CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35965 – Bluetooth: L2CAP: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35965
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: L2CAP: solución que no valida la entrada del usuario de setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. Ubuntu Security Notice 7179-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a... • https://git.kernel.org/stable/c/33575df7be6748292f88453f29319af6d639c5c8 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35964 – Bluetooth: ISO: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35964
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: ISO: Corrección al no validar la entrada del usuario setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. • https://git.kernel.org/stable/c/ccf74f2390d60a2f9a75ef496d2564abb478f46a •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35963 – Bluetooth: hci_sock: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35963
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sock: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_sock: solución que no valida la entrada del usuario setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. Ubuntu Security Notice 7179-1 - Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel containe... • https://git.kernel.org/stable/c/09572fca7223bcf32c9f0d5e100d8381a81d55f4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35962 – netfilter: complete validation of user input
https://notcve.org/view.php?id=CVE-2024-35962
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the @optlen validation before even calling xt_alloc_table_info() with the following check: if ((u64)optlen < (u64)tmp.size + sizeof(tmp)) return -EINVAL; En el kernel de Linux, se resolvió la siguiente vulnerabilida... • https://git.kernel.org/stable/c/0f038242b77ddfc505bf4163d4904c1abd2e74d6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35961 – net/mlx5: Register devlink first under devlink lock
https://notcve.org/view.php?id=CVE-2024-35961
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Register devlink first under devlink lock In case device is having a non fatal FW error during probe, the driver will report the error to user via devlink. This will trigger a WARN_ON, since mlx5 is calling devlink_register() last. In order to avoid the WARN_ON[1], change mlx5 to invoke devl_register() first under devlink lock. [1] WARNING: CPU: 5 PID: 227 at net/devlink/health.c:483 devlink_recover_notify.constprop.0+0xb8/0xc0 CP... • https://git.kernel.org/stable/c/cf530217408e3686f7002429769ede59dd931151 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35960 – net/mlx5: Properly link new fs rules into the tree
https://notcve.org/view.php?id=CVE-2024-35960
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules instead of creating new ones. These two behaviors can result in a situation where create_flow_handle 1) creates a new rule and references it, then 2) in a subsequent ste... • https://git.kernel.org/stable/c/74491de937125d0c98c9b9c9208b4105717a3caa • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35959 – net/mlx5e: Fix mlx5e_priv_init() cleanup flow
https://notcve.org/view.php?id=CVE-2024-35959
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockdep_is_held(). Acquire the state_lock in mlx5e_selq_cleanup(). Kernel log: ============================= WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted ----------------------------- drivers/net/ethernet/mellanox... • https://git.kernel.org/stable/c/8bf30be75069d6080659de9a28565c048f6cef9b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35958 – net: ena: Fix incorrect descriptor free behavior
https://notcve.org/view.php?id=CVE-2024-35958
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all descriptors in a TX queue and unmaps + frees every descriptor that hasn't been acknowledged yet by the device (uncompleted TX transactions). The function as... • https://git.kernel.org/stable/c/548c4940b9f1f527f81509468dd60b61418880b6 •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35957 – iommu/vt-d: Fix WARN_ON in iommu probe path
https://notcve.org/view.php?id=CVE-2024-35957
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each device. It assumes that each device has a unique source ID. This assumption is incorrect and the VT-d spec doesn't state this requirement either. The reason for using a rbtree to track devices is to look up the device with PCI bus and... • https://git.kernel.org/stable/c/c618d446f1d64bdc9e426bab5e8619f224cde2ae •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35956 – btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
https://notcve.org/view.php?id=CVE-2024-35956
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. When quota groups (squota or qgroups) are enabled, this reserves qgroup metadata of type PREALLOC. Once the operation is associated to a... • https://git.kernel.org/stable/c/e85fde5162bf1b242cbd6daf7dba0f9b457d592b •