CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26978 – serial: max310x: fix NULL pointer dereference in I2C instantiation
https://notcve.org/view.php?id=CVE-2024-26978
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: max310x: fix NULL pointer dereference in I2C instantiation When trying to instantiate a max14830 device from userspace: echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/new_device we get the following error: Unable to handle kernel NULL pointer dereference at virtual address... ... Call trace: max310x_i2c_probe+0x48/0x170 [max310x] i2c_device_probe+0x150/0x2a0 ... Add check for validity of devtype to prevent the error, and abort prob... • https://git.kernel.org/stable/c/f5c252aaa1be5d38604e58e9bd335065f767d0d8 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26977 – pci_iounmap(): Fix MMIO mapping leak
https://notcve.org/view.php?id=CVE-2024-26977
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: pci_iounmap(): Fix MMIO mapping leak The #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentally also guards iounmap(), which means MMIO mappings are leaked. Move the guard so we call iounmap() for MMIO mappings. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: pci_iounmap(): corrige la fuga de mapeo MMIO El #ifdef ARCH_HAS_GENERIC_IOPORT_MAP accidentalmente también protege iounmap(), lo que significa que se filtraron los mapeos MMIO... • https://git.kernel.org/stable/c/316e8d79a0959c302b0c462ab64b069599f10eef •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26976 – KVM: Always flush async #PF workqueue when vCPU is being destroyed
https://notcve.org/view.php?id=CVE-2024-26976
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure that none of its workqueue callbacks is running when the last reference to the KVM _module_ is put. Gifting a reference to the associated VM prevents the workqueue callback from dereferencing freed vCPU/VM memory, bu... • https://git.kernel.org/stable/c/af585b921e5d1e919947c4b1164b59507fe7cd7b • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26974 – crypto: qat - resolve race condition during AER recovery
https://notcve.org/view.php?id=CVE-2024-26974
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling that restart will exit due to a timeout, and the reset_data structure will be freed. However, this data structure is used for completion notification after the r... • https://git.kernel.org/stable/c/d8cba25d2c68992a6e7c1d329b690a9ebe01167d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26973 – fat: fix uninitialized field in nostale filehandles
https://notcve.org/view.php?id=CVE-2024-26973
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and the last two bytes remain uninitialized. This is not great at we potentially leak uninitialized information with the handle to userspace. Properly initialize the ful... • https://git.kernel.org/stable/c/ea3983ace6b79c96e6ab3d3837e2eaf81ab881e2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26970 – clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays
https://notcve.org/view.php?id=CVE-2024-26970
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: gc... • https://git.kernel.org/stable/c/d9db07f088af01a1080d01de363141b673c7d646 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26969 – clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
https://notcve.org/view.php?id=CVE-2024-26969
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: gc... • https://git.kernel.org/stable/c/9607f6224b3966652ce3f4e620c4694df190b64a •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26966 – clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
https://notcve.org/view.php?id=CVE-2024-26966
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: m... • https://git.kernel.org/stable/c/2b46cd23a5a2cf0b8d3583338b63409f5e78e7cd •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26965 – clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
https://notcve.org/view.php?id=CVE-2024-26965
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed by functions like qcom_find_freq() or qcom_find_freq_floor(). Only compile tested. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: m... • https://git.kernel.org/stable/c/d8b212014e69d6b6323773ce6898f224ef4ed0d6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26964 – usb: xhci: Add error handling in xhci_map_urb_for_dma
https://notcve.org/view.php?id=CVE-2024-26964
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Add error handling in xhci_map_urb_for_dma Currently xhci_map_urb_for_dma() creates a temporary buffer and copies the SG list to the new linear buffer. But if the kzalloc_node() fails, then the following sg_pcopy_to_buffer() can lead to crash since it tries to memcpy to NULL pointer. So return -ENOMEM if kzalloc returns null pointer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: xhci: agregar manejo de e... • https://git.kernel.org/stable/c/2017a1e58472a27e532b9644b4a61dfe18f6baac •