CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26872 – RDMA/srpt: Do not register event handler until srpt device is fully setup
https://notcve.org/view.php?id=CVE-2024-26872
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place. Instead, only register the event handler after srpt device initialization is complete. En el kernel de Linux, ... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26870 – NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
https://notcve.org/view.php?id=CVE-2024-26870
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_label() consumes exactly all the bytes then size is 0 when calling nfs4_listxattr_nfs4_user() which then triggers the following kernel BUG: [ 99.403778] ker... • https://git.kernel.org/stable/c/012a211abd5db098094ce429de5f046368391e68 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26869 – f2fs: fix to truncate meta inode pages forcely
https://notcve.org/view.php?id=CVE-2024-26869
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_writ... • https://git.kernel.org/stable/c/6aa58d8ad20a3323f42274c25820a6f54192422d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26866 – spi: lpspi: Avoid potential use-after-free in probe()
https://notcve.org/view.php?id=CVE-2024-26866
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of error after the latter call the memory will be explicitly freed in the probe function by spi_controller_put() call, but used afterwards by "devm" management outside probe() (spi_unregister_controller() <- devm_spi_unregister() below). Una... • https://git.kernel.org/stable/c/5314987de5e5f5e38436ef4a69328bc472bbd63e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26865 – rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
https://notcve.org/view.php?id=CVE-2024-26865
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). syzkaller reported a warning of netns tracker [0] followed by KASAN splat [1] and another ref tracker warning [1]. syzkaller could not find a repro, but in the log, the only suspicious sequence was as follows: 18:26:22 executing program 1: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ... connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @loopback}, 0x1c) (async) The notable thin... • https://git.kernel.org/stable/c/467fa15356acfb7b2efa38839c3e76caa4e6e0ea •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26863 – hsr: Fix uninit-value access in hsr_get_node()
https://notcve.org/view.php?id=CVE-2024-26863
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 fill_frame_info net/hsr/hsr_forward.c:577 [inline] hsr_forward_skb+0xe12/0x30e0 net/hsr/hsr_forward.c:615 hsr_dev_xmit+0x1a1/0x270 net/hsr/hsr_device.c... • https://git.kernel.org/stable/c/f266a683a4804dc499efc6c2206ef68efed029d0 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26862 – packet: annotate data-races around ignore_outgoing
https://notcve.org/view.php?id=CVE-2024-26862
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt write to 0xffff888107804542 of 1 bytes by task 22618 on cpu 0: packet_setsockopt+0xd83/0xfd0 net/packet/af_packet.c:4003 do_sock_setsockopt net/socket.c:2311 [inline] __sys_... • https://git.kernel.org/stable/c/fa788d986a3aac5069378ed04697bd06f83d3488 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26861 – wireguard: receive: annotate data-race around receiving_counter.counter
https://notcve.org/view.php?id=CVE-2024-26861
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE() annotations to mark the data race as intentional. BUG: KCSAN: data-race in wg_packet_decrypt_worker / wg_packet_rx_poll write to 0xffff888107765888 of 8 bytes by interrupt on cpu 0: counter_validate drivers/net/wireguard/receive.c:321 [in... • https://git.kernel.org/stable/c/a9e90d9931f3a474f04bab782ccd9d77904941e9 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26859 – net/bnx2x: Prevent access to a freed page in page_pool
https://notcve.org/view.php?id=CVE-2024-26859
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when handling reset tasks. The bnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(), which ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload() SGEs are freed using bnx2x_free_rx_sge_range(). However,... • https://git.kernel.org/stable/c/4cace675d687ebd2d813e90af80ff87ee85202f9 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52644 – wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
https://notcve.org/view.php?id=CVE-2023-52644
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabled to prevent trying to stop/wake a non-existent queue and failing to stop/wake the actual queue instantiated. Log of issue before change (with kernel parameter qos=0): [ +5.112651] ------------[ cut here ]---------... • https://git.kernel.org/stable/c/e6f5b934fba8c44c87c551e066aa7ca6fde2939e •