CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47221 – mm/slub: actually fix freelist pointer vs redzoning
https://notcve.org/view.php?id=CVE-2021-47221
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: actually fix freelist pointer vs redzoning It turns out that SLUB redzoning ("slub_debug=Z") checks from s->object_size rather than from s->inuse (which is normally bumped to make room for the freelist pointer), so a cache created with an object size less than 24 would have the freelist pointer written beyond s->object_size, causing the redzone to be corrupted by the freelist pointer. This was very visible with "slub_debug=ZF": BUG... • https://git.kernel.org/stable/c/89b83f282d8ba380cf2124f88106c57df49c538c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36009 – ax25: Fix netdev refcount issue
https://notcve.org/view.php?id=CVE-2024-36009
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tracker of ax25_cb should be deallocated in ax25_kill_by_device() instead of the dev_tracker of ax25_dev. The log reported by ref_tracker is shown below: [ 80.884935] ref_tracker: reference already released. [ 80.885150] ref_tracker: allocated in: [ 80.885349] ax25_dev_device_up+0x105/0x540 [ 80.885730] ax25_device_... • https://git.kernel.org/stable/c/feef318c855a361a1eccd880f33e88c460eb63b4 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36008 – ipv4: check for NULL idev in ip_route_use_hint()
https://notcve.org/view.php?id=CVE-2024-36008
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Comm: s... • https://git.kernel.org/stable/c/02b24941619fcce3d280311ac73b1e461552e9c8 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36007 – mlxsw: spectrum_acl_tcam: Fix warning during rehash
https://notcve.org/view.php?id=CVE-2024-36007
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. When the work runs out of credits it stores the current chunk and entry as markers in the per-work context so that it would know where to resume the mi... • https://git.kernel.org/stable/c/6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36006 – mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
https://notcve.org/view.php?id=CVE-2024-36006
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1] WA... • https://git.kernel.org/stable/c/6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36005 – netfilter: nf_tables: honor table dormant flag from netdev release event path
https://notcve.org/view.php?id=CVE-2024-36005
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999] ------------[ cut here ]------------ [524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260 [...] [524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ #36... • https://git.kernel.org/stable/c/d54725cd11a57c30f650260cfb0a92c268bdc3e0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36004 – i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
https://notcve.org/view.php?id=CVE-2024-36004
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e too.... • https://git.kernel.org/stable/c/4d5957cbdecdbb77d24c1465caadd801c07afa4a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36000 – mm/hugetlb: fix missing hugetlb_lock for resv uncharge
https://notcve.org/view.php?id=CVE-2024-36000
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel.org/all/000000000000ee06de0616177560@google.com/ 350: lockdep_assert_held(&hugetlb_lock); Should be an issue in hugetlb but triggered in an userfault context, where it goes into the unlikely path where two threads modifying the resv map together. Mike has a fix in that path for resv uncharge but it looks like the ... • https://git.kernel.org/stable/c/79aa925bf239c234be8586780e482872dc4690dd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35999 – smb3: missing lock when picking channel
https://notcve.org/view.php?id=CVE-2024-35999
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessing the ses channel index. Addresses-Coverity: 1582039 ("Data race condition (MISSING_LOCK)") En el kernel de Linux, se resolvió la siguiente vulnerabilidad: smb3: falta el bloqueo al seleccionar el canal. Coverity detectó un lugar donde deberíamos haber mantenido el bloqueo del canal al acceder al índice del canal ... • https://git.kernel.org/stable/c/98c7ed29cd754ae7475dc7cb3f33399fda902729 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35998 – smb3: fix lock ordering potential deadlock in cifs_sync_mid_result
https://notcve.org/view.php?id=CVE-2024-35998
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could deadlock "Thread deadlock (ORDER_REVERSAL) lock_order: Calling spin_lock acquires lock TCP_Server_Info.srv_lock while holding lock TCP_Server_Info.mid_lock" Addresses-Coverity: 1590401 ("Thread deadlock (ORDER_REVERSAL)") En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb3: corrige el posible i... • https://git.kernel.org/stable/c/c7a4bca289e50bb4b2650f845c41bb3e453f4c66 •