CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41054 – scsi: ufs: core: Fix ufshcd_clear_cmd racing issue
https://notcve.org/view.php?id=CVE-2024-41054
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcd_clear_cmd racing issue When ufshcd_clear_cmd is racing with the completion ISR, the completed tag of the request's mq_hctx pointer will be set to NULL by the ISR. • https://git.kernel.org/stable/c/8d7290348992f27242dd6a696fa2eede709f0b14 https://git.kernel.org/stable/c/bed0896008334eeee4b4bfd7150491ca098cbf72 https://git.kernel.org/stable/c/11d81233f4ebe6907b12c79ad7d8787aa4db0633 https://git.kernel.org/stable/c/9307a998cb9846a2557fdca286997430bee36a2a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41053 – scsi: ufs: core: Fix ufshcd_abort_one racing issue
https://notcve.org/view.php?id=CVE-2024-41053
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcd_abort_one racing issue When ufshcd_abort_one is racing with the completion ISR, the completed tag of the request's mq_hctx pointer will be set to NULL by ISR. • https://git.kernel.org/stable/c/ff7699d3620763b0dfe2ff93df4528880bf903a8 https://git.kernel.org/stable/c/93e6c0e19d5bb12b49534a411c85e21d333731fa https://git.kernel.org/stable/c/c3111b3cf3889bfa7b73ebff83d7397db9b7e5e0 https://git.kernel.org/stable/c/b5a6ac887256762758bfe7f2918cb0233aa544f4 https://git.kernel.org/stable/c/74736103fb4123c71bf11fb7a6abe7c884c5269e •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41052 – vfio/pci: Init the count variable in collecting hot-reset devices
https://notcve.org/view.php?id=CVE-2024-41052
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakes in the device counting and crashes the userspace if the get hot reset info path is triggered. • https://git.kernel.org/stable/c/618fbf4c910a06a3aa6a8b88a5fb1f2197f964f3 https://git.kernel.org/stable/c/9313244c26f3792daa86f3a18cc3bd5ad60310e0 https://git.kernel.org/stable/c/f476dffc52ea70745dcabf63288e770e50ac9ab3 https://git.kernel.org/stable/c/f44136b9652291ac1fc39ca67c053ac624d0d11b https://git.kernel.org/stable/c/5a88a3f67e37e39f933b38ebb4985ba5822e9eca •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41051 – cachefiles: wait for ondemand_object_worker to finish when dropping object
https://notcve.org/view.php?id=CVE-2024-41051
In the Linux kernel, the following vulnerability has been resolved: cachefiles: wait for ondemand_object_worker to finish when dropping object When queuing ondemand_object_worker() to re-open the object, cachefiles_object is not pinned. • https://git.kernel.org/stable/c/f17443d52d805c9a7fab5e67a4e8b973626fe1cd https://git.kernel.org/stable/c/f740fd943bb1fbf79b7eaba3c71eb7536f437f51 https://git.kernel.org/stable/c/0a7e54c1959c0feb2de23397ec09c7692364313e https://git.kernel.org/stable/c/ec9289369259d982e735a71437e32e6b4035290c https://git.kernel.org/stable/c/d3179bae72b1b5e555ba839d6d9f40a350a4d78a https://git.kernel.org/stable/c/b26525b2183632f16a3a4108fe6a4bfa8afac6ed https://git.kernel.org/stable/c/12e009d60852f7bce0afc373ca0b320f14150418 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41050 – cachefiles: cyclic allocation of msg_id to avoid reuse
https://notcve.org/view.php?id=CVE-2024-41050
In the Linux kernel, the following vulnerability has been resolved: cachefiles: cyclic allocation of msg_id to avoid reuse Reusing the msg_id after a maliciously completed reopen request may cause a read request to remain unprocessed and result in a hung, as shown below: t1 | t2 | t3 ------------------------------------------------- cachefiles_ondemand_select_req cachefiles_ondemand_object_is_close(A) cachefiles_ondemand_set_object_reopening(A) queue_work(fscache_object_wq, &info->work) ondemand_object_worker cachefiles_ondemand_init_object(A) cachefiles_ondemand_send_req(OPEN) // get msg_id 6 wait_for_completion(&req_A->done) cachefiles_ondemand_daemon_read // read msg_id 6 req_A cachefiles_ondemand_get_fd copy_to_user // Malicious completion msg_id 6 copen 6,-1 cachefiles_ondemand_copen complete(&req_A->done) // will not set the object to close // because ondemand_id && fd is valid. // ondemand_object_worker() is done // but the object is still reopening. // new open req_B cachefiles_ondemand_init_object(B) cachefiles_ondemand_send_req(OPEN) // reuse msg_id 6 process_open_req copen 6,A.size // The expected failed copen was executed successfully Expect copen to fail, and when it does, it closes fd, which sets the object to close, and then close triggers reopen again. • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 https://git.kernel.org/stable/c/35710c6c4a1c64478ec1b5e0e81d386c0844dec6 https://git.kernel.org/stable/c/de045a82e1a4e04be62718d3c2981a55150765a0 https://git.kernel.org/stable/c/9d3bf4e9aa23f0d9e99ebe7a94f232ddba54ee17 https://git.kernel.org/stable/c/19f4f399091478c95947f6bd7ad61622300c30d9 •