CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36938 – bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue
https://notcve.org/view.php?id=CVE-2024-36938
30 May 2024 — [1] BUG: KCSAN: data-race in sk_psock_drop / sk_psock_skb_ingress_enqueue write to 0xffff88814b3278b8 of 8 bytes by task 10724 on cpu 1: sk_psock_stop_verdict net/core/skmsg.c:1257 [inline] sk_psock_drop+0x13e/0x1f0 net/core/skmsg.c:843 sk_psock_put include/linux/skmsg.h:459 [inline] sock_map_close+0x1a7/0x260 net/core/sock_map.c:1648 unix_release+0x4b/0x80 net/unix/af_unix.c:1048 __sock_release net/socket.c:659 [inline] sock_close+0x68/0x150 net/socket.c:1421 __fput+0x2c1/0x660 fs/file_table.c:422 _... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c • CWE-476: NULL Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36937 – xdp: use flags field to disambiguate broadcast redirect
https://notcve.org/view.php?id=CVE-2024-36937
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will set up the redirect destination information in struct bpf_redirect_info (using the __bpf_xdp_redirect_map() helper function), and the xdp_do_redirect() function will read this information after the XDP program returns and pass the frame on to the right redirect destination. In the Linux kernel, the fo... • https://git.kernel.org/stable/c/e624d4ed4aa8cc3c69d1359b0aaea539203ed266 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36936 – efi/unaccepted: touch soft lockup during memory accept
https://notcve.org/view.php?id=CVE-2024-36936
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and not triggers softlockup on other CPUs. In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: ... • https://git.kernel.org/stable/c/50e782a86c980d4f8292ef82ed8139282ca07a98 •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36935 – ice: ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36935
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. ... En el kernel de Linux, se resolvió la siguiente vulnera... • https://git.kernel.org/stable/c/96a9a9341cdaea0c3bce4c134e04a2a42ae899ac •
CVSS: 5.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36934 – bna: ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36934
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilid... • https://git.kernel.org/stable/c/7afc5dbde09104b023ce04465ba71aaba0fc4346 •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36933 – nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
https://notcve.org/view.php?id=CVE-2024-36933
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols: ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. ... • https://git.kernel.org/stable/c/c411ed854584a71b0e86ac3019b60e4789d88086 • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36932 – thermal/debugfs: Prevent use-after-free from occurring after cdev removal
https://notcve.org/view.php?id=CVE-2024-36932
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. ... Cc :6.8+
CVSS: 5.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36931 – s390/cio: Ensure the copied buf is NUL terminated
https://notcve.org/view.php?id=CVE-2024-36931
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. ... En el kernel de Linux, se resolvió la siguiente vulnerabilida... • https://git.kernel.org/stable/c/a4f17cc726712a52122ad38540bc3ff3a052d1a4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36930 – spi: fix null pointer dereference within spi_sync
https://notcve.org/view.php?id=CVE-2024-36930
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to a null pointer dereference when the callback is invoked from spi_finalize_current_message(). In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference with... • https://git.kernel.org/stable/c/ae7d2346dc89ae89a6e0aabe6037591a11e593c0 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36929 – net: core: reject skb_copy(_expand) for fraglist GSO skbs
https://notcve.org/view.php?id=CVE-2024-36929
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: core: rec... • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 • CWE-822: Untrusted Pointer Dereference •