CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35792 – crypto: rk3288 - Fix use after free in unprepare
https://notcve.org/view.php?id=CVE-2024-35792
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: rk3288 - Fix use after free in unprepare The unprepare call must be carried out before the finalize call as the latter can free the request. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: crypto: rk3288 - Arreglar el uso después de liberar en unprepare La llamada de unprepare debe realizarse antes de la llamada de finalización ya que esta última puede liberar la solicitud. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/c66c17a0f69b0e017bbc01d999a28ed96ee84826 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35791 – KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()
https://notcve.org/view.php?id=CVE-2024-35791
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() Do the cache flush of converted pages in svm_register_enc_region() before dropping kvm->lock to fix use-after-free issues where region and/or its array of pages could be freed by a different task, e.g. if userspace has __unregister_enc_region_locked() already queued up for the region. Note, the "obvious" alternative of using local variables doesn't fully resolve t... • https://git.kernel.org/stable/c/4f627ecde7329e476a077bb0590db8f27bb8f912 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35790 – usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
https://notcve.org/view.php?id=CVE-2024-35790
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creat... • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 •
CVSS: 6.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35789 – wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
https://notcve.org/view.php?id=CVE-2024-35789
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: comprobar/borrar fast rx para cambios de VLAN ... • https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35788 – drm/amd/display: Fix bounds check for dcn35 DcfClocks
https://notcve.org/view.php?id=CVE-2024-35788
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix bounds check for dcn35 DcfClocks [Why] NumFclkLevelsEnabled is used for DcfClocks bounds check instead of designated NumDcfClkLevelsEnabled. That can cause array index out-of-bounds access. [How] Use designated variable for dcn35 DcfClocks bounds check. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: Corrige la verificación de límites para dcn35 DcfClocks [Por qué] NumFclkLevelsEnabled s... • https://git.kernel.org/stable/c/a8edc9cc0b14e3769bbc9b82d00e5e5fc6b5ff0a •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35787 – md/md-bitmap: fix incorrect usage for sb_index
https://notcve.org/view.php?id=CVE-2024-35787
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap code, but left wrong code logic for clustered-md. current code never set slot offset for cluster nodes, will sometimes cause crash in clustered env. Call trace (partly): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6... • https://git.kernel.org/stable/c/d7038f951828da19fa9aafddfa087b69032c9687 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35786 – drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf
https://notcve.org/view.php?id=CVE-2024-35786
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the clients mutex remained unlocked leading to a deadlock inside nouveau_drm_postclose or any other nouveau ioctl call. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/nouveau: corrige el mutex bl... • https://git.kernel.org/stable/c/b88baab828713ce0b49b185444b2ee83bed373a8 •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35785 – tee: optee: Fix kernel panic caused by incorrect error handling
https://notcve.org/view.php?id=CVE-2024-35785
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c [ 15.406913] Mem abort info: [ 15.409722] ESR = 0x0000000096000005 [ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = ... • https://git.kernel.org/stable/c/a953e45ebeae9a5ce342c012f7eb2a92cc8af89b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35784 – btrfs: fix deadlock with fiemap and extent locking
https://notcve.org/view.php?id=CVE-2024-35784
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock with fiemap and extent locking While working on the patchset to remove extent locking I got a lockdep splat with fiemap and pagefaulting with my new extent lock replacement lock. This deadlock exists with our normal code, we just don't have lockdep annotations with the extent locking so we've never noticed it. Since we're copying the fiemap extent to user space on every iteration we have the chance of pagefaulting. Becau... • https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27436 – ALSA: usb-audio: Stop parsing channels bits when all channels are found.
https://notcve.org/view.php?id=CVE-2024-27436
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: deja de analizar bits de canales cuando se encuentran todos los canales. Si un dispositivo de audio USB establece más bits que la cantidad de canales, podría escribir fuera de la mat... • https://git.kernel.org/stable/c/04324ccc75f96b3ed7aad1c866d1b7925e977bdf • CWE-787: Out-of-bounds Write •