CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38581 – drm/amdgpu/mes: fix use-after-free issue
https://notcve.org/view.php?id=CVE-2024-38581
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu/mes: soluciona el problema de use-after-free. Elimina el temporizador de reserva de valla para solucionar el problema de use-after-free. v2: pasar a amdgpu_mes.c A flaw was found in the Linux kernel. This issue is due to a possible use... • https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38580 – epoll: be better about file lifetimes
https://notcve.org/view.php?id=CVE-2024-38580
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless. Make sure we have a vali... • https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e •
CVSS: 5.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38579 – crypto: bcm - Fix pointer arithmetic
https://notcve.org/view.php?id=CVE-2024-38579
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key_len to hash_iv_len. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: bcm - Arreglar la aritmética de punteros En spu2_dump_omd() el valor de ... • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38578 – ecryptfs: Fix buffer size for tag 66 packet
https://notcve.org/view.php?id=CVE-2024-38578
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer. This fixes the below ka... • https://git.kernel.org/stable/c/dddfa461fc8951f9b5f951c13565b6cac678635a •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38577 – rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
https://notcve.org/view.php?id=CVE-2024-38577
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la ... • https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38576 – rcu: Fix buffer overflow in print_cpu_stall_info()
https://notcve.org/view.php?id=CVE-2024-38576
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed in... • https://git.kernel.org/stable/c/245a62982502255314b63dd2c4daaedd1cd595a6 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38575 – wifi: brcmfmac: pcie: handle randbuf allocation failure
https://notcve.org/view.php?id=CVE-2024-38575
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the randbuf, the null pointer dereference bug will happen. In order to prevent allocation failure, this patch adds a separate function using buffer on kernel stack to generate random bytes in the randbuf, which could ... • https://git.kernel.org/stable/c/c35105f375b530bc27e03ea9250b1c26dd4cae86 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38574 – libbpf: Prevent null-pointer dereference when prog to load has no BTF
https://notcve.org/view.php?id=CVE-2024-38574
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpf_objec_load_prog(), there's no guarantee that obj->btf is non-NULL when passing it to btf__fd(), and this function does not perform any check before dereferencing its argument (as bpf_object__btf_fd() used to do). As a consequence, we get segmentation fault errors in bpftool (for example) when trying to load programs that come without BTF information. v2: Keep btf__... • https://git.kernel.org/stable/c/df7c3f7d3a3ddab31ca8cfa9b86a8729ec43fd2e •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38573 – cppc_cpufreq: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38573
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cppc_cpufreq: se corrige la... • https://git.kernel.org/stable/c/a28b2bfc099c6b9caa6ef697660408e076a32019 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38572 – wifi: ath12k: fix out-of-bound access of qmi_invoke_handler()
https://notcve.org/view.php?id=CVE-2024-38572
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence facing below KASAN warning, ================================================================== BUG: KASAN: global-out-of-bounds in qmi_invoke_handler+0xa4/0x148 Read of size 8 at addr ffffffd00a6428d8 by task kworker/u8:2/1273 CPU: 0 PID: 1273 Comm: kworker/u8:2 Not tainted 5.4.213 #0 Workqueue: qmi_msg_han... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •