CVSS: 5.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26737 – bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
https://notcve.org/view.php?id=CVE-2024-26737
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel The following race is possible between bpf_timer_cancel_and_free and bpf_timer_cancel. It will lead a UAF on the timer->timer. bpf_timer_cancel(); spin_lock(); t = timer->time; spin_unlock(); bpf_timer_cancel_and_free(); spin_lock(); t = timer->timer; timer->timer = NULL; spin_unlock(); hrtimer_cancel(&t->timer); kfree(t); /* UAF on t */ hrtimer_cancel(&t->timer); In bpf... • https://git.kernel.org/stable/c/b00628b1c7d595ae5b544e059c27b1f5828314b4 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26736 – afs: Increase buffer size in afs_update_volume_status()
https://notcve.org/view.php?id=CVE-2024-26736
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 and use snprintf()] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: afs: aumenta el tamaño del búfer en afs_update_volume_status() La longitud má... • https://git.kernel.org/stable/c/d2ddc776a4581d900fc3bdc7803b403daae64d88 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26735 – ipv6: sr: fix possible use-after-free and null-ptr-deref
https://notcve.org/view.php?id=CVE-2024-26735
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ipv6:sr: corrige posible use-after-free y null-ptr-deref La estructura de operaciones pernet para el subsystem debe registrarse antes de registrar la familia netlink genérica. A use-after-free flaw was fou... • https://git.kernel.org/stable/c/915d7e5e5930b4f01d0971d93b9b25ed17d221aa • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26734 – devlink: fix possible use-after-free and memory leaks in devlink_init()
https://notcve.org/view.php?id=CVE-2024-26734
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: devlink: fix possible use-after-free and memory leaks in devlink_init() The pernet operations structure for the subsystem must be registered before registering the generic netlink family. Make an unregister in case of unsuccessful registration. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: devlink: corrige posibles pérdidas de memoria y use-after-free en devlink_init() La estructura de operaciones pernet para el subSYST... • https://git.kernel.org/stable/c/687125b5799cd5120437fa455cfccbe8537916ff •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26733 – arp: Prevent overflow in arp_req_get().
https://notcve.org/view.php?id=CVE-2024-26733
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sockaddr_storage, so the sa_data buffer is just 14 bytes. In the splat below, 2 bytes are overflown to the next int field, arp_flags. We initialise the field just after ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26731 – bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
https://notcve.org/view.php?id=CVE-2024-26731
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference issue [1]: BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace:
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26730 – hwmon: (nct6775) Fix access to temperature configuration registers
https://notcve.org/view.php?id=CVE-2024-26730
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix access to temperature configuration registers The number of temperature configuration registers does not always match the total number of temperature registers. This can result in access errors reported if KASAN is enabled. BUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 nct6775_core En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: hwmon: (nct6775) Arreglar el acceso a los registros de c... • https://git.kernel.org/stable/c/b7f1f7b2523a6a4382f12fe953380b847b80e09d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52641 – fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
https://notcve.org/view.php?id=CVE-2023-52641
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() It is preferable to exit through the out: label because internal debugging functions are located there. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Agregar verificación de desreferencia de ptr NULL al final de attr_allocate_frame() Es preferible salir por la etiqueta out: porque las funciones de depuración interna se encuentran a... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52640 – fs/ntfs3: Fix oob in ntfs_listxattr
https://notcve.org/view.php?id=CVE-2023-52640
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrige oob en ntfs_listxattr La longitud del nombre no puede exceder el espacio ocupado por ea. It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to ... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26727 – btrfs: do not ASSERT() if the newly created subvolume already got read
https://notcve.org/view.php?id=CVE-2024-26727
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c:1319! invalid opcode: 0000 [#1] PREEMPT SMP KASAN RIP: 0010:btrfs_get_root_ref.part.0+0x9aa/0xa60