CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27416 – Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
https://notcve.org/view.php?id=CVE-2024-27416
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST If we received HCI_EV_IO_CAPA_REQUEST while HCI_OP_READ_REMOTE_EXT_FEATURES is yet to be responded assume the remote does support SSP since otherwise this event shouldn't be generated. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: hci_event: Corrige el manejo de HCI_EV_IO_CAPA_REQUEST Si recibimos HCI_EV_IO_CAPA_REQUEST mientras HCI_OP_READ_REMOTE_EXT_... • https://git.kernel.org/stable/c/ccb8618c972f941ebc6b2b9db491025b3369efcb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27415 – netfilter: bridge: confirm multicast packets before passing them up the stack
https://notcve.org/view.php?id=CVE-2024-27415
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: confirm multicast packets before passing them up the stack conntrack nf_confirm logic cannot handle cloned skbs referencing the same nf_conn entry, which will happen for multicast (broadcast) frames on bridges. Example: macvlan0 | br0 / \ ethX ethY ethX (or Y) receives a L2 multicast or broadcast packet containing an IP packet, flow is not yet in conntrack table. 1. skb passes through bridge and fake-ip (br_netfilter)Prer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27414 – rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
https://notcve.org/view.php?id=CVE-2024-27414
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic in the function `rtnl_bridge_setlink` to enable the loop to also check the length of the IFLA_BRIDGE_MODE attribute. However, this adjustment removed the `break` statement and led to an error logic of the flags writing back at the end of th... • https://git.kernel.org/stable/c/ad46d4861ed36315d3d9e838723ba3e367ecc042 •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27413 – efi/capsule-loader: fix incorrect allocation size
https://notcve.org/view.php?id=CVE-2024-27413
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: error: allocation of insufficient size '4' for type 'phys_addr_t' {aka 'long long unsigned int'} with size '8' [-Werror=alloc-size] 295 | cap_info->phys = kzall... • https://git.kernel.org/stable/c/f24c4d478013d82bd1b943df566fff3561d52864 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-27412 – power: supply: bq27xxx-i2c: Do not free non existing IRQ
https://notcve.org/view.php?id=CVE-2024-27412
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0. bq27xxx_battery_i2c_probe() already has an if (client->irq) check wrapping the request_threaded_irq(). But bq27xxx_battery_i2c_remove() unconditionally calls free_irq(client->irq) leading to: [ 190.310742] ------------[ cut here ]------------ [ 190.310843] Trying to free already-free IRQ 0 [ 190.310861] W... • https://git.kernel.org/stable/c/76d2ed844def0cb8704d766924b07b2a918b3e30 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27410 – wifi: nl80211: reject iftype change with mesh ID change
https://notcve.org/view.php?id=CVE-2024-27410
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has, causing cfg80211_change_iface() to do wrong things when switching. We could probably allow setting an interface to mesh while setting the mesh ID at the s... • https://git.kernel.org/stable/c/7b0a0e3c3a88260b6fcb017e49f198463aa62ed1 •
CVSS: 2.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27408 – dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
https://notcve.org/view.php?id=CVE-2024-27408
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory as the eDMA controller register. If the doorbell register is toggled before the full write of the linked list a race condition error will occur. In remote setup we can only use a readl to the memory to assure the full write has occurred. En el kernel de Linux, se resolvió la siguiente... • https://git.kernel.org/stable/c/7e4b8a4fbe2cecab0959e862604803d063f50029 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52657 – Revert "drm/amd/pm: resolve reboot exception for si oland"
https://notcve.org/view.php?id=CVE-2023-52657
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd/pm: resolve reboot exception for si oland" This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. This causes hangs on SI when DC is enabled and errors on driver reboot and power off cycles. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Revertir "drm/amd/pm: resolve reboot exception for si oland" Esto revierte la confirmación e490d60a2f76bff636c68ce4fe34c1b6c34bbd86. Esto provoca bloqueos en SI cuand... • https://git.kernel.org/stable/c/0f8f233ed76754b0c9262eb2e82f8529da0bef16 •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27407 – fs/ntfs3: Fixed overflow check in mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-27407
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed overflow check in mi_enum_attr() En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrigió la verificación de desbordamiento en mi_enum_attr() • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27405 – usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
https://notcve.org/view.php?id=CVE-2024-27405
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs It is observed sometimes when tethering is used over NCM with Windows 11 as host, at some instances, the gadget_giveback has one byte appended at the end of a proper NTB. When the NTB is parsed, unwrap call looks for any leftover bytes in SKB provided by u_ether and if there are any pending bytes, it treats them as a separate NTB and parses it. But in case the second NTB (as... • https://git.kernel.org/stable/c/9f6ce4240a2bf456402c15c06768059e5973f28c • CWE-476: NULL Pointer Dereference •