CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35863 – smb: client: fix potential UAF in is_valid_oplock_break()
https://notcve.org/view.php?id=CVE-2024-35863
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en is_valid_oplock_break() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A use-after-free flaw was found in the Linux kernel in smb is_valid_oplock_break() when exiti... • https://git.kernel.org/stable/c/494c91e1e9413b407d12166a61b84200d4d54fac • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35862 – smb: client: fix potential UAF in smb2_is_network_name_deleted()
https://notcve.org/view.php?id=CVE-2024-35862
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: client: corrige UAF potencial en smb2_is_network_name_deleted() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A use-after-free flaw was found in the Linux kernel in smb smb2_is_network_name_... • https://git.kernel.org/stable/c/f9414004798d9742c1af23a1d839fe6a9503751c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35861 – smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
https://notcve.org/view.php?id=CVE-2024-35861
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_signal_cifsd_for_reconnect() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. In the Linux kernel, the following vulnerability has been resolved: smb: ... • https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4 •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35857 – icmp: prevent possible NULL dereferences from icmp_build_probe()
https://notcve.org/view.php?id=CVE-2024-35857
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second problem is a read from dev->ip6_ptr with no NULL check: if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) Use the correct RCU API to fix these. v2: add missing include
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35855 – mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
https://notcve.org/view.php?id=CVE-2024-35855
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this task it accesses the entry pointed by 'ventry->entry', but this entry can be changed concurrently by the rehash delayed work, leading to a use-after-free [1]. Fix by closing the race and perform the activity query und... • https://git.kernel.org/stable/c/2bffc5322fd8679e879cd6370881ee50cf141ada •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35854 – mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
https://notcve.org/view.php?id=CVE-2024-35854
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the resul... • https://git.kernel.org/stable/c/c9c9af91f1d9a636aecc55302c792538e549a430 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35853 – mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
https://notcve.org/view.php?id=CVE-2024-35853
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the migration fails, the code tries to migrate the filters back to the old region. However, the rollback itself can also fail in which case another migration will be err... • https://git.kernel.org/stable/c/843500518509128a935edab96bd8efef7c54669e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35852 – mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
https://notcve.org/view.php?id=CVE-2024-35852
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately. After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer indicative of t... • https://git.kernel.org/stable/c/c9c9af91f1d9a636aecc55302c792538e549a430 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35851 – Bluetooth: qca: fix NULL-deref on non-serdev suspend
https://notcve.org/view.php?id=CVE-2024-35851
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend. Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have co... • https://git.kernel.org/stable/c/c1a74160eaf1ac218733b371158432b52601beff •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35849 – btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
https://notcve.org/view.php?id=CVE-2024-35849
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include... • https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772 •