CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38546 – drm: vc4: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38546
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: vc4: corrige posible desreferencia del puntero nulo En vc4_hdmi_audio_init() of_get_address() puede devolver NULL, que luego se desrefer... • https://git.kernel.org/stable/c/bb7d78568814a31a11fa14f1479a9fe51f1582ad •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38545 – RDMA/hns: Fix UAF for cq async event
https://notcve.org/view.php?id=CVE-2024-38545
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_lock() to protect the CQ refcount. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/hns: corrige UAF para el evento cq async El recuento de CQ no está protegido por bloqueos. Cuando los eventos asincrónicos de CQ y la ... • https://git.kernel.org/stable/c/9a4435375cd151e07c0c38fa601b00115986091b •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38544 – RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt
https://notcve.org/view.php?id=CVE-2024-38544
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a s... • https://git.kernel.org/stable/c/0b1e5b99a48b5b810e3e38f1d6e0d39306b99ec0 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38543 – lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure
https://notcve.org/view.php?id=CVE-2024-38543
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null pointer dereference bug will happen. Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in kcalloc(). • https://git.kernel.org/stable/c/b2ef9f5a5cb37643ca5def3516c546457074b882 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38542 – RDMA/mana_ib: boundary check before installing cq callbacks
https://notcve.org/view.php?id=CVE-2024-38542
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: RDMA/mana_ib: verificación de los límites antes de instalar devoluciones de llamadas de cq Agregue una verificación de los límites dentro de mana_ib_install_cq_cb para evitar el desbordamiento del índice. • https://git.kernel.org/stable/c/cf9cc859d6ff37ce52c09dfbb169b9ee25595a3f •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38541 – of: module: add buffer overflow check in of_modalias()
https://notcve.org/view.php?id=CVE-2024-38541
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). En el kernel de Linux, se ha resuelt... • https://git.kernel.org/stable/c/bc575064d688c8933a6ca51429bea9bc63628d3b • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38540 – bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
https://notcve.org/view.php?id=CVE-2024-38540
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq Undefined behavior is triggered when bnxt_qplib_alloc_init_hwq is called with hwq_attr->aux_depth != 0 and hwq_attr->aux_stride == 0. In that case, "roundup_pow_of_two(hwq_attr->aux_stride)" gets called. roundup_pow_of_two is documented as undefined for 0. Fix it in the one caller that had this combination. The undefined behavior was detected by UBSAN: UBSAN: shift-out-of-... • https://git.kernel.org/stable/c/0c4dcd602817502bb3dced7a834a13ef717d65a4 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38539 – RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw
https://notcve.org/view.php?id=CVE-2024-38539
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw When running blktests nvme/rdma, the following kmemleak issue will appear. kmemleak: Kernel memory leak detector initialized (mempool available:36041) kmemleak: Automatic memory scanning thread started kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 8 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 17 new su... • https://git.kernel.org/stable/c/f8ef1be816bf9a0c406c696368c2264a9597a994 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38538 – net: bridge: xmit: make sure we have at least eth header len bytes
https://notcve.org/view.php?id=CVE-2024-38538
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull that amount instead of assuming. Tested with dropwatch: drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3) origin: software timestamp: Mon May 13 11:31:53 2024 778214037 nsec protocol: 0x88a8 length: 2 ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36979 – net: bridge: mst: fix vlan use-after-free
https://notcve.org/view.php?id=CVE-2024-36979
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: bridge: mst: fix vlan use-after-free syzbot reported a suspicious rcu usage[1] in bridge's mst code. While fixing it I noticed that nothing prevents a vlan to be freed while walking the list from the same path (br forward delay timer). Fix the rcu usage and also make sure we are not accessing freed memory by making br_mst_vlan_set_state use rcu read lock. [1] WARNING: suspicious RCU usage 6.9.0-rc6-syzkaller #0 Not tainted ------------... • https://git.kernel.org/stable/c/ec7328b59176227216c461601c6bd0e922232a9b • CWE-416: Use After Free •