CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36967 – KEYS: trusted: Fix memory leak in tpm2_key_encode()
https://notcve.org/view.php?id=CVE-2024-36967
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak in tpm2_key_encode() 'scratch' is never freed. Fix this by calling kfree() in the success, and in the error case. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KEYS: confiable: corrige la pérdida de memoria en tpm2_key_encode() 'scratch' nunca se libera. Solucione este problema llamando a kfree() en caso de éxito y de error. In the Linux kernel, the following vulnerability has been resolve... • https://git.kernel.org/stable/c/f2219745250f388edacabe6cca73654131c67d0a • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36966 – erofs: reliably distinguish block based and fscache mode
https://notcve.org/view.php?id=CVE-2024-36966
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: reliably distinguish block based and fscache mode When erofs_kill_sb() is called in block dev based mode, s_bdev may not have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled, it will be mistaken for fscache mode, and then attempt to free an anon_dev that has never been allocated, triggering the following warning: ============================================ ida_free called for id=0 which is not allocated. WARNING: CP... • https://git.kernel.org/stable/c/aca740cecbe57b12bd9c1fc632092af5ebacda0c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36965 – remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
https://notcve.org/view.php?id=CVE-2024-36965
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: remoteproc: mediatek: Make sure IPI buffer fits in L2TCM The IPI buffer location is read from the firmware that we load to the System Companion Processor, and it's not granted that both the SRAM (L2TCM) size that is defined in the devicetree node is large enough for that, and while this is especially true for multi-core SCP, it's still useful to check on single-core variants as well. Failing to perform this check may make this driver perfor... • https://git.kernel.org/stable/c/3efa0ea743b77d1611501f7d8b4f320d032d73ae •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36964 – fs/9p: only translate RWX permissions for plain 9P2000
https://notcve.org/view.php?id=CVE-2024-36964
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally on .u. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/9p: solo traduce permisos RWX para 9P2000 simple. Se permite el paso de basura en bits p... • https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36963 – tracefs: Reset permissions on remount if permissions are options
https://notcve.org/view.php?id=CVE-2024-36963
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: tracefs: Reset permissions on remount if permissions are options There's an inconsistency with the way permissions are handled in tracefs. Because the permissions are generated when accessed, they default to the root inode's permission if they were never set by the user. If the user sets the permissions, then a flag is set and the permissions are saved via the inode (for tracefs files) or an internal attribute field (for eventfs). But if a ... • https://git.kernel.org/stable/c/628adb842bd5e1c2c598534a7a022b8235289de6 •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36962 – net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs
https://notcve.org/view.php?id=CVE-2024-36962
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs Currently the driver uses local_bh_disable()/local_bh_enable() in its IRQ handler to avoid triggering net_rx_action() softirq on exit from netif_rx(). The net_rx_action() could trigger this driver .start_xmit callback, which is protected by the same lock as the IRQ handler, so calling the .start_xmit from netif_rx() from the IRQ handler critical section protected by the l... • https://git.kernel.org/stable/c/492337a4fbd1421b42df684ee9b34be2a2722540 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36961 – thermal/debugfs: Fix two locking issues with thermal zone debug
https://notcve.org/view.php?id=CVE-2024-36961
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Fix two locking issues with thermal zone debug With the current thermal zone locking arrangement in the debugfs code, user space can open the "mitigations" file for a thermal zone before the zone's debugfs pointer is set which will result in a NULL pointer dereference in tze_seq_start(). Moreover, thermal_debug_tz_remove() is not called under the thermal zone lock, so it can run in parallel with the other functions accessin... • https://git.kernel.org/stable/c/7ef01f228c9f54c6260319858be138a8a7e9e704 • CWE-667: Improper Locking •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36960 – drm/vmwgfx: Fix invalid reads in fence signaled events
https://notcve.org/view.php?id=CVE-2024-36960
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dr... • https://git.kernel.org/stable/c/8b7de6aa84682a3396544fd88cd457f95484573a • CWE-125: Out-of-bounds Read •
CVSS: 4.7EPSS: 0%CPEs: 11EXPL: 0CVE-2024-36959 – pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map()
https://notcve.org/view.php?id=CVE-2024-36959
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we call it directly. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: pinctrl: devicetree: corrige la fuga de recuento de referencia en pinctrl_dt_to_map() Si no asignamos el búfer de nombre de propiedad, ... • https://git.kernel.org/stable/c/a988dcd3dd9e691c5ccc3324b209688f3b5453e9 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36958 – NFSD: Fix nfsd4_encode_fattr4() crasher
https://notcve.org/view.php?id=CVE-2024-36958
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix nfsd4_encode_fattr4() crasher Ensure that args.acl is initialized early. It is used in an unconditional call to kfree() on the way out of nfsd4_encode_fattr4(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: NFSD: corrija el error nfsd4_encode_fattr4() Asegúrese de que args.acl se inicialice temprano. Se utiliza en una llamada incondicional a kfree() al salir de nfsd4_encode_fattr4(). In the Linux kernel, the foll... • https://git.kernel.org/stable/c/83ab8678ad0c6f27594c716cafe59c8bbd5e49ef •