CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35925 – block: prevent division by zero in blk_rq_stat_sum()
https://notcve.org/view.php?id=CVE-2024-35925
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloquear: evitar la división por cero en blk_rq_stat_sum() La expresión dst->nr_samples + src->nr_samples puede ... • https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35924 – usb: typec: ucsi: Limit read size on v1.2
https://notcve.org/view.php?id=CVE-2024-35924
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Limit read size on v1.2 Between UCSI 1.2 and UCSI 2.0, the size of the MESSAGE_IN region was increased from 16 to 256. In order to avoid overflowing reads for older systems, add a mechanism to use the read UCSI version to truncate read sizes on UCSI v1.2. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: Limitar el tamaño de lectura en v1.2 Entre UCSI 1.2 y UCSI 2.0, el tamaño de la región... • https://git.kernel.org/stable/c/266f403ec47573046dee4bcebda82777ce702c40 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35922 – fbmon: prevent division by zero in fb_videomode_from_videomode()
https://notcve.org/view.php?id=CVE-2024-35922
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode(). Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fbmon: evita la división por cero en fb_videomode_from_videomode() La expresión htotal * vtotal puede tene... • https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52699 – sysv: don't call sb_bread() with pointers_lock held
https://notcve.org/view.php?id=CVE-2023-52699
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux ... • https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35915 – nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
https://notcve.org/view.php?id=CVE-2024-35915
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded. This patch resolve... • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35912 – wifi: iwlwifi: mvm: rfi: fix potential response leaks
https://notcve.org/view.php?id=CVE-2024-35912
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup() fails, we still need to free the command response. Fix that. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: iwlwifi: mvm: rfi: corrige posibles fugas de respuesta Si falla la verificación de la longitud de la payload de rx, o si falla kmemdup(), aún necesitamos liberar la respuesta del comando. Arregla eso. In t... • https://git.kernel.org/stable/c/21254908cbe995a3982a23da32c30d1b43467043 •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35910 – tcp: properly terminate timers for kernel sockets
https://notcve.org/view.php?id=CVE-2024-35910
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: properly terminate timers for kernel sockets We had various syzbot reports about tcp timers firing after the corresponding netns has been dismantled. Fortunately Josef Bacik could trigger the issue more often, and could test a patch I wrote two years ago. When TCP sockets are closed, we call inet_csk_clear_xmit_timers() to 'stop' the timers. inet_csk_clear_xmit_timers() can be called from any context, including when socket lock is held... • https://git.kernel.org/stable/c/8a68173691f036613e3d4e6bf8dc129d4a7bf383 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35909 – net: wwan: t7xx: Split 64bit accesses to fix alignment issues
https://notcve.org/view.php?id=CVE-2024-35909
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causing alignment faults on 64bit platforms. Unable to handle kernel paging request at virtual address ffffffc084a1d004 Mem abort info: ESR = 0x0000000096000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061, ISS2 = 0x0000000... • https://git.kernel.org/stable/c/39d439047f1dc88f98b755d6f3a53a4ef8f0de21 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35908 – tls: get psock ref after taking rxlock to avoid leak
https://notcve.org/view.php?id=CVE-2024-35908
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tls: obtenga referencia de psock después de t... • https://git.kernel.org/stable/c/4cbc325ed6b4dce4910be06d9d6940a8b919c59b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35907 – mlxbf_gige: call request_irq() after NAPI initialized
https://notcve.org/view.php?id=CVE-2024-35907
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b) trigger kdump via "echo c > /proc/sysrq-trigger" c) kdump kernel executes d) kdump kernel loads mlxbf_gige module e) the mlxbf_gige module runs its open() as the the "oob_net0" interface is brought up f) mlxbf_gige... • https://git.kernel.org/stable/c/f92e1869d74e1acc6551256eb084a1c14a054e19 •