CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38565 – wifi: ar5523: enable proper endpoint verification
https://notcve.org/view.php?id=CVE-2024-38565
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their according types intact. Sadly, this patch has not been tested on real hardware. [1] Syzkaller report: ------------[ cut here ]------------ usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 3643 at ... • https://git.kernel.org/stable/c/b7d572e1871df06a96a1c9591c71c5494ff6b624 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38564 – bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE
https://notcve.org/view.php?id=CVE-2024-38564
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE bpf_prog_attach uses attach_type_to_prog_type to enforce proper attach type for BPF_PROG_TYPE_CGROUP_SKB. link_create uses bpf_prog_get and relies on bpf_prog_attach_check_attach_type to properly verify prog_type <> attach_type association. Add missing attach_type enforcement for the link_create case. Otherwise, it's currently possible to attach cgroup_skb prog ... • https://git.kernel.org/stable/c/4a1e7c0c63e02daad751842b7880f9bbcdfb6e89 • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38563 – wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature
https://notcve.org/view.php?id=CVE-2024-38563
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: mt76: mt7996: corrige una posible pérdida de memoria al leer la temperatura del chip Sin esta confirmación, la lectura de la temperatura del chip provocará una pérdida de memoria. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/6879b2e94172ed80394dd49d410814ad427d1ca0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38562 – wifi: nl80211: Avoid address calculations via out of bounds array indexing
https://notcve.org/view.php?id=CVE-2024-38562
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning. En el kernel de Linux, se ha resuelto la s... • https://git.kernel.org/stable/c/e3eac9f32ec04112b39e01b574ac739382469bf9 • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38561 – kunit: Fix kthread reference
https://notcve.org/view.php?id=CVE-2024-38561
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: kunit: Fix kthread reference There is a race condition when a kthread finishes after the deadline and before the call to kthread_stop(), which may lead to use after free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kunit: Fix kthread reference Hay una condición de ejecución cuando un kthread finaliza después de la fecha límite y antes de la llamada a kthread_stop(), lo que puede llevar a su use-after-free. In the Li... • https://git.kernel.org/stable/c/adf505457032c11b79b5a7c277c62ff5d61b17c2 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38560 – scsi: bfa: Ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-38560
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: bfa: ase... • https://git.kernel.org/stable/c/9f30b674759b9a2da25aefe25d885161d8a911cb •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38559 – scsi: qedf: Ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-38559
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using kstrtouint. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: q... • https://git.kernel.org/stable/c/61d8658b4a435eac729966cc94cdda077a8df5cd • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38558 – net: openvswitch: fix overwriting ct original tuple for ICMPv6
https://notcve.org/view.php?id=CVE-2024-38558
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary packet content. - OVS_PACKET_ATTR_ACTIONS - Actions to execute on the packet. OVS_PACKET_ATTR_KEY is parsed first to populate sw_flow_key structure with the metadata like conntrack state, input port, recirculation id, etc. Then the p... • https://git.kernel.org/stable/c/9dd7f8907c3705dc7a7a375d1c6e30b06e6daffc • CWE-665: Improper Initialization •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38557 – net/mlx5: Reload only IB representors upon lag disable/enable
https://notcve.org/view.php?id=CVE-2024-38557
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor load fails, the eswitch error flow unloads all representors, including ethernet representors, where the netdevs get detached and removed from lag bond. Such flow is inaccurate as the lag driver is not responsible ... • https://git.kernel.org/stable/c/598fe77df855feeeca9dfda2ffe622ac7724e5c3 •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38556 – net/mlx5: Add a timeout to acquire the command queue semaphore
https://notcve.org/view.php?id=CVE-2024-38556
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Add a timeout to acquire the command queue semaphore Prevent forced completion handling on an entry that has not yet been assigned an index, causing an out of bounds access on idx = -22. Instead of waiting indefinitely for the sem, blocking flow now waits for index to be allocated or a sem acquisition timeout before beginning the timer for FW completion. Kernel log example: mlx5_core 0000:06:00.0: wait_func_handle_exec_timeout:... • https://git.kernel.org/stable/c/8e715cd613a1e872b9d918e912d90b399785761a • CWE-125: Out-of-bounds Read •