CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-35955 – kprobes: Fix possible use-after-free issue on kprobe registration
https://notcve.org/view.php?id=CVE-2024-35955
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE_STATE_LIVE and MODULE_STATE_GOING. If we use `is_module_text_address()` and `__module_text_address()` separately, there is a chance that the first one is succee... • https://git.kernel.org/stable/c/1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35954 – scsi: sg: Avoid sg device teardown race
https://notcve.org/view.php?id=CVE-2024-35954
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Avoid sg device teardown race sg_remove_sfp_usercontext() must not use sg_device_destroy() after calling scsi_device_put(). sg_device_destroy() is accessing the parent scsi_device request_queue which will already be set to NULL when the preceding call to scsi_device_put() removed the last reference to the parent scsi_device. The resulting NULL pointer exception will then crash the kernel. En el kernel de Linux, se resolvió la sigu... • https://git.kernel.org/stable/c/db59133e927916d8a25ee1fd8264f2808040909d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35953 – accel/ivpu: Fix deadlock in context_xa
https://notcve.org/view.php?id=CVE-2024-35953
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in context_xa ivpu_device->context_xa is locked both in kernel thread and IRQ context. It requires XA_FLAGS_LOCK_IRQ flag to be passed during initialization otherwise the lock could be acquired from a thread and interrupted by an IRQ that locks it for the second time causing the deadlock. This deadlock was reported by lockdep and observed in internal tests. En el kernel de Linux, se resolvió la siguiente vulnerabili... • https://git.kernel.org/stable/c/35b137630f08d913fc2e33df33ccc2570dff3f7d •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35952 – drm/ast: Fix soft lockup
https://notcve.org/view.php?id=CVE-2024-35952
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/ast: Fix soft lockup There is a while-loop in ast_dp_set_on_off() that could lead to infinite-loop. This is because the register, VGACRI-Dx, checked in this API is a scratch register actually controlled by a MCU, named DPMCU, in BMC. These scratch registers are protected by scu-lock. If suc-lock is not off, DPMCU can not update these registers and then host will have soft lockup due to never updated status. DPMCU is used to control DP a... • https://git.kernel.org/stable/c/594e9c04b5864b4b8b151ef4ba9521c59e0f5c54 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35951 – drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()
https://notcve.org/view.php?id=CVE-2024-35951
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() Subject: [PATCH] drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() If some the pages or sgt allocation failed, we shouldn't release the pages ref we got earlier, otherwise we will end up with unbalanced get/put_pages() calls. We should instead leave everything in place and let the BO release function deal with extra cleanup when the object is destroyed, or let... • https://git.kernel.org/stable/c/187d2929206e6b098312c174ea873e4cedf5420d •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35950 – drm/client: Fully protect modes[] with dev->mode_config.mutex
https://notcve.org/view.php?id=CVE-2024-35950
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend modes[] the same protection or by the time we use it the elements may already be pointing to freed/reused memory. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/client: Protege completamente los modos[] con dev-&... • https://git.kernel.org/stable/c/5a2f957e3c4553bbb100504a1acfeaeb33f4ca4e •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35949 – btrfs: make sure that WRITTEN is set on all metadata blocks
https://notcve.org/view.php?id=CVE-2024-35949
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if we had WRITTEN set on the header flags. This leaves a gap in our checking, because we could end up with corruption on disk where WRITTEN isn't set on the leaf, and then the extended leaf checks don't get run which we rely on to valid... • https://git.kernel.org/stable/c/ef3ba8ce8cf7075b716aa4afcefc3034215878ee •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35948 – bcachefs: Check for journal entries overruning end of sb clean section
https://notcve.org/view.php?id=CVE-2024-35948
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: Check for journal entries overruning end of sb clean section Fix a missing bounds check in superblock validation. Note that we don't yet have repair code for this case - repair code for individual items is generally low priority, since the whole superblock is checksummed, validated prior to write, and we have backups. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bcachefs: comprueba si hay entradas de diario q... • https://git.kernel.org/stable/c/1c6fdbd8f2465ddfb73a01ec620cbf3d14044e1a • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35947 – dyndbg: fix old BUG_ON in >control parser
https://notcve.org/view.php?id=CVE-2024-35947
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dyndbg: corrige el antiguo BUG_ON en >control parser. Corrige un BUG_ON de 2009. Incluso si parece "unreachable" (realmente no lo miré), asegurémonos eliminándolo. haciendo pr_err y... • https://git.kernel.org/stable/c/3c718bddddca9cbef177ac475b94c5c91147fb38 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35946 – wifi: rtw89: fix null pointer access when abort scan
https://notcve.org/view.php?id=CVE-2024-35946
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix null pointer access when abort scan During cancel scan we might use vif that weren't scanning. Fix this by using the actual scanning vif. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtw89: corrige el acceso al puntero null al cancelar el escaneo. Durante la cancelación del escaneo podríamos usar vif que no estaban escaneando. Solucione este problema utilizando el vif de escaneo real. In the Linu... • https://git.kernel.org/stable/c/e3ec7017f6a20d12ddd9fe23d345ebb7b8c104dd •