CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41074 – cachefiles: Set object to close if ondemand_id < 0 in copen
https://notcve.org/view.php?id=CVE-2024-41074
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. • https://git.kernel.org/stable/c/703bea37d13e4ccdafd17ae7c4cb583752ba7663 https://git.kernel.org/stable/c/c32ee78fbc670e6f90989a45d340748e34cad333 https://git.kernel.org/stable/c/0845c553db11c84ff53fccd59da11b6d6ece4a60 https://git.kernel.org/stable/c/4f8703fb3482f92edcfd31661857b16fec89c2c0 •
CVSS: 5.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41073 – nvme: avoid double free special payload
https://notcve.org/view.php?id=CVE-2024-41073
In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. ... A flaw was found in the Linux kernel, where the following issue has been resolved: nvme: avoid double free special payload. • https://git.kernel.org/stable/c/c5942a14f795de957ae9d66027aac8ff4fe70057 https://git.kernel.org/stable/c/f3ab45aacd25d957547fb6d115c1574c20964b3b https://git.kernel.org/stable/c/ae84383c96d6662c24697ab6b44aae855ab670aa https://git.kernel.org/stable/c/1b9fd1265fac85916f90b4648de02adccdb7220b https://git.kernel.org/stable/c/e5d574ab37f5f2e7937405613d9b1a724811e5ad https://access.redhat.com/security/cve/CVE-2024-41073 https://bugzilla.redhat.com/show_bug.cgi?id=2301637 • CWE-415: Double Free •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41072 – wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
https://notcve.org/view.php?id=CVE-2024-41072
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. • https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79 https://git.kernel.org/stable/c/de5fcf757e33596eed32de170ce5a93fa44dd2ac https://git.kernel.org/stable/c/6295bad58f988eaafcf0e6f8b198a580398acb3b https://git.kernel.org/stable/c/a43cc0558530b6c065976b6b9246f512f8d3593b https://git.kernel.org/stable/c/001120ff0c9e3557dee9b5ee0d358e0fc189996f https://git.kernel.org/stable/c/fe9644efd86704afe50e56b64b609de340ab7c95 https://git.kernel.org/stable/c/35cee10ccaee5bd451a480521bbc25dc9f07fa5b https://git.kernel.org/stable/c/6ef09cdc5ba0f93826c09d810c141a8d1 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41071 – wifi: mac80211: Avoid address calculations via out of bounds array indexing
https://notcve.org/view.php?id=CVE-2024-41071
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Avoid address calculations via out of bounds array indexing req->n_channels must be set before req->channels[] can be used. This patch fixes one of the issues encountered in [1]. [ 83.964255] UBSAN: array-index-out-of-bounds in net/mac80211/scan.c:364:4 [ 83.964258] index 0 is out of range for type 'struct ieee80211_channel *[]' [...] [ 83.964264] Call Trace: [ 83.964267] <TASK> [ 83.964269] dump_stack_lvl+0x3f/0xc0 [ 83.964274] __ubsan_handle_out_of_bounds+0xec/0x110 [ 83.964278] ieee80211_prep_hw_scan+0x2db/0x4b0 [ 83.964281] __ieee80211_start_scan+0x601/0x990 [ 83.964291] nl80211_trigger_scan+0x874/0x980 [ 83.964295] genl_family_rcv_msg_doit+0xe8/0x160 [ 83.964298] genl_rcv_msg+0x240/0x270 [...] [1] https://bugzilla.kernel.org/show_bug.cgi?id=218810 An out-of-bounds buffer overflow has been found in the Linux kernel’s mac80211 subsystem when scanning for SSIDs. • https://git.kernel.org/stable/c/a2bb0c5d0086be5ab5054465dfaa381a1144905c https://git.kernel.org/stable/c/26b177ecdd311f20de4c379f0630858a675dfc0c https://git.kernel.org/stable/c/4f43a614b1b84f0d1e3c48cc541c3bfdf414a6d0 https://git.kernel.org/stable/c/2663d0462eb32ae7c9b035300ab6b1523886c718 https://access.redhat.com/security/cve/CVE-2024-41071 https://bugzilla.redhat.com/show_bug.cgi?id=2300448 • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41070 – KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
https://notcve.org/view.php?id=CVE-2024-41070
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). It looks up `stt` from tablefd, but then continues to use it after doing fdput() on the returned fd. • https://git.kernel.org/stable/c/be847bb20c809de8ac124431b556f244400b0491 https://git.kernel.org/stable/c/4cdf6926f443c84f680213c7aafbe6f91a5fcbc0 https://git.kernel.org/stable/c/b26c8c85463ef27a522d24fcd05651f0bb039e47 https://git.kernel.org/stable/c/5f856023971f97fff74cfaf21b48ec320147b50a https://git.kernel.org/stable/c/82c7a4cf14aa866f8f7f09e662b02eddc49ee0bf https://git.kernel.org/stable/c/9975f93c760a32453d7639cf6fcf3f73b4e71ffe https://git.kernel.org/stable/c/a986fa57fd81a1430e00b3c6cf8a325d6f894a63 •