CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26712 – powerpc/kasan: Fix addr error caused by page alignment
https://notcve.org/view.php?id=CVE-2024-26712
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then `va = block + k_cur - k_start` is less than block, the addr va is invalid, because the memory address space from va to block is not alloced by memblock_alloc, which will not be reserved by memblock_reserve later, it will be used by other places. As... • https://git.kernel.org/stable/c/663c0c9496a69f80011205ba3194049bcafd681d • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26707 – net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
https://notcve.org/view.php?id=CVE-2024-26707
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will not help much in this case, it might be prudent to switch to netdev_warn_once(). At the very least it will suppress syzkaller reports such as [1]. Just in case, use netdev_warn_once() in send_prp_supervision_frame() for similar reasons. [1] HSR: Cou... • https://git.kernel.org/stable/c/121c33b07b3127f501b366bc23d2a590e2f2b8ef •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26706 – parisc: Fix random data corruption from exception handler
https://notcve.org/view.php?id=CVE-2024-26706
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash ... • https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26704 – ext4: fix double-free of blocks due to wrong extents moved_len
https://notcve.org/view.php?id=CVE-2024-26704
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len is not zero. When the loop fails to exit after successfully moving some extents, moved_len is not updated and remains at 0, so it does not discard the preallocations. If the moved extents overlap with the prealloca... • https://git.kernel.org/stable/c/fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26702 – iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
https://notcve.org/view.php?id=CVE-2024-26702
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iio: magnetómetro: rm3100: agregue verificación de los límites para el valo... • https://git.kernel.org/stable/c/121354b2eceb2669ebdffa76b105ad6c03413966 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26700 – drm/amd/display: Fix MST Null Ptr for RV
https://notcve.org/view.php?id=CVE-2024-26700
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_disp... • https://git.kernel.org/stable/c/01d992088dce3945f70f49f34b0b911c5213c238 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26698 – hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
https://notcve.org/view.php?id=CVE-2024-26698
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, including all subchannels without confirming if they are enabled or not. This caused hv_netvsc getting hung at napi_disable, when netvsc_probe() has finished running but nvdev->subchan_work has not started yet. netvsc_subchan_work() -> rndi... • https://git.kernel.org/stable/c/ac5047671758ad4be9f93898247b3a8b6dfde4c7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26697 – nilfs2: fix data corruption in dsync block recovery for small block sizes
https://notcve.org/view.php?id=CVE-2024-26697
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the on-page offset when copying repair data to the file's page cache. In environments where the block size is smaller than the page size, this flaw can cause data co... • https://git.kernel.org/stable/c/5278c3eb6bf5896417572b52adb6be9d26e92f65 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26696 – nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
https://notcve.org/view.php?id=CVE-2024-26696
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complete, the log writer thread that should bring the writeback to completion picks up the folio being written back in nilfs_lookup_dirty_data_buffers() that it calls for ... • https://git.kernel.org/stable/c/1d1d1a767206fbe5d4c69493b7e6d2a8d08cc0a0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26695 – crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
https://notcve.org/view.php?id=CVE-2024-26695
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: [ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002) [ 137.162647] ccp 0000:23:00.1: no command queues available [ 137.170598] ccp 0000:23:00.1: sev enabled [ 137.174645] ccp 0000:23:00.1: psp enabled [ 137.178890] general protection fa... • https://git.kernel.org/stable/c/87af9b0b45666ca3dd6b10c0ece691c740b0f750 •