CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36937 – xdp: use flags field to disambiguate broadcast redirect
https://notcve.org/view.php?id=CVE-2024-36937
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will set up the redirect destination information in struct bpf_redirect_info (using the __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect() function will read this information after the XDP program returns and pass the frame on to the right redirect destination. When using the BPF_F_BROADCAST flag to... • https://git.kernel.org/stable/c/e624d4ed4aa8cc3c69d1359b0aaea539203ed266 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36936 – efi/unaccepted: touch soft lockup during memory accept
https://notcve.org/view.php?id=CVE-2024-36936
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and not triggers softlockup on other CPUs. However the softlock up was intermittent shown up if the memory of the TD guest is large, and the timeout of softlockup is set to 1 second: RIP: 0010:_raw_spin_unlock_irq... • https://git.kernel.org/stable/c/50e782a86c980d4f8292ef82ed8139282ca07a98 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36935 – ice: ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36935
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ice: asegúrese d... • https://git.kernel.org/stable/c/96a9a9341cdaea0c3bce4c134e04a2a42ae899ac •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36934 – bna: ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36934
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using sscanf. Fix this issue by using memdup_user_nul instead of memdup_user. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bna: asegúrese de... • https://git.kernel.org/stable/c/7afc5dbde09104b023ce04465ba71aaba0fc4346 •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36933 – nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
https://notcve.org/view.php?id=CVE-2024-36933
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls skb_mac_gso_segment() to in... • https://git.kernel.org/stable/c/c411ed854584a71b0e86ac3019b60e4789d88086 • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36932 – thermal/debugfs: Prevent use-after-free from occurring after cdev removal
https://notcve.org/view.php?id=CVE-2024-36932
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Add... • https://git.kernel.org/stable/c/755113d7678681a137c330f7997ceb680adb644e • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36931 – s390/cio: Ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36931
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated inside the buffer, this can lead to OOB read when using scanf. Fix this issue by using memdup_user_nul instead. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: s390/cio: asegúrese de que el buf co... • https://git.kernel.org/stable/c/a4f17cc726712a52122ad38540bc3ff3a052d1a4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36930 – spi: fix null pointer dereference within spi_sync
https://notcve.org/view.php?id=CVE-2024-36930
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message(). With function inlining disabled, the call stack might look like this: _raw_spin_lock_irqsave from complete_with_fl... • https://git.kernel.org/stable/c/ae7d2346dc89ae89a6e0aabe6037591a11e593c0 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36929 – net: core: reject skb_copy(_expand) for fraglist GSO skbs
https://notcve.org/view.php?id=CVE-2024-36929
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: core: rechazar skb_copy(_expand) para fraglist GSO skbs Los skbs SKB_GSO_FRAGLIST no deben l... • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 • CWE-822: Untrusted Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36928 – s390/qeth: Fix kernel panic after setting hsuid
https://notcve.org/view.php?id=CVE-2024-36928
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi function pointer that is NULL. Example: --------------------------------------------------------------------------- [ 2057.572696] illegal operation: 0001 ilc:1 [#1] SMP [ 2057.572702] Modules linked in: af_iucv qe... • https://git.kernel.org/stable/c/64e3affee2881bb22df7ce45dd1f1fd7990e382b • CWE-476: NULL Pointer Dereference •