CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26927 – ASoC: SOF: Add some bounds checking to firmware data
https://notcve.org/view.php?id=CVE-2024-26927
28 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However, it's easy enough to add a check for negatives, and let's add a upper bounds check as well. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: agregue algunas comprobaciones de los límites a los datos del firmwa... • https://git.kernel.org/stable/c/d2458baa799fff377660d86323dd20a3f4deecb4 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26926 – binder: check offset alignment in binder_get_object()
https://notcve.org/view.php?id=CVE-2024-26926
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy_from_buffer() -> check_buffer(). These calls were replaced in binder_get_object() with copy_from_user(), so now an explicit offset alignment check is nee... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26925 – netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path
https://notcve.org/view.php?id=CVE-2024-26925
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock within the same GC sequence. nf_tables_module_autoload() temporarily releases the mutex to load module dependencies, then it goes back to replay the transaction aga... • https://git.kernel.org/stable/c/4b6346dc1edfb9839d6edee7360ed31a22fa6c95 • CWE-667: Improper Locking •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26924 – netfilter: nft_set_pipapo: do not free live element
https://notcve.org/view.php?id=CVE-2024-26924
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delete one that was just added ... add_elem("00005000") timeout 100 ms 1) nft_pipapo_remove() removes element 0000000X Then, KASAN shows a splat. Looking at the remove f... • https://git.kernel.org/stable/c/3c4287f62044a90e73a561aa05fc46e62da173da • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26923 – af_unix: Fix garbage collector racing against connect()
https://notcve.org/view.php?id=CVE-2024-26923
24 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different set of children. Leading to an incorrectly elevated inflight count, and then a dangling pointer within the gc_inflight_list. sockets are AF_UNIX/SOCK_STREAM S is a... • https://git.kernel.org/stable/c/1fd05ba5a2f2aa8e7b9b52ef55df850e2e7d54c9 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26922 – drm/amdgpu: validate the parameters of bo mapping operations more clearly
https://notcve.org/view.php?id=CVE-2024-26922
23 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: valide los parámetros de las operaciones de mapeo de bo con mayor claridad. Verifique los parámetros de amdgpu_vm_bo_(map/replace_map/clearing_mappings) en un lugar común. In the Linux kernel, the... • https://git.kernel.org/stable/c/dc54d3d1744d23ed0b345fd8bc1c493b74e8df44 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26921 – inet: inet_defrag: prevent sk release while still in use
https://notcve.org/view.php?id=CVE-2024-26921
18 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call returns, the sk must not be released. This affects skb fragments reassembled via netfilter or similar modules, e.g. openvswitch or ct_act.c, when run as part of tx pipeline. Eric Dumazet made an initial analysis of this bug. Quoting Eric: ... • https://git.kernel.org/stable/c/7026b1ddb6b8d4e6ee33dc2bd06c0ca8746fa7ab • CWE-124: Buffer Underwrite ('Buffer Underflow') •
CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2024-26920 – tracing/trigger: Fix to return error if failed to alloc snapshot
https://notcve.org/view.php?id=CVE-2024-26920
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rastreo/activador: Corrección para devolver error si no se pudo asignar la instantánea. Corrección de Register_snapshot_trigger() para de... • https://git.kernel.org/stable/c/57f2a2ad73e99a7594515848f4da987326a15981 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26919 – usb: ulpi: Fix debugfs directory leak
https://notcve.org/view.php?id=CVE-2024-26919
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpi_unregister_interface tries to remove a debugfs directory named after the ulpi device itself. This results in the directory sticking around and preventing subsequent (deferred) probes from succeeding. Change the directory name to match the ulpi device. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: ul... • https://git.kernel.org/stable/c/bd0a0a024f2a41e7cc8eadb9862f82c45884b69c •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26918 – PCI: Fix active state requirement in PME polling
https://notcve.org/view.php?id=CVE-2024-26918
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: Fix active state requirement in PME polling The commit noted in fixes added a bogus requirement that runtime PM managed devices need to be in the RPM_ACTIVE state for PME polling. In fact, only devices in low power states should be polled. However there's still a requirement that the device config space must be accessible, which has implications for both the current state of the polled device and the parent bridge, when present. It's n... • https://git.kernel.org/stable/c/d3fcd7360338358aa0036bec6d2cf0e37a0ca624 •