CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26950 – wireguard: netlink: access device through ctx instead of peer
https://notcve.org/view.php?id=CVE-2024-26950
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers. E... • https://git.kernel.org/stable/c/e7096c131e5161fa3b8e52a650d7719d2857adfd •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26948 – drm/amd/display: Add a dc_state NULL check in dc_state_release
https://notcve.org/view.php?id=CVE-2024-26948
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregue una verificación dc_state NULL en dc_state_release [Cómo] Verifique si el estado es NULL antes de liberarlo. • https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26947 – ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
https://notcve.org/view.php?id=CVE-2024-26947
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed memory map alignment") changes the semantics of pfn_valid() to check presence of the memory map for a PFN. A valid page for an address which is reserved but not mapped by the kernel[1], the system crashed during some uio test with the following memory layout: node 0: [mem 0x00000000c0... • https://git.kernel.org/stable/c/a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 • CWE-439: Behavioral Change in New Version or Environment •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26946 – kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
https://notcve.org/view.php?id=CVE-2024-26946
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ] En el kernel de Linux, se ... • https://git.kernel.org/stable/c/cc66bb91457827f62e2b6cb2518666820f0a6c48 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26944 – btrfs: zoned: fix use-after-free in do_zone_finish()
https://notcve.org/view.php?id=CVE-2024-26944
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0 ================================================================== BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs] Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/34... • https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26943 – nouveau/dmem: handle kcalloc() allocation failure
https://notcve.org/view.php?id=CVE-2024-26943
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no ne... • https://git.kernel.org/stable/c/249881232e1471d28b68f9a3829acc14d150cf5d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26940 – drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed
https://notcve.org/view.php?id=CVE-2024-26940
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed The driver creates /sys/kernel/debug/dri/0/mob_ttm even when the corresponding ttm_resource_manager is not allocated. This leads to a crash when trying to read from this file. Add a check to create mob_ttm, system_mob_ttm, and gmr_ttm debug file only when the corresponding ttm_resource_manager is allocated. crash> bt PID: 3133409 TASK: ffff8fe4834a5000 CPU: 3 COMM... • https://git.kernel.org/stable/c/af4a25bbe5e7e60ff696ef5c1ec48ab2d51c17c6 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26939 – drm/i915/vma: Fix UAF on destroy against retire race
https://notcve.org/view.php?id=CVE-2024-26939
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. [161.359441] ODEBUG: free active (active state 0) object: ffff88811643b958 object type: i915_active hint: __i915_vma_active+0x0/0x50 [i915] [161.360082] WARNING: CPU: 5 PID: 276 at lib/debugobjects.c:514 debug_print_object+0x80/0xb0 ... [161.... • https://git.kernel.org/stable/c/d93939730347360db0afe6a4367451b6f84ab7b1 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26938 – drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
https://notcve.org/view.php?id=CVE-2024-26938
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad... • https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26937 – drm/i915/gt: Reset queue_priority_hint on parking
https://notcve.org/view.php?id=CVE-2024-26937
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed.... • https://git.kernel.org/stable/c/22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 • CWE-617: Reachable Assertion •