dc6558062dadfabd2fb3bd885fa6e92ec7196f2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26891 – iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
https://notcve.org/view.php?id=CVE-2024-26891
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through setting the slot's link control register, as pciehp_ist() DLLSC interrupt sequence response, pciehp will unload the device driver and then power it off. thus cause an IOMMU device-TLB invalidation (Intel VT-d spec, ... • https://git.kernel.org/stable/c/6f7db75e1c469057fe7588ed959328ead771ccc7 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-26889 – Bluetooth: hci_core: Fix possible buffer overflow
https://notcve.org/view.php?id=CVE-2024-26889
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_core: soluciona un posible desbordamiento del búfer struct hci_dev_info tiene un campo de nombre de tamaño fijo... • https://git.kernel.org/stable/c/194ab82c1ea187512ff2f822124bd05b63fc9f76 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26886 – Bluetooth: af_bluetooth: Fix deadlock
https://notcve.org/view.php?id=CVE-2024-26886
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26885 – bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26885
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two of the max_entries value provided when creating the map. When rounding up to the next power of two, the 32-bit variable storing the number of buckets can overflow, and the code checks for overflow by checking if the truncated 32-bit value is equal to 0. However, on 32-bit arches the rounding up itself can overf... • https://git.kernel.org/stable/c/6f9d451ab1a33728adb72d7ff66a7b374d665176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26884 – bpf: Fix hashtab overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26884
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix hashtab overflow check on 32-bit arches The hashtab code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVMAP... • https://git.kernel.org/stable/c/daaf427c6ab392bedcd018e326b2ffa1e1110cd6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-26883 – bpf: Fix stackmap overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26883
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing a 32-bit left-shift of an unsigned long value, which is undefined behaviour, so it is not guaranteed to truncate neatly. This was triggered by syzbot on the DEVM... • https://git.kernel.org/stable/c/063c722dd9d285d877e6fd499e753d6224f4c046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26882 – net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
https://notcve.org/view.php?id=CVE-2024-26882
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() Apply the same fix than ones found in : 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") 1ca1ba465e55 ("geneve: make sure to pull inner header in geneve_rx()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure t... • https://git.kernel.org/stable/c/c54419321455631079c7d6e60bc732dd0c5914c5 • CWE-158: Improper Neutralization of Null Byte or NUL Character •
CVSS: 6.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26880 – dm: call the resume method on internal suspend
https://notcve.org/view.php?id=CVE-2024-26880
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not paired correctly; there were two consecutive calls to the origin_postsuspend function. The second call attempts to remove the "hash_list" entry from a list, while it was already removed by the first call. Fix __dm_internal_resume so ... • https://git.kernel.org/stable/c/ffcc39364160663cda1a3c358f4537302a92459b • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •