CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26938 – drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
https://notcve.org/view.php?id=CVE-2024-26938
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: dr... • https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26937 – drm/i915/gt: Reset queue_priority_hint on parking
https://notcve.org/view.php?id=CVE-2024-26937
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed. T... • https://git.kernel.org/stable/c/22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26935 – scsi: core: Fix unremoved procfs host directory regression
https://notcve.org/view.php?id=CVE-2024-26935
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potential duplicate call to the hostdir_rm() routine, since it's also called from scsi_host_dev_release(). That triggered a regression report, which was then fixe... • https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26934 – USB: core: Fix deadlock in usb_deauthorize_interface()
https://notcve.org/view.php?id=CVE-2024-26934
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a c... • https://git.kernel.org/stable/c/310d2b4124c073a2057ef9d952d4d938e9b1dfd9 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26933 – USB: core: Fix deadlock in port "disable" sysfs attribute
https://notcve.org/view.php?id=CVE-2024-26933
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be removed, and... • https://git.kernel.org/stable/c/f061f43d7418cb62b8d073e221ec75d3f5b89e17 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26931 – scsi: qla2xxx: Fix command flush on cable pull
https://notcve.org/view.php?id=CVE-2024-26931
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Workqueue: nvme-wq nvme_fc_... • https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26930 – scsi: qla2xxx: Fix double free of the ha->vp_map pointer
https://notcve.org/view.php?id=CVE-2024-26930
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Corrección de doble liberación del puntero ha->vp_map Coverity scan informó ... • https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52648 – drm/vmwgfx: Unmap the surface before resetting it on a plane state
https://notcve.org/view.php?id=CVE-2023-52648
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the variable indicating whether the surface is currently mapped was not being reset. This leads to crashes as the duplicated state, incorrectly, indicates the that surface is mapped even when no surface is present. That's ... • https://git.kernel.org/stable/c/485d98d472d53f9617ffdfba5e677ac29ad4fe20 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52647 – media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access
https://notcve.org/view.php?id=CVE-2023-52647
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Check whether crossbar pad is non-NULL before access When translating source to sink streams in the crossbar subdev, the driver tries to locate the remote subdev connected to the sink pad. The remote pad may be NULL, if userspace tries to enable a stream that ends at an unconnected crossbar sink. When that occurs, the driver dereferences the NULL pad, leading to a crash. Prevent the crash by checking if the pad is NULL... • https://git.kernel.org/stable/c/cf21f328fcafacf4f96e7a30ef9dceede1076378 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26928 – smb: client: fix potential UAF in cifs_debug_files_proc_show()
https://notcve.org/view.php?id=CVE-2024-26928
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_debug_files_proc_show() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A flaw was found in the Linux kernel. The following vulnerability has been resolved... • https://git.kernel.org/stable/c/229042314602db62559ecacba127067c22ee7b88 • CWE-416: Use After Free •