CVSS: 3.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26877 – crypto: xilinx - call finalize with bh disabled
https://notcve.org/view.php?id=CVE-2024-26877
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules linked in: cryptodev(O) CPU: 2 PID: 74 Comm: firmware:zynqmp Tainted: G O 6.8.0-rc1-yocto-standard #323 Hardware name: ZynqMP ZCU102 Rev1.0 (DT) pstate: 40000... • https://git.kernel.org/stable/c/4d96f7d48131fefe30d7c1d1e2a23ef37164dbf5 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26876 – drm/bridge: adv7511: fix crash on irq during probe
https://notcve.org/view.php?id=CVE-2024-26876
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/bridge: adv7511: fix crash on irq during probe Moved IRQ registration down to end of adv7511_probe(). If an IRQ already is pending during adv7511_probe (before adv7511_cec_init) then cec_received_msg_ts could crash using uninitialized data: Unable to handle kernel read from unreadable memory at virtual address 00000000000003d5 Internal error: Oops: 96000004 [#1] PREEMPT_RT SMP Call trace: cec_received_msg_ts+0x48/0x990 [cec] adv7511_cec... • https://git.kernel.org/stable/c/3b1b975003e4a3da4b93ab032487a3ae4afca7b5 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26875 – media: pvrusb2: fix uaf in pvr2_context_set_notify
https://notcve.org/view.php?id=CVE-2024-26875
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix uaf in pvr2_context_set_notify [Syzbot reported] BUG: KASAN: slab-use-after-free in pvr2_context_set_notify+0x2c4/0x310 drivers/media/usb/pvrusb2/pvrusb2-context.c:35 Read of size 4 at addr ffff888113aeb0d8 by task kworker/1:1/26 CPU: 1 PID: 26 Comm: kworker/1:1 Not tainted 6.8.0-rc1-syzkaller-00046-gf1a27f081c1f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Workqueue: usb_h... • https://git.kernel.org/stable/c/e5be15c63804e05b5a94197524023702a259e308 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26874 – drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
https://notcve.org/view.php?id=CVE-2024-26874
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in mtk_drm_finish_page_flip(), thus a race condition happens. Consider the following case: CPU1 CPU2 step 1: mtk_drm_crtc_atomic_begin() mtk_crtc->event is not null, ... • https://git.kernel.org/stable/c/119f5173628aa7a0c3cf9db83460d40709e8241d •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26872 – RDMA/srpt: Do not register event handler until srpt device is fully setup
https://notcve.org/view.php?id=CVE-2024-26872
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error may leave a partially setup event handler in place. Instead, only register the event handler after srpt device initialization is complete. En el kernel de Linux, ... • https://git.kernel.org/stable/c/a42d985bd5b234da8b61347a78dc3057bf7bb94d • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26871 – f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
https://notcve.org/view.php?id=CVE-2024-26871
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix NULL pointer dereference in f2fs_submit_page_write() BUG: kernel NULL pointer dereference, address: 0000000000000014 RIP: 0010:f2fs_submit_page_write+0x6cf/0x780 [f2fs] Call Trace: <TASK> ? show_regs+0x6e/0x80 ? __die+0x29/0x70 ? page_fault_oops+0x154/0x4a0 ? prb_read_valid+0x20/0x30 ? • https://git.kernel.org/stable/c/e067dc3c6b9c419bac43c6a0be2d85f44681f863 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26870 – NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
https://notcve.org/view.php?id=CVE-2024-26870
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_label() consumes exactly all the bytes then size is 0 when calling nfs4_listxattr_nfs4_user() which then triggers the following kernel BUG: [ 99.403778] ker... • https://git.kernel.org/stable/c/012a211abd5db098094ce429de5f046368391e68 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26869 – f2fs: fix to truncate meta inode pages forcely
https://notcve.org/view.php?id=CVE-2024-26869
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate meta inode pages forcely Below race case can cause data corruption: Thread A GC thread - gc_data_segment - ra_data_block - locked meta_inode page - f2fs_inplace_write_data - invalidate_mapping_pages : fail to invalidate meta_inode page due to lock failure or dirty|writeback status - f2fs_submit_page_bio : write last dirty data to old blkaddr - move_data_block - load old data from meta_inode page - f2fs_submit_page_writ... • https://git.kernel.org/stable/c/6aa58d8ad20a3323f42274c25820a6f54192422d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26868 – nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
https://notcve.org/view.php?id=CVE-2024-26868
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: fix panic when nfs4_ff_layout_prepare_ds() fails We've been seeing the following panic in production BUG: kernel NULL pointer dereference, address: 0000000000000065 PGD 2f485f067 P4D 2f485f067 PUD 2cc5d8067 PMD 0 RIP: 0010:ff_layout_cancel_io+0x3a/0x90 [nfs_layout_flexfiles] Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x286/0x380 ? __rpc_execute+0x2c3/0x470 [sunrpc] ? rpc_new_task+0x42/0x1c0 [sunrpc] ? • https://git.kernel.org/stable/c/b739a5bd9d9f18cc69dced8db128ef7206e000cd • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26866 – spi: lpspi: Avoid potential use-after-free in probe()
https://notcve.org/view.php?id=CVE-2024-26866
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: lpspi: Avoid potential use-after-free in probe() fsl_lpspi_probe() is allocating/disposing memory manually with spi_alloc_host()/spi_alloc_target(), but uses devm_spi_register_controller(). In case of error after the latter call the memory will be explicitly freed in the probe function by spi_controller_put() call, but used afterwards by "devm" management outside probe() (spi_unregister_controller() <- devm_spi_unregister() below). Una... • https://git.kernel.org/stable/c/5314987de5e5f5e38436ef4a69328bc472bbd63e •