CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35861 – smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()
https://notcve.org/view.php?id=CVE-2024-35861
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_signal_cifsd_for_reconnect() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. In the Linux kernel, the following vulnerability has been resolved: smb: ... • https://git.kernel.org/stable/c/7e8360ac8774e19b0b25f44fff84a105bb2417e4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35860 – bpf: support deferring bpf_link dealloc to after RCU grace period
https://notcve.org/view.php?id=CVE-2024-35860
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: support deferring bpf_link dealloc to after RCU grace period BPF link for some program types is passed as a "context" which can be used by those BPF programs to look up additional information. E.g., for multi-kprobes and multi-uprobes, link is used to fetch BPF cookie values. Because of this runtime dependency, when bpf_link refcnt drops to zero there could still be active BPF programs running accessing link data. This patch adds gener... • https://git.kernel.org/stable/c/0dcac272540613d41c05e89679e4ddb978b612f1 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35858 – net: bcmasp: fix memory leak when bringing down interface
https://notcve.org/view.php?id=CVE-2024-35858
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix memory leak when bringing down interface When bringing down the TX rings we flush the rings but forget to reclaimed the flushed packets. This leads to a memory leak since we do not free the dma mapped buffers. This also leads to tx control block corruption when bringing down the interface for power management. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bcmasp: corrige la pérdida de memoria al de... • https://git.kernel.org/stable/c/490cb412007de593e07c1d3e2b1ec4233886707c •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35857 – icmp: prevent possible NULL dereferences from icmp_build_probe()
https://notcve.org/view.php?id=CVE-2024-35857
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: icmp: prevent possible NULL dereferences from icmp_build_probe() First problem is a double call to __in_dev_get_rcu(), because the second one could return NULL. if (__in_dev_get_rcu(dev) && __in_dev_get_rcu(dev)->ifa_list) Second problem is a read from dev->ip6_ptr with no NULL check: if (!list_empty(&rcu_dereference(dev->ip6_ptr)->addr_list)) Use the correct RCU API to fix these. v2: add missing include
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35856 – Bluetooth: btusb: mediatek: Fix double free of skb in coredump
https://notcve.org/view.php?id=CVE-2024-35856
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Fix double free of skb in coredump hci_devcd_append() would free the skb on error so the caller don't have to free it again otherwise it would cause the double free of skb. Reported-by : Dan Carpenter
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35855 – mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update
https://notcve.org/view.php?id=CVE-2024-35855
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update The rule activity update delayed work periodically traverses the list of configured rules and queries their activity from the device. As part of this task it accesses the entry pointed by 'ventry->entry', but this entry can be changed concurrently by the rehash delayed work, leading to a use-after-free [1]. Fix by closing the race and perform the activity query und... • https://git.kernel.org/stable/c/2bffc5322fd8679e879cd6370881ee50cf141ada •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35854 – mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
https://notcve.org/view.php?id=CVE-2024-35854
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negative as the assumption is that this is indicative of migration being complete. This assumption is incorrect as a non-negative number of credits can also be the resul... • https://git.kernel.org/stable/c/c9c9af91f1d9a636aecc55302c792538e549a430 • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35853 – mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
https://notcve.org/view.php?id=CVE-2024-35853
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the migration fails, the code tries to migrate the filters back to the old region. However, the rollback itself can also fail in which case another migration will be err... • https://git.kernel.org/stable/c/843500518509128a935edab96bd8efef7c54669e • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35852 – mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work
https://notcve.org/view.php?id=CVE-2024-35852
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work The rehash delayed work is rescheduled with a delay if the number of credits at end of the work is not negative as supposedly it means that the migration ended. Otherwise, it is rescheduled immediately. After "mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash" the above is no longer accurate as a non-negative number of credits is no longer indicative of t... • https://git.kernel.org/stable/c/c9c9af91f1d9a636aecc55302c792538e549a430 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35851 – Bluetooth: qca: fix NULL-deref on non-serdev suspend
https://notcve.org/view.php?id=CVE-2024-35851
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev suspend Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity check to prevent a NULL-pointer dereference when wakeup() is called for a non-serdev controller during suspend. Just return true for now to restore the original behaviour and address the crash with pre-6.2 kernels, which do not have co... • https://git.kernel.org/stable/c/c1a74160eaf1ac218733b371158432b52601beff •