CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27396 – net: gtp: Fix Use-After-Free in gtp_dellink
https://notcve.org/view.php?id=CVE-2024-27396
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: gtp: corrige Use-After-... • https://git.kernel.org/stable/c/043a283d24f40fea4c8a8d06b0e2694c8e372200 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27395 – net: openvswitch: Fix Use-After-Free in ovs_ct_exit
https://notcve.org/view.php?id=CVE-2024-27395
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To prevent this, it should be changed to hlist_for_each_entry_safe. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: openvswi... • https://git.kernel.org/stable/c/11efd5cb04a184eea4f57b68ea63dddd463158d1 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27393 – xen-netfront: Add missing skb_mark_for_recycle
https://notcve.org/view.php?id=CVE-2024-27393
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xen-netfront: Add missing skb_mark_for_recycle Notice that skb_mark_for_recycle() is introduced later than fixes tag in commit 6a5bcd84e886 ("page_pool: Allow drivers to hint on SKB recycling"). It is believed that fixes tag were missing a call to page_pool_release_page() between v5.9 to v5.14, after which is should have used skb_mark_for_recycle(). Since v6.6 the call page_pool_release_page() were removed (in commit 535b9c61bdef ("net: ... • https://git.kernel.org/stable/c/6c5aa6fc4defc2a0977a2c59e4710d50fa1e834c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 1CVE-2023-52654 – io_uring/af_unix: disable sending io_uring over sockets
https://notcve.org/view.php?id=CVE-2023-52654
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary. En... • https://github.com/FoxyProxys/CVE-2023-52654 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48705 – wifi: mt76: mt7921e: fix crash in chip reset fail
https://notcve.org/view.php?id=CVE-2022-48705
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix crash in chip reset fail In case of drv own fail in reset, we may need to run mac_reset several times. The sequence would trigger system crash as the log below. Because we do not re-enable/schedule "tx_napi" before disable it again, the process would keep waiting for state change in napi_diable(). To avoid the problem and keep status synchronize for each run, goto final resource handling if drv own failed. [ 585... • https://git.kernel.org/stable/c/0efaf31dec572d3aac4316c6d952e06d1c33adc4 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48704 – drm/radeon: add a force flush to delay work when radeon
https://notcve.org/view.php?id=CVE-2022-48704
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, and meanwhile the radeon_suspend_kms() function has called pci_set_power_state() to put device in D3hot state. Per PCI spec rev 4.0 on 5.3.1.4.1 D3hot State. > Configuration and Message requests are the only TLPs ac... • https://git.kernel.org/stable/c/b878da58df2c40b08914d3960e2224040fd1fbfe •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48695 – scsi: mpt3sas: Fix use-after-free warning
https://notcve.org/view.php?id=CVE-2022-48695
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix use-after-free warning Fix the following use-after-free warning which is observed during controller reset: refcount_t: underflow; use-after-free. WARNING: CPU: 23 PID: 5399 at lib/refcount.c:28 refcount_warn_saturate+0xa6/0xf0 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpt3sas: Corrija la advertencia de use-after-free. Corrija la siguiente advertencia de use-after-free que se observa duran... • https://git.kernel.org/stable/c/b8fc9e91b931215110ba824d1a2983c5f60b6f82 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48690 – ice: Fix DMA mappings leak
https://notcve.org/view.php?id=CVE-2022-48690
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix DMA mappings leak Fix leak, when user changes ring parameters. During reallocation of RX buffers, new DMA mappings are created for those buffers. New buffers with different RX ring count should substitute older ones, but those buffers were freed in ice_vsi_cfg_rxq and reallocated again with ice_alloc_rx_buf. kfree on rx_buf caused leak of already mapped DMA. Reallocate ZC with xdp_buf struct, when BPF program loads. Reallocate ba... • https://git.kernel.org/stable/c/617f3e1b588c802517c236087561c6bcb0b4afd6 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48703 – thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR
https://notcve.org/view.php?id=CVE-2022-48703
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR In some case, the GDDV returns a package with a buffer which has zero length. It causes that kmemdup() returns ZERO_SIZE_PTR (0x10). Then the data_vault_read() got NULL point dereference problem when accessing the 0x10 value in data_vault. [ 71.024560] BUG: kernel NULL pointer dereference, address: 0000000000000010 This patch uses ZERO_OR_NULL_PTR() for checki... • https://git.kernel.org/stable/c/dae42083b045a4ddf71c57cf350cb2412b5915c2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48702 – ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc()
https://notcve.org/view.php?id=CVE-2022-48702
03 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: emu10k1: Fix out of bounds access in snd_emu10k1_pcm_channel_alloc() The voice allocator sometimes begins allocating from near the end of the array and then wraps around, however snd_emu10k1_pcm_channel_alloc() accesses the newly allocated voices as if it never wrapped around. This results in out of bounds access if the first voice has a high enough index so that first_voice + requested_voice_count > NUM_G (64). The more voices are... • https://git.kernel.org/stable/c/637c5310acb48fffcc5657568db3f3e9bc719bfa •