CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47580 – scsi: scsi_debug: Fix type in min_t to avoid stack OOB
https://notcve.org/view.php?id=CVE-2021-47580
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger value gets used causing stack out of bounds. BUG: KASAN: stack-out-of-bounds in memcpy include/linux/fortify-string.h:191 [inline] BUG: KASAN: stack-out-of-bounds in sg_copy_buffer+0x1de/0x240 lib/scatterlist.c:976 Read of size 127 at a... • https://git.kernel.org/stable/c/bdb854f134b964528fa543e0351022eb45bd7346 • CWE-125: Out-of-bounds Read •
CVSS: 4.1EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47579 – ovl: fix warning in ovl_create_real()
https://notcve.org/view.php?id=CVE-2021-47579
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: fix warning in ovl_create_real() Syzbot triggered the following warning in ovl_workdir_create() -> ovl_create_real(): if (!err && WARN_ON(!newdentry->d_inode)) { The reason is that the cgroup2 filesystem returns from mkdir without instantiating the new dentry. Weird filesystems such as this will be rejected by overlayfs at a later stage during setup, but to prevent such a warning, call ovl_mkdir_real() directly from ovl_workdir_create(... • https://git.kernel.org/stable/c/445d2dc63e5871d218f21b8f62ab29ac72f2e6b8 • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47578 – scsi: scsi_debug: Don't call kcalloc() if size arg is zero
https://notcve.org/view.php?id=CVE-2021-47578
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of that, for a following NULL pointer check to work on the returned pointer, kcalloc() must not be called with the size arg equal to zero. Return early without error before the kcalloc() call if size arg is zero. BUG: KASAN: null-ptr-deref in memcpy include/linux/fortify-string.h:191 [inline] BUG: KASAN: null-pt... • https://git.kernel.org/stable/c/aa1f912712a109b6306746133de7e5343f016b26 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47577 – io-wq: check for wq exit after adding new worker task_work
https://notcve.org/view.php?id=CVE-2021-47577
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: io-wq: check for wq exit after adding new worker task_work We check IO_WQ_BIT_EXIT before attempting to create a new worker, and wq exit cancels pending work if we have any. But it's possible to have a race between the two, where creation checks exit finding it not set, but we're in the process of exiting. The exit side will cancel pending creation task_work, but there's a gap where we add task_work after we've canceled existing creations a... • https://git.kernel.org/stable/c/4b4e5bbf9386d4ec21d91c0cb0fd60b9bba778ec •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-47576 – scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select()
https://notcve.org/view.php?id=CVE-2021-47576
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 drivers/scsi/scsi_debug.c:2509 Read of size 1 at addr ffff888026670f50 by task scsicmd/15032 CPU: 1 PID: 15032 Comm: scsicmd Not tainted 5.15.0-01d0625 #15 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Call Trace:
CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38618 – ALSA: timer: Set lower bound of start tick time
https://notcve.org/view.php?id=CVE-2024-38618
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to an unexpected RCU stall, where the callback repeatedly queuing the expire update, as reported by fuzzer. This patch introduces a sanity check of the timer start tick time, so that the system returns an error when a ... • https://git.kernel.org/stable/c/68396c825c43664b20a3a1ba546844deb2b4e48f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38617 – kunit/fortify: Fix mismatched kvalloc()/vfree() usage
https://notcve.org/view.php?id=CVE-2024-38617
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: kunit/fortify: Fix mismatched kvalloc()/vfree() usage The kv*() family of tests were accidentally freeing with vfree() instead of kvfree(). Use kvfree() instead. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kunit/fortify: corrige el uso no coincidente de kvalloc()/vfree() La familia de pruebas kv*() se liberaba accidentalmente con vfree() en lugar de kvfree(). Utilice kvfree() en su lugar. In the Linux kernel, the foll... • https://git.kernel.org/stable/c/9124a26401483bf2b13a99cb4317dce3f677060f •
CVSS: 8.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38616 – wifi: carl9170: re-fix fortified-memset warning
https://notcve.org/view.php?id=CVE-2024-38616
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: re-fix fortified-memset warning The carl9170_tx_release() function sometimes triggers a fortified-memset warning in my randconfig builds: In file included from include/linux/string.h:254, from drivers/net/wireless/ath/carl9170/tx.c:40: In function 'fortify_memset_chk', inlined from 'carl9170_tx_release' at drivers/net/wireless/ath/carl9170/tx.c:283:2, inlined from 'kref_put' at include/linux/kref.h:65:3, inlined from 'carl91... • https://git.kernel.org/stable/c/fb5f6a0e8063b7a84d6d44ef353846ccd7708d2e • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38615 – cpufreq: exit() callback is optional
https://notcve.org/view.php?id=CVE-2024-38615
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't present. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpufreq: la devolución de llamada exit() es opcional La devolución de llamada exit() es opcional y no debe llamarse sin verificar primero un puntero válido. Ademá... • https://git.kernel.org/stable/c/91a12e91dc39137906d929a4ff6f9c32c59697fa • CWE-459: Incomplete Cleanup •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38614 – openrisc: traps: Don't send signals to kernel mode threads
https://notcve.org/view.php?id=CVE-2024-38614
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: openrisc: traps: Don't send signals to kernel mode threads OpenRISC exception handling sends signals to user processes on floating point exceptions and trap instructions (for debugging) among others. There is a bug where the trap handling logic may send signals to kernel threads, we should not send these signals to kernel threads, if that happens we treat it as an error. This patch adds conditions to die if the kernel receives these excepti... • https://git.kernel.org/stable/c/27267655c5313ba0f5a3caa9ad35d887d9a12574 •