CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26894 – ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
https://notcve.org/view.php?id=CVE-2024-26894
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex dump (first 32 bytes): 00 00 00 00 0b 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 .............. • https://git.kernel.org/stable/c/3d339dcbb56d8d70c1b959aff87d74adc3a84eea • CWE-401: Missing Release of Memory after Effective Lifetime CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26893 – firmware: arm_scmi: Fix double free in SMC transport cleanup path
https://notcve.org/view.php?id=CVE-2024-26893
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix double free in SMC transport cleanup path When the generic SCMI code tears down a channel, it calls the chan_free callback function, defined by each transport. Since multiple protocols might share the same transport_info member, chan_free() might want to clean up the same member multiple times within the given SCMI transport implementation. In this case, it is SMC transport. This will lead to a NULL pointer derefer... • https://git.kernel.org/stable/c/1dc6558062dadfabd2fb3bd885fa6e92ec7196f2 •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26892 – wifi: mt76: mt7921e: fix use-after-free in free_irq()
https://notcve.org/view.php?id=CVE-2024-26892
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix use-after-free in free_irq() From commit a304e1b82808 ("[PATCH] Debug shared irqs"), there is a test to make sure the shared irq handler should be able to handle the unexpected event after deregistration. For this case, let's apply MT76_REMOVED flag to indicate the device was removed and do not run into the resource access anymore. BUG: KASAN: use-after-free in mt7921_irq_handler+0xd8/0x100 [mt7921e] Read of size... • https://git.kernel.org/stable/c/9270270d62191b7549296721e8d5f3dc0df01563 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26891 – iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
https://notcve.org/view.php?id=CVE-2024-26891
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected For those endpoint devices connect to system via hotplug capable ports, users could request a hot reset to the device by flapping device's link through setting the slot's link control register, as pciehp_ist() DLLSC interrupt sequence response, pciehp will unload the device driver and then power it off. thus cause an IOMMU device-TLB invalidation (Intel VT-d spec... • https://git.kernel.org/stable/c/6f7db75e1c469057fe7588ed959328ead771ccc7 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26890 – Bluetooth: btrtl: fix out of bounds memory access
https://notcve.org/view.php?id=CVE-2024-26890
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: fix out of bounds memory access The problem is detected by KASAN. btrtl driver uses private hci data to store 'struct btrealtek_data'. If btrtl driver is used with btusb, then memory for private hci data is allocated in btusb. But no private data is allocated after hci_dev, when btrtl is used with hci_h5. This commit adds memory allocation for hci_h5 case. ==============================================================... • https://git.kernel.org/stable/c/5b355944b19011011dd3fd4187444c5ff1d76ad2 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-26889 – Bluetooth: hci_core: Fix possible buffer overflow
https://notcve.org/view.php?id=CVE-2024-26889
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_core: soluciona un posible desbordamiento del búfer struct hci_dev_info tiene un campo de nombre de tamaño fi... • https://git.kernel.org/stable/c/194ab82c1ea187512ff2f822124bd05b63fc9f76 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26888 – Bluetooth: msft: Fix memory leak
https://notcve.org/view.php?id=CVE-2024-26888
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: Fix memory leak Fix leaking buffer allocated to send MSFT_OP_LE_MONITOR_ADVERTISEMENT. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: msft: Reparar pérdida de memoria Reparar pérdida de búfer asignado para enviar MSFT_OP_LE_MONITOR_ADVERTISEMENT. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: Fix memory leak Fix leaking buffer allocated to send MSFT_OP_L... • https://git.kernel.org/stable/c/9e14606d8f38ea52a38c27692a9c1513c987a5da •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26887 – Bluetooth: btusb: Fix memory leak
https://notcve.org/view.php?id=CVE-2024-26887
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Fix memory leak This checks if CONFIG_DEV_COREDUMP is enabled before attempting to clone the skb and also make sure btmtk_process_coredump frees the skb passed following the same logic. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: btusb: corrige la pérdida de memoria. Esto verifica si CONFIG_DEV_COREDUMP está habilitado antes de intentar clonar el skb y también se asegura de que btmtk_proces... • https://git.kernel.org/stable/c/0b70151328781a89c89e4cf3fae21fc0e98d869e •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26886 – Bluetooth: af_bluetooth: Fix deadlock
https://notcve.org/view.php?id=CVE-2024-26886
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: af_bluetooth: Fix deadlock Attemting to do sock_lock on .recvmsg may cause a deadlock as shown bellow, so instead of using sock_sock this uses sk_receive_queue.lock on bt_sock_ioctl to avoid the UAF: INFO: task kworker/u9:1:121 blocked for more than 30 seconds. Not tainted 6.7.6-lemon #183 Workqueue: hci0 hci_rx_work Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26885 – bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
https://notcve.org/view.php?id=CVE-2024-26885
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix DEVMAP_HASH overflow check on 32-bit arches The devmap code allocates a number hash buckets equal to the next power of two of the max_entries value provided when creating the map. When rounding up to the next power of two, the 32-bit variable storing the number of buckets can overflow, and the code checks for overflow by checking if the truncated 32-bit value is equal to 0. However, on 32-bit arches the rounding up itself can ove... • https://git.kernel.org/stable/c/6f9d451ab1a33728adb72d7ff66a7b374d665176 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •