CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35991 – dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue
https://notcve.org/view.php?id=CVE-2024-35991
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue drain_workqueue() cannot be called safely in a spinlocked context due to possible task rescheduling. In the multi-task scenario, calling queue_work() while drain_workqueue() will lead to a Call Trace as pushing a work on a draining workqueue is not permitted in spinlocked context. Call Trace: <TASK> ? __warn+0x7d/0x140 ? __queue_work+0x2b2/0x440 ? • https://git.kernel.org/stable/c/c40bd7d9737bdcfb02d42765bc6c59b338151123 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35990 – dma: xilinx_dpdma: Fix locking
https://notcve.org/view.php?id=CVE-2024-35990
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ 31.077831] WARNING: CPU: 2 PID: 40 at drivers/dma/xilinx/xilinx_dpdma.c:834 xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.077953] Modules linked in: [ 31.078019] CPU: 2 PID: 40 Comm: kworker/u12:1 Not tainted 6.6.20+... • https://git.kernel.org/stable/c/7cbb0c63de3fc218fd06ecfedb477772a4d12f76 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35989 – dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
https://notcve.org/view.php?id=CVE-2024-35989
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-p... • https://git.kernel.org/stable/c/81dd4d4d6178306ab31db91bdc7353d485bdafce •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35988 – riscv: Fix TASK_SIZE on 64-bit NOMMU
https://notcve.org/view.php?id=CVE-2024-35988
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access routines. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: riscv: corrige TASK_SIZE en NOMMU de 64 bits En NOMMU, la memoria del espacio de usuario puede provenir de cualquier lugar de la RAM física. La... • https://git.kernel.org/stable/c/6bd33e1ece528f67646db33bf97406b747dafda0 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35987 – riscv: Fix loading 64-bit NOMMU kernels past the start of RAM
https://notcve.org/view.php?id=CVE-2024-35987
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix loading 64-bit NOMMU kernels past the start of RAM commit 3335068f8721 ("riscv: Use PUD/P4D/PGD pages for the linear mapping") added logic to allow using RAM below the kernel load address. However, this does not work for NOMMU, where PAGE_OFFSET is fixed to the kernel load address. Since that range of memory corresponds to PFNs below ARCH_PFN_OFFSET, mm initialization runs off the beginning of mem_map and corrupts adjacent kernel... • https://git.kernel.org/stable/c/3335068f87217ea59d08f462187dc856652eea15 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35986 – phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered
https://notcve.org/view.php?id=CVE-2024-35986
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The power_supply frame-work is not really designed for there to be long living in kernel references to power_supply devices. Specifically unregistering a power_supply while some other code has a reference to it triggers a WARN in power_supply_unregister(): WARN_ON(atomic_dec_return(&psy->use_cnt)); Folllowed by the power_supply still getting removed and the backing ... • https://git.kernel.org/stable/c/48969a5623ed918713552e2b4f9d391c89b5e838 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35985 – sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf()
https://notcve.org/view.php?id=CVE-2024-35985
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Prevent vlag from going out of bounds in reweight_eevdf() It was possible to have pick_eevdf() return NULL, which then causes a NULL-deref. This turned out to be due to entity_eligible() returning falsely negative because of a s64 multiplcation overflow. Specifically, reweight_eevdf() computes the vlag without considering the limit placed upon vlag as update_entity_lag() does, and then the scaling multiplication (remember that ... • https://git.kernel.org/stable/c/14204acc09f652169baed1141c671429047b1313 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35984 – i2c: smbus: fix NULL function pointer dereference
https://notcve.org/view.php?id=CVE-2024-35984
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c: smbus: corrige la de... • https://git.kernel.org/stable/c/63453b59e41173241c4efe9335815f6432fa8586 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35983 – bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
https://notcve.org/view.php?id=CVE-2024-35983
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: límites: utilice el número correcto de bits para potencia de dos CONFIG_NR_CPUS bits_per() redondea a la siguiente potencia de dos cuando se pasa una potencia de dos. Esto provo... • https://git.kernel.org/stable/c/d6077e0d38b4953c863d0db4a5b3f41d21e0d546 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35982 – batman-adv: Avoid infinite loop trying to resize local TT
https://notcve.org/view.php?id=CVE-2024-35982
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a single packet. But if the MTU becomes too low to transmit even the header + the VLAN specific part then the resizing of the local TT will never succeed. This can for example happen when the usable space is 110 byt... • https://git.kernel.org/stable/c/a19d3d85e1b854e4a483a55d740a42458085560d • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •