CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26669 – net/sched: flower: Fix chain template offload
https://notcve.org/view.php?id=CVE-2024-26669
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the 'FLOW_BLOCK_UNBIND' command. The stack then continues to replay the removal of the filters in the block for this driver by iterating over the chains in the block and invoking the 'reoffload' operation of the classifier being used. In t... • https://git.kernel.org/stable/c/bbf73830cd48cff1599811d4f69c7cfd49c7b869 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26668 – netfilter: nft_limit: reject configurations that cause integer overflow
https://notcve.org/view.php?id=CVE-2024-26668
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_limit: rechazar configuraciones que causan desbordamiento de enteros Rechazar configuraciones fa... • https://git.kernel.org/stable/c/d2168e849ebf617b2b7feae44c0c0baf739cb610 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26667 – drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
https://notcve.org/view.php?id=CVE-2024-26667
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in dpu_encoder_helper_phys_cleanup() which had assumed hw_pp will always be valid which may not necessarily be true. Lets fix the other conditional block by making sure hw_pp is valid before dereferencing it. Patchwork... • https://git.kernel.org/stable/c/ae4d721ce10057a4aa9f0d253e0d460518a9ef75 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26665 – tunnels: fix out of bounds access when building IPv6 PMTU error
https://notcve.org/view.php?id=CVE-2024-26665
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26664 – hwmon: (coretemp) Fix out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2024-26664
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwmon: (coretemp) Arreglar el acceso a memoria fuera de los límites Arreglar un error que pdata->cpu_map[] está configurado antes de la verificación de los límites. El problema pod... • https://git.kernel.org/stable/c/4f9dcadc55c21b39b072bb0882362c7edc4340bc • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26663 – tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
https://notcve.org/view.php?id=CVE-2024-26663
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26662 – drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'
https://notcve.org/view.php?id=CVE-2024-26662
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' 'panel_cntl' structure used to control the display panel could be null, dereferencing it could lead to a null pointer access. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250) En el kernel de Linux, se ha resuelto la siguiente ... • https://git.kernel.org/stable/c/474ac4a875ca6fea3fc5183d3ad22ef7523dca53 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26661 – drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'
https://notcve.org/view.php?id=CVE-2024-26661
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregue prueba NULL para 'generador de sincronización' en 'dcn21_set_pipe()' en "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pi... • https://git.kernel.org/stable/c/474ac4a875ca6fea3fc5183d3ad22ef7523dca53 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26660 – drm/amd/display: Implement bounds check for stream encoder creation in DCN301
https://notcve.org/view.php?id=CVE-2024-26660
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access ... • https://git.kernel.org/stable/c/3a83e4e64bb1522ddac67ffc787d1c38291e1a65 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26659 – xhci: handle isoc Babble and Buffer Overrun events properly
https://notcve.org/view.php?id=CVE-2024-26659
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior e... • https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •