CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26860 – dm-integrity: fix a memory leak when rechecking the data
https://notcve.org/view.php?id=CVE-2024-26860
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dm-integrity: fix a memory leak when rechecking the data Memory for the "checksums" pointer will leak if the data is rechecked after checksum failure (because the associated kfree won't happen due to 'goto skip_io'). Fix this by freeing the checksums memory before recheck, and just use the "checksum_onstack" memory for storing checksum during recheck. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm-integrity: soluciona... • https://git.kernel.org/stable/c/906414f4596469004632de29126c55751ed82c5e •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26859 – net/bnx2x: Prevent access to a freed page in page_pool
https://notcve.org/view.php?id=CVE-2024-26859
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when handling reset tasks. The bnx2x_tx_timeout() schedules reset tasks via bnx2x_sp_rtnl_task(), which ultimately leads to bnx2x_nic_unload(). In bnx2x_nic_unload() SGEs are freed using bnx2x_free_rx_sge_range(). However,... • https://git.kernel.org/stable/c/4cace675d687ebd2d813e90af80ff87ee85202f9 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52644 – wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
https://notcve.org/view.php?id=CVE-2023-52644
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabled to prevent trying to stop/wake a non-existent queue and failing to stop/wake the actual queue instantiated. Log of issue before change (with kernel parameter qos=0): [ +5.112651] ------------[ cut here ]---------... • https://git.kernel.org/stable/c/e6f5b934fba8c44c87c551e066aa7ca6fde2939e •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26858 – net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map
https://notcve.org/view.php?id=CVE-2024-26858
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map Just simply reordering the functions mlx5e_ptp_metadata_map_put and mlx5e_ptpsq_track_metadata in the mlx5e_txwqe_complete context is not good enough since both the compiler and CPU are free to reorder these two functions. If reordering does occur, the issue that was supposedly fixed by 7e3f3ba97e6c ("net/mlx5e: Track xmit sub... • https://git.kernel.org/stable/c/4d510506b46504664eacf8a44a9e8f3e54c137b8 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26857 – geneve: make sure to pull inner header in geneve_rx()
https://notcve.org/view.php?id=CVE-2024-26857
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneve_rx() syzbot triggered a bug in geneve_rx() [1] Issue is similar to the one I fixed in commit 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") We have to save skb->network_header in a temporary variable in order to be able to recompute the network_header pointer after a pskb_inet_may_pull() call. pskb_inet_may_pull() makes sure the needed headers are in skb->head.... • https://git.kernel.org/stable/c/2d07dc79fe04a43d82a346ced6bbf07bdb523f1b • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26856 – net: sparx5: Fix use after free inside sparx5_del_mact_entry
https://notcve.org/view.php?id=CVE-2024-26856
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5_del_mact_entry Based on the static analyzis of the code it looks like when an entry from the MAC table was removed, the entry was still used after being freed. More precise the vid of the mac_entry was used after calling devm_kfree on the mac_entry. The fix consists in first using the vid of the mac_entry to delete the entry from the HW and after that to free it. En el kernel de Linux, se ha res... • https://git.kernel.org/stable/c/b37a1bae742f92cc9b1f777d54e04ee3d86bbfc2 •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26855 – net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
https://notcve.org/view.php?id=CVE-2024-26855
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a check to ensure that br_spec is not NULL before proceeding with the nested attribute iteration. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net... • https://git.kernel.org/stable/c/b1edc14a3fbfe0154a2aecb8bb9775c3012cb6e2 • CWE-690: Unchecked Return Value to NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26853 – igc: avoid returning frame twice in XDP_REDIRECT
https://notcve.org/view.php?id=CVE-2024-26853
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: igc: avoid returning frame twice in XDP_REDIRECT When a frame can not be transmitted in XDP_REDIRECT (e.g. due to a full queue), it is necessary to free it by calling xdp_return_frame_rx_napi. However, this is the responsibility of the caller of the ndo_xdp_xmit (see for example bq_xmit_all in kernel/bpf/devmap.c) and thus calling it inside igc_xdp_xmit (which is the ndo_xdp_xmit of the igc driver) as well will lead to memory corruption. In... • https://git.kernel.org/stable/c/4ff3203610928cac82d5627ce803559e78d61b91 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26852 – net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
https://notcve.org/view.php?id=CVE-2024-26852
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") was not able to fix the root cause. We need to defer the fib6_info_release() calls after ip6_route_mpath_notify(), in the cleanup phase. [1] BUG: KASAN: slab-use-after-free in rt6_fill_node+0x1460/0x1ac0 Read of size 4 at addr ffff88809... • https://git.kernel.org/stable/c/3b1137fe74829e021f483756a648cbb87c8a1b4a • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26851 – netfilter: nf_conntrack_h323: Add protection for bmp length out of range
https://notcve.org/view.php?id=CVE-2024-26851
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(b=75) + 712