CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42224 – net: dsa: mv88e6xxx: Correct check for empty list
https://notcve.org/view.php?id=CVE-2024-42224
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_entry() is non-NULL. This appears to be intended to guard against the list chip->mdios being empty. However, it is not the correct check as the implementation of list_first_entry is not designed to return NULL for empty lists. Instead, use list_first_entry_or_null() which does return NULL if the list is empty. Flagged by Smatch. Compile tested only. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/47d28dde172696031c880c5778633cdca30394ee https://git.kernel.org/stable/c/3bf8d70e1455f87856640c3433b3660a31001618 https://git.kernel.org/stable/c/2a2fe25a103cef73cde356e6d09da10f607e93f5 https://git.kernel.org/stable/c/8c2c3cca816d074c75a2801d1ca0dea7b0148114 https://git.kernel.org/stable/c/aa03f591ef31ba603a4a99d05d25a0f21ab1cd89 https://git.kernel.org/stable/c/3f25b5f1635449036692a44b771f39f772190c1d https://git.kernel.org/stable/c/f75625db838ade28f032dacd0f0c8baca42ecde4 https://git.kernel.org/stable/c/4c7f3950a9fd53a62b156c0fe7c3a2c43 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42223 – media: dvb-frontends: tda10048: Fix integer overflow
https://notcve.org/view.php?id=CVE-2024-42223
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. • https://git.kernel.org/stable/c/8167e4d7dc086d4f7ca7897dcff3827e4d22c99a https://git.kernel.org/stable/c/5c72587d024f087aecec0221eaff2fe850d856ce https://git.kernel.org/stable/c/e1ba22618758e95e09c9fd30c69ccce38edf94c0 https://git.kernel.org/stable/c/bd5620439959a7e02012588c724c6ff5143b80af https://git.kernel.org/stable/c/1663e2474e4d777187d749a5c90ae83232db32bd https://git.kernel.org/stable/c/8ac224e9371dc3c4eb666033e6b42d05cf5184a1 https://git.kernel.org/stable/c/1121d8a5c6ed6b8fad492e43b63b386cb6a3a9d8 https://git.kernel.org/stable/c/1aa1329a67cc214c3b7bd2a14d1301a79 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-42162 – gve: Account for stopped queues when reading NIC stats
https://notcve.org/view.php?id=CVE-2024-42162
In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid access on the priv->stats_report->stats array. • https://git.kernel.org/stable/c/32675d828c8a392e20d5b42375ed112c407e4b62 https://git.kernel.org/stable/c/af9bcf910b1f86244f39e15e701b2dc564b469a6 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42161 – bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD
https://notcve.org/view.php?id=CVE-2024-42161
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_READ_BITFIELD macro, defined in bpf_core_read.h as: [...] unsigned long long val; \ [...] \ switch (__CORE_RELO(s, field, BYTE_SIZE)) { \ case 1: val = *(const unsigned char *)p; break; \ case 2: val = *(const unsigned short *)p; break; \ case 4: val = *(const unsigned int *)p; break; \ case 8: val = *(const unsigned long long *)p; break; \ } \ [...] val; \ } \ This patch adds a default entry in the switch statement that sets `val' to zero in order to avoid the warning, and random values to be used in case __builtin_preserve_field_info returns unexpected values for BPF_FIELD_BYTE_SIZE. Tested in bpf-next master. No regressions. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/b694989bb13ed5f166e633faa1eb0f21c6d261a6 https://git.kernel.org/stable/c/3364c2ed1c241989847f19cf83e3db903ce689e3 https://git.kernel.org/stable/c/a21d76bd0b0d39518e9a4c19f6cf7c042a974aff https://git.kernel.org/stable/c/7e5471b5efebc30dd0bc035cda86693a5c73d45f https://git.kernel.org/stable/c/ff941a8449e712eaf7efca1a13bfb9afd3d99fc2 https://git.kernel.org/stable/c/009367099eb61a4fc2af44d4eb06b6b4de7de6db •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42160 – f2fs: check validation of fault attrs in f2fs_build_fault_attr()
https://notcve.org/view.php?id=CVE-2024-42160
In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code. Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/bc84dd2c33e0c10fd90d60f0cfc0bfb504d4692d https://git.kernel.org/stable/c/44958ca9e400f57bd0478115519ffc350fcee61e https://git.kernel.org/stable/c/ecb641f424d6d1f055d149a15b892edcc92c504b https://git.kernel.org/stable/c/4ed886b187f47447ad559619c48c086f432d2b77 •