CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27432 – net: ethernet: mtk_eth_soc: fix PPE hanging issue
https://notcve.org/view.php?id=CVE-2024-27432
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix PPE hanging issue A patch to resolve an issue was found in MediaTek's GPL-licensed SDK: In the mtk_ppe_stop() function, the PPE scan mode is not disabled before disabling the PPE. This can potentially lead to a hang during the process of disabling the PPE. Without this patch, the PPE may experience a hang during the reboot test. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet:... • https://git.kernel.org/stable/c/ba37b7caf1ed2395cc84d8f823ff933975f1f789 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52660 – media: rkisp1: Fix IRQ handling due to shared interrupts
https://notcve.org/view.php?id=CVE-2023-52660
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ handling due to shared interrupts The driver requests the interrupts as IRQF_SHARED, so the interrupt handlers can be called at any time. If such a call happens while the ISP is powered down, the SoC will hang as the driver tries to access the ISP registers. This can be reproduced even without the platform sharing the IRQ line: Enable CONFIG_DEBUG_SHIRQ and unload the driver, and the board will hang. Fix this by addin... • https://git.kernel.org/stable/c/25cb42af9ffabffec499e9e69e2fd3797774ce5b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27431 – cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
https://notcve.org/view.php?id=CVE-2024-27431
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of t... • https://git.kernel.org/stable/c/9216477449f33cdbc9c9a99d49f500b7fbb81702 • CWE-908: Use of Uninitialized Resource •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27419 – netrom: Fix data-races around sysctl_net_busy_read
https://notcve.org/view.php?id=CVE-2024-27419
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netrom: corrige carreras de datos alrededor de sysctl_net_busy_read Necesitamos proteger al lector que lee el valor de sysctl porque el valor se puede cambiar simultáneamente. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27418 – net: mctp: take ownership of skb in mctp_local_output
https://notcve.org/view.php?id=CVE-2024-27418
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred until the actual output routing occurs. Instead, make mctp_local_output free the skb on all error paths up to the route action, so it always consumes the passed skb. En el kernel de Linux, se resolvió la siguiente v... • https://git.kernel.org/stable/c/833ef3b91de692ef33b800bca6b1569c39dece74 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27417 – ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
https://notcve.org/view.php?id=CVE-2024-27417
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: soluciona una posible fuga de "struct net" en inet6_rtm_getaddr() Parece que si el espacio de usuario proporciona un valo... • https://git.kernel.org/stable/c/6ecf4c37eb3e89b0832c9616089a5cdca3747da7 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27416 – Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
https://notcve.org/view.php?id=CVE-2024-27416
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_event: Corrige el manejo de HCI_EV_IO_CAPA_REQUEST Si recibimos HCI_EV_IO_CAPA_REQUEST mientras HCI_OP_READ_REMOTE_EXT_... • https://git.kernel.org/stable/c/ccb8618c972f941ebc6b2b9db491025b3369efcb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27415 – netfilter: bridge: confirm multicast packets before passing them up the stack
https://notcve.org/view.php?id=CVE-2024-27415
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27414 – rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
https://notcve.org/view.php?id=CVE-2024-27414
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic in the function `rtnl_bridge_setlink` to enable the loop to also check the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment removed the `break` statement and led to an error logic of the flags writing back at the end of th... • https://git.kernel.org/stable/c/ad46d4861ed36315d3d9e838723ba3e367ecc042 •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27413 – efi/capsule-loader: fix incorrect allocation size
https://notcve.org/view.php?id=CVE-2024-27413
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzall... • https://git.kernel.org/stable/c/f24c4d478013d82bd1b943df566fff3561d52864 •