CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26996 – usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error
https://notcve.org/view.php?id=CVE-2024-26996
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, eth_stop() is called. At this piont, accidentally if usb transport error should happen in usb_ep_enable(), 'in_ep' and/or 'out_ep' may not be enabled. After that, ncm_disable() is called to disable for ncm unbind but gether_disconnect() is never called since 'in_ep' is not enabled. As the re... • https://git.kernel.org/stable/c/7f67c2020cb08499c400abf0fc32c65e4d9a09ca •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26994 – speakup: Avoid crash on very long word
https://notcve.org/view.php?id=CVE-2024-26994
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters), we have to stop before the length of the word buffer. En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: Speakup: Evitar crash en palabras muy largas En caso de que una consola esté configurada muy grande y contenga una palabra muy larga (>256 caracteres), tenemos que detenernos antes de la... • https://git.kernel.org/stable/c/c6e3fd22cd538365bfeb82997d5b89562e077d42 •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2024-26993 – fs: sysfs: Fix reference leak in sysfs_break_active_protection()
https://notcve.org/view.php?id=CVE-2024-26993
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn will be NULL, so the companion sysfs_unbreak_active_protection() routine won't get called (and would only cause an access violation by trying to dereference kn->parent if it was called). As a result, the reference to kobj acquired at t... • https://git.kernel.org/stable/c/2afc9166f79b8f6da5f347f48515215ceee4ae37 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26992 – KVM: x86/pmu: Disable support for adaptive PEBS
https://notcve.org/view.php?id=CVE-2024-26992
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/pmu: Disable support for adaptive PEBS Drop support for virtualizing adaptive PEBS, as KVM's implementation is architecturally broken without an obvious/easy path forward, and because exposing adaptive PEBS can leak host LBRs to the guest, i.e. can leak host kernel addresses to the guest. Bug #1 is that KVM doesn't account for the upper 32 bits of IA32_FIXED_CTR_CTRL when (re)programming fixed counters, e.g fixed_ctrl_field() drops... • https://git.kernel.org/stable/c/c59a1f106f5cd4843c097069ff1bb2ad72103a67 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26990 – KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status
https://notcve.org/view.php?id=CVE-2024-26990
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status Check kvm_mmu_page_ad_need_write_protect() when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs, so that the TDP MMU accounts for any role-specific reasons for disabling D-bit dirty logging. Specifically, TDP MMU SPTEs must be write-protected when the TDP MMU is being used to run an L2 (i.e. L1 has disabled EPT) and PML is enabled. KVM always disab... • https://git.kernel.org/stable/c/5982a5392663b30f57ee90b0372c19a7e9cb655a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26989 – arm64: hibernate: Fix level3 translation fault in swsusp_save()
https://notcve.org/view.php?id=CVE-2024-26989
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsusp_save() On arm64 machines, swsusp_save() faults if it attempts to access MEMBLOCK_NOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off debug_pagealloc=off and CONFIG_KFENCE=n: Unable to handle kernel paging request at virtual address ffffff8000000000 Mem abort info: ESR = 0x0000000096000007 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV =... • https://git.kernel.org/stable/c/a7d9f306ba7052056edf9ccae596aeb400226af8 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26988 – init/main.c: Fix potential static_command_line memory overflow
https://notcve.org/view.php?id=CVE-2024-26988
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extra_command_line and command_line, rather than extra_command_line and boot_command_line. When strlen(command_line) > strlen(boot_command_line), static_command_line will overflow. This patch just recovers strlen(command_line) which was m... • https://git.kernel.org/stable/c/f5c7310ac73ea270e3a1acdb73d1b4817f11fd67 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26987 – mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
https://notcve.org/view.php?id=CVE-2024-26987
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled When I did hard offline test with hugetlb pages, below deadlock occurs: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-11409-gf6cef5f8c37f #1 Not tainted ------------------------------------------------------ bash/46904 is trying to acquire lock: ffffffffabe68910 (cpu_hotplug_lock){++++}-{0:0}, at: st... • https://git.kernel.org/stable/c/a6b40850c442bf996e729e1d441d3dbc37cea171 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26986 – drm/amdkfd: Fix memory leak in create_process failure
https://notcve.org/view.php?id=CVE-2024-26986
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix memory leak in create_process failure Fix memory leak due to a leaked mmget reference on an error handling code path that is triggered when attempting to create KFD processes while a GPU reset is in progress. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdkfd: corrige la pérdida de memoria en el error create_process. Corrige la pérdida de memoria debido a una referencia mmget filtrada en una ruta de c... • https://git.kernel.org/stable/c/0ab2d7532b05a3e7c06fd3b0c8bd6b46c1dfb508 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26984 – nouveau: fix instmem race condition around ptr stores
https://notcve.org/view.php?id=CVE-2024-26984
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 109046067 PMD 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 7 PID: 53891 Comm: deqp-vk Not tainted 6.8.0-rc6+ #27 Hardware name: Gigabyte Technology Co., Ltd. Z390 I AORUS ... • https://git.kernel.org/stable/c/be55287aa5ba6895e9d4d3ed2f08a1be7a065957 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •