CVSS: 8.1EPSS: 0%CPEs: 54EXPL: 93CVE-2024-6387 – Openssh: regresshion - race condition in ssh allows rce/dos
https://notcve.org/view.php?id=CVE-2024-6387
01 Jul 2024 — A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period. Se encontró una condición de ejecución del controlador de señales en el servidor de OpenSSH (sshd), donde un cliente no se autentica dentro de los segundos de LoginGraceTime (120 de forma predeterminada, 600 en versiones anter... • https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39471 – drm/amdgpu: add error handle to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2024-39471
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL. In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINV... • https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39470 – eventfs: Fix a possible null pointer dereference in eventfs_find_events()
https://notcve.org/view.php?id=CVE-2024-39470
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL. In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eve... • https://git.kernel.org/stable/c/628adb842bd5e1c2c598534a7a022b8235289de6 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39469 – nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
https://notcve.org/view.php?id=CVE-2024-39469
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_e... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-39468 – smb: client: fix deadlock in smb2_find_smb_tcon()
https://notcve.org/view.php?id=CVE-2024-39468
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix deadlock in smb2_find_smb_tcon() Unlock cifs_tcp_ses_lock before calling cifs_put_smb_ses() to avoid such deadlock. • https://git.kernel.org/stable/c/b055752675cd1d1db4ac9c2750db3dc3e89ea261 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39467 – f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()
https://notcve.org/view.php?id=CVE-2024-39467
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ================================================================== BUG: KASAN: slab-out-of-bounds in f2fs_test_bit fs/f2fs/f2fs.h:2933 [inline] BUG: KASAN: slab-out-of-bounds in current_nat_addr fs/f2fs/node.h:213 [inline] BUG: KASAN: slab-out-of-bounds in f2fs_get_node_... • https://git.kernel.org/stable/c/c559a8d840562fbfce9f318448dda2f7d3e6d8e8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39466 – thermal/drivers/qcom/lmh: Check for SCM availability at probe
https://notcve.org/view.php?id=CVE-2024-39466
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading to possible null pointer dereferences (which did happen for me on RB1). In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/qcom/lmh: Check for SCM availability at probe Up until now, the necessary scm availability check has not been performed, leading ... • https://git.kernel.org/stable/c/53bca371cdf7addc1e93e1b99285b3d3935685ec •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39465 – media: mgb4: Fix double debugfs remove
https://notcve.org/view.php?id=CVE-2024-39465
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child which causes a kernel panic. [hverkuil: added Fixes/Cc tags] In the Linux kernel, the following vulnerability has been resolved: media: mgb4: Fix double debugfs remove Fixes an error where debugfs_remove_recursive() is called first on a parent directory and then again on a child... • https://git.kernel.org/stable/c/0ab13674a9bd10514486cf1670d71dbd8afec421 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39464 – media: v4l: async: Fix notifier list entry init
https://notcve.org/view.php?id=CVE-2024-39464
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix notifier list entry init struct v4l2_async_notifier has several list_head members, but only waiting_list and done_list are initialized. • https://git.kernel.org/stable/c/b8ec754ae4c563f6aab8c0cb47aeb2eae67f1da3 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39463 – 9p: add missing locking around taking dentry fid list
https://notcve.org/view.php?id=CVE-2024-39463
25 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: addition on 0; use-after-free. p9_fid_get linux/./include/net/9p/client.h:262 v9fs_fid_find+0x236/0x280 linux/fs/9p/fid.c:129 v9fs_fid_lookup_with_uid linux/fs/9p/fid.c:181 v9fs_fid_lookup+0xbf/0xc20 linux