CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35981 – virtio_net: Do not send RSS key if it is not supported
https://notcve.org/view.php?id=CVE-2024-35981
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_comm... • https://git.kernel.org/stable/c/c7114b1249fa3b5f3a434606ba4cc89c4a27d618 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35980 – arm64: tlb: Fix TLBI RANGE operand
https://notcve.org/view.php?id=CVE-2024-35980
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: tlb: Fix TLBI RANGE operand KVM/arm64 relies on TLBI RANGE feature to flush TLBs when the dirty pages are collected by VMM and the page table entries become write protected during live migration. Unfortunately, the operand passed to the TLBI RANGE instruction isn't correctly sorted out due to the commit 117940aa6e5f ("KVM: arm64: Define kvm_tlb_flush_vmid_range()"). It leads to crash on the destination VM after live migration because... • https://git.kernel.org/stable/c/117940aa6e5f8308f1529e1313660980f1dae771 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35979 – raid1: fix use-after-free for original bio in raid1_write_request()
https://notcve.org/view.php?id=CVE-2024-35979
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set to the original bio temporarily. Meanwhile, if blocked rdev is set, free_r1bio() will be called causing that all r1_bio->bios[] to be freed: raid1_write_request() r1_bio = alloc_r1bio(mddev, bio); -> r1_bio->bios[] is NULL for (i = 0;... • https://git.kernel.org/stable/c/992db13a4aee766c8bfbf046ad15c2db5fa7cab8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35978 – Bluetooth: Fix memory leak in hci_req_sync_complete()
https://notcve.org/view.php?id=CVE-2024-35978
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete() In 'hci_req_sync_complete()', always free the previous sync request state before assigning reference to a new one. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: corrija la pérdida de memoria en hci_req_sync_complete() En 'hci_req_sync_complete()', libere siempre el estado de solicitud de sincronización anterior antes de asignar una referencia a una nueva. In ... • https://git.kernel.org/stable/c/f60cb30579d3401cab1ed36b42df5c0568ae0ba7 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35977 – platform/chrome: cros_ec_uart: properly fix race condition
https://notcve.org/view.php?id=CVE-2024-35977
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_uart: properly fix race condition The cros_ec_uart_probe() function calls devm_serdev_device_open() before it calls serdev_device_set_client_ops(). This can trigger a NULL pointer dereference: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Trace:
CVSS: 6.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35976 – xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING
https://notcve.org/view.php?id=CVE-2024-35976
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to validate setsockopt() @optlen parameter. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in xsk_setsockopt+0x909/0xa40 net/xdp/xsk.c:1420 Read o... • https://git.kernel.org/stable/c/423f38329d267969130fb6f2c685f73d72687558 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35975 – octeontx2-pf: Fix transmit scheduler resource leak
https://notcve.org/view.php?id=CVE-2024-35975
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix transmit scheduler resource leak Inorder to support shaping and scheduling, Upon class creation Netdev driver allocates trasmit schedulers. The previous patch which added support for Round robin scheduling has a bug due to which driver is not freeing transmit schedulers post class deletion. This patch fixes the same. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: octeontx2-pf: corrige la fuga de recursos d... • https://git.kernel.org/stable/c/47a9656f168a4b76a1e069ed8a67924ea8c1ac43 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35974 – block: fix q->blkg_list corruption during disk rebind
https://notcve.org/view.php?id=CVE-2024-35974
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix q->blkg_list corruption during disk rebind Multiple gendisk instances can allocated/added for single request queue in case of disk rebind. blkg may still stay in q->blkg_list when calling blkcg_init_disk() for rebind, then q->blkg_list becomes corrupted. Fix the list corruption issue by: - add blkg_init_queue() to initialize q->blkg_list & q->blkcg_mutex only - move calling blkg_init_queue() into blk_alloc_queue() The list corrup... • https://git.kernel.org/stable/c/1059699f87eb0b3aa9d574b91a572d534897134a •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-35973 – geneve: fix header validation in geneve[6]_xmit_skb
https://notcve.org/view.php?id=CVE-2024-35973
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: geneve: fix header validation in geneve[6]_xmit_skb syzbot is able to trigger an uninit-value in geneve_xmit() [1] Problem : While most ip tunnel helpers (like ip_tunnel_get_dsfield()) uses skb_protocol(skb, true), pskb_inet_may_pull() is only using skb->protocol. If anything else than ETH_P_IPV6 or ETH_P_IP is found in skb->protocol, pskb_inet_may_pull() does nothing at all. If a vlan tag was provided by the caller (af_packet in the syzbot... • https://git.kernel.org/stable/c/35385daa8db320d2d9664930c28e732578b0d7de •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35972 – bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()
https://notcve.org/view.php?id=CVE-2024-35972
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() If ulp = kzalloc() fails, the allocated edev will leak because it is not properly assigned and the cleanup path will not be able to free it. Fix it by assigning it properly immediately after allocation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bnxt_en: corrige una posible pérdida de memoria en bnxt_rdma_aux_device_init() Si ulp = kzalloc() falla, el edev... • https://git.kernel.org/stable/c/30343221132430c24b468493c861f71e2bad131f • CWE-401: Missing Release of Memory after Effective Lifetime •