CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35967 – Bluetooth: SCO: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35967
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90 net/bluetooth/sco.c:893 Read of size 4 at addr f... • https://git.kernel.org/stable/c/b96e9c671b05f95126753a22145d4509d45ca197 •
CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35966 – Bluetooth: RFCOMM: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35966
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] BU... • https://git.kernel.org/stable/c/bb23c0ab824653be4aa7dfca15b07b3059717004 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35965 – Bluetooth: L2CAP: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35965
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: L2CAP: solución que no valida la entrada del usuario de setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. CVE-2024-35965 is a vulnerability in the Linux kernel's Bluetooth L2CAP implementation, caused by inadequate input length vali... • https://git.kernel.org/stable/c/33575df7be6748292f88453f29319af6d639c5c8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35947 – dyndbg: fix old BUG_ON in >control parser
https://notcve.org/view.php?id=CVE-2024-35947
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dyndbg: corrige el antiguo BUG_ON en >control parser. Corrige un BUG_ON de 2009. Incluso si parece "unreachable" (realmente no lo miré), asegurémonos eliminándolo. haciendo pr_err y... • https://git.kernel.org/stable/c/9898abb3d23311fa227a7f46bf4e40fd2954057f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35944 – VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()
https://notcve.org/view.php?id=CVE-2024-35944
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24) WARNING: CPU: 0 PID: 1555 at drivers/misc/vmw_vmci/vmci_datagram.c:237 dg_dispatch_as_host+0x88e/0xa60 drivers/misc/vmw_vmci/vmci_datagram.c:237 Some code commentry, based on my understanding: 544... • https://git.kernel.org/stable/c/a110b7ebb9c674a2b591af2780dd512ad0198d50 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35936 – btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()
https://notcve.org/view.php?id=CVE-2024-35936
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to look for a chunk tree item, with offset -1, this is an inexact search and the key->offset will contain the correct offset upon a successful search, a valid chunk tree item cannot have an offset -1 - after fi... • https://git.kernel.org/stable/c/2b82032c34ec40515d3c45c36cd1961f37977de8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35935 – btrfs: send: handle path ref underflow in header iterate_inode_ref()
https://notcve.org/view.php?id=CVE-2024-35935
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: enviar: manejar el desbordamiento de la referencia de ruta en el encabezado iterate_inode_ref() Cambie BUG_ON al manejo adecuado de errores si falla l... • https://git.kernel.org/stable/c/31db9f7c23fbf7e95026143f79645de6507b583b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35931 – drm/amdgpu: Skip do PCI error slot reset during RAS recovery
https://notcve.org/view.php?id=CVE-2024-35931
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC multi times, this caused system hang. [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume [ 557.373718] [drm] PCIE GART of 512M enabled. [ 557.373722] [drm] PTB located at 0x0000031FED700000 [ 557.373788] [drm] VRAM is lost due to GPU reset! [ 557.373789] [drm] PSP is resuming... [ 55... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35930 – scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()
https://notcve.org/view.php?id=CVE-2024-35930
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked. Check return value after calling lpfc_sli4_resume_rpi() and conditionally release the elsiocb resource. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: lpfc: co... • https://git.kernel.org/stable/c/6b5151fd7baec6812fece993ddd7a2cf9fd0125f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35922 – fbmon: prevent division by zero in fb_videomode_from_videomode()
https://notcve.org/view.php?id=CVE-2024-35922
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode(). Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fbmon: evita la división por cero en fb_videomode_from_videomode() La expresión htotal * vtotal puede tene... • https://git.kernel.org/stable/c/2db54c72395298a58f29c75ae880be9e478fdbbd •