CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36013 – Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
https://notcve.org/view.php?id=CVE-2024-36013
23 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() Extend a critical section to prevent chan from early freeing. Also make the l2cap_connect() return type void. Nothing is using the returned value but it is ugly to return a potentially freed pointer. Making it void will help with backports because earlier kernels did use the return value. Now the compile will break for kernels where this patch is not a complete fix. Call stack sum... • https://git.kernel.org/stable/c/73ffa904b78287f6acf8797e040150aa26a4af4a • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36012 – Bluetooth: msft: fix slab-use-after-free in msft_do_close()
https://notcve.org/view.php?id=CVE-2024-36012
23 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: msft: fix slab-use-after-free in msft_do_close() Tying the msft->data lifetime to hdev by freeing it in hci_release_dev() to fix the following case: [use] msft_do_close() msft = hdev->msft_data; if (!msft) ...(1) <- passed. return; mutex_lock(&msft->filter_lock); ...(4) <- used after freed. [free] msft_unregister() msft = hdev->msft_data; hdev->msft_data = NULL; ...(2) kfree(msft); ...(3) <- msft is freed. =======================... • https://git.kernel.org/stable/c/bf6a4e30ffbd9e9ef8934582feb937f6532f8b68 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36011 – Bluetooth: HCI: Fix potential null-ptr-deref
https://notcve.org/view.php?id=CVE-2024-36011
23 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in hci_le_big_sync_established_evt(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: HCI: Reparar potencial null-ptr-deref Reparar potencial null-ptr-deref en hci_le_big_sync_establecido_evt(). • https://git.kernel.org/stable/c/f777d88278170410b06a1f6633f3b9375a4ddd6b •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36010 – igb: Fix string truncation warnings in igb_set_fw_version
https://notcve.org/view.php?id=CVE-2024-36010
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix string truncation warnings in igb_set_fw_version Commit 1978d3ead82c ("intel: fix string truncation warnings") fixes '-Wformat-truncation=' warnings in igb_main.c by using kasprintf. drivers/net/ethernet/intel/igb/igb_main.c:3092:53: warning:‘%d’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 1 and 13 [-Wformat-truncation=] 3092 | "%d.%d, 0x%08x, %d.%d.%d", | ^~ drivers/net/ethernet/in... • https://git.kernel.org/stable/c/1978d3ead82c8e39d739dd4e19b1ea7bf923dfb4 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47498 – dm rq: don't queue request to blk-mq during DM suspend
https://notcve.org/view.php?id=CVE-2021-47498
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nr_requests or others, and request may come during suspend, so simply ask for blk-mq to requeue it. Fixes one kernel panic issue when running updating nr_requests and dm-mpath suspend/resume stress test. En el kernel de Linux, se ha... • https://git.kernel.org/stable/c/8ca9745efe3528feb06ca4e117188038eea2d351 • CWE-399: Resource Management Errors •
CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47497 – nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells
https://notcve.org/view.php?id=CVE-2021-47497
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavior because nbits modulo BITS_PER_BYTE is 0, and we subtract one from that making a large number that is then shifted more than the number of bits that fit into an unsigned long. UBSAN reports this problem: UBSAN: shift-out-of-bounds in d... • https://git.kernel.org/stable/c/69aba7948cbe53f2f1827e84e9dd0ae470a5072e • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47496 – net/tls: Fix flipped sign in tls_err_abort() calls
https://notcve.org/view.php?id=CVE-2021-47496
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, [kworker] tls_encrypt_done(..., err=
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-47495 – usbnet: sanity check for maxpacket
https://notcve.org/view.php?id=CVE-2021-47495
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo in log and stylistic issues En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usbnet: verificación de cordura para maxpacket maxpacket de 0 no tiene sentido y falla ya que necesitamos dividirlo por él. Abandonar. V2: error tipográfico corregido en el registro y problemas de estilo In the Linux kern... • https://git.kernel.org/stable/c/b9eba0a4a527e04d712f0e0401e5391ef124b33e • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47494 – cfg80211: fix management registrations locking
https://notcve.org/view.php?id=CVE-2021-47494
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list was locked for each wdev, but cfg80211_mgmt_registrations_update() iterated it without holding all the correct spinlocks, causing list corruption. Rather than trying to fix it with fine-grained locking, just move the lock to the wiphy/rdev (still need the list on each wdev), we already need to hold the wdev lock to change it, so there's ... • https://git.kernel.org/stable/c/6cd536fe62ef58d7c4eac2da07ab0ed7fd19010d •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47493 – ocfs2: fix race between searching chunks and release journal_head from buffer_head
https://notcve.org/view.php?id=CVE-2021-47493
22 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix race between searching chunks and release journal_head from buffer_head Encountered a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head() resulting in the below vmcore. PID: 106879 TASK: ffff880244ba9c00 CPU: 2 COMMAND: "loop3" Call trace: panic oops_end no_context __bad_area_nosemaphore bad_area_nosemaphore __do_page_fault do_page_fault page_fault [exception RIP: ocfs2_block_group_find_clear_bits+316... • https://git.kernel.org/stable/c/5043fbd294f5909a080ade0f04b70a4da9e122b7 •