CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48669 – powerpc/pseries: Fix potential memleak in papr_get_attr()
https://notcve.org/view.php?id=CVE-2022-48669
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/pseries: corrija una posible fuga de mem en papr_get_attr() `buf` está asignado en papr_get_attr(), y krealloc() de `buf` podría fallar. Necesitamos liberar el "buf" original en ca... • https://git.kernel.org/stable/c/3c14b73454cf9f6e2146443fdfbdfb912c0efed3 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27063 – leds: trigger: netdev: Fix kernel panic on interface rename trig notify
https://notcve.org/view.php?id=CVE-2024-27063
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: trigger: netdev: Fix kernel panic on interface rename trig notify Commit d5e01266e7f5 ("leds: trigger: netdev: add additional specific link speed mode") in the various changes, reworked the way to set the LINKUP mode in commit cee4bd16c319 ("leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename") and moved it to a generic function. This changed the logic where, in the previous implementation the dev from the trigger even... • https://git.kernel.org/stable/c/d5e01266e7f5fa12400d4c8aa4e86fe89dcc61e9 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27058 – tmpfs: fix race on handling dquot rbtree
https://notcve.org/view.php?id=CVE-2024-27058
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tmpfs: fix race on handling dquot rbtree A syzkaller reproducer found a race while attempting to remove dquot information from the rb tree. Fetching the rb_tree root node must also be protected by the dqopt->dqio_sem, otherwise, giving the right timing, shmem_release_dquot() will trigger a warning because it couldn't find a node in the tree, when the real reason was the root node changing before the search starts: Thread 1 Thread 2 - shmem_... • https://git.kernel.org/stable/c/eafc474e202978ac735c551d5ee1eb8c02e2be54 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27055 – workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
https://notcve.org/view.php?id=CVE-2024-27055
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() For wq_update_node_max_active(), @off_cpu of -1 indicates that no CPU is going down. The function was incorrectly calling cpumask_test_cpu() with -1 CPU leading to oopses like the following on some archs: Unable to handle kernel paging request at virtual address ffff0002100296e0 .. pc : wq_update_node_max_active+0x50/0x1fc lr : wq_update_node_max_active+0x1f... • https://git.kernel.org/stable/c/5a70baec2294e8a7d0fcc4558741c23e752dad5c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27054 – s390/dasd: fix double module refcount decrement
https://notcve.org/view.php?id=CVE-2024-27054
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path causes refcount to artificially decrease on each error while it should just stay the same. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: corrige la disminución del doble recuento del módulo Una vez que la d... • https://git.kernel.org/stable/c/c020d722b110a44c613ef71e657e6dd4116e09d9 •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27053 – wifi: wilc1000: fix RCU usage in connect path
https://notcve.org/view.php?id=CVE-2024-27053
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted ----------------------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_dereference_check() usage! [...] stack backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1... • https://git.kernel.org/stable/c/c460495ee072fc01a9b1e8d72c179510418cafac • CWE-476: NULL Pointer Dereference •
CVSS: 7.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27052 – wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
https://notcve.org/view.php?id=CVE-2024-27052
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtl8xxxu: agregue cancel_work_sync() para c2hcmd_work Es posible que la cola de trabajo aún esté ejecutándose cuando se detiene el controlador. Para evitar un use-after-free, llam... • https://git.kernel.org/stable/c/e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 • CWE-416: Use After Free •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27051 – cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
https://notcve.org/view.php?id=CVE-2024-27051
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cpufreq: brcmstb-avs-cpufreq: agregar verificación para el valor de retorno de cpufreq_cpu_get cpufreq_cpu_get puede devolver NULL. Para evi... • https://git.kernel.org/stable/c/de322e085995b9417582d6f72229dadb5c09d163 •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27050 – libbpf: Use OPTS_SET() macro in bpf_xdp_query()
https://notcve.org/view.php?id=CVE-2024-27050
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing out of boun... • https://git.kernel.org/stable/c/13ce2daa259a3bfbc9a5aeeee8b9a87058703731 • CWE-787: Out-of-bounds Write •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27049 – wifi: mt76: mt7925e: fix use-after-free in free_irq()
https://notcve.org/view.php?id=CVE-2024-27049
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: mt76: mt7925e... • https://git.kernel.org/stable/c/c948b5da6bbec742b433138e3e3f9537a85af2e5 •