CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46745 – Input: uinput - reject requests with unreasonable number of slots
https://notcve.org/view.php?id=CVE-2024-46745
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memor... • https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46744 – Squashfs: sanity check symbolic link size
https://notcve.org/view.php?id=CVE-2024-46744
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875... • https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46743 – of/irq: Prevent device address out-of-bounds read in interrupt map walk
https://notcve.org/view.php?id=CVE-2024-46743
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: in... • https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46733 – btrfs: fix qgroup reserve leaks in cow_file_range
https://notcve.org/view.php?id=CVE-2024-46733
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note... • https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46732 – drm/amd/display: Assign linear_pitch_alignment even for VM
https://notcve.org/view.php?id=CVE-2024-46732
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedi... • https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46731 – drm/amd/pm: fix the Out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46731
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the devi... • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46730 – drm/amd/display: Ensure array index tg_inst won't be -1
https://notcve.org/view.php?id=CVE-2024-46730
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked before used. This fixes 2 OVERRUN issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Ensure array index tg_inst won't be -1 [WHY & HOW] tg_inst will be a negative if timing_generator_count equals 0, which should be checked bef... • https://git.kernel.org/stable/c/a64284b9e1999ad5580debced4bc6d6adb28aad4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46729 – drm/amd/display: Fix incorrect size calculation for loop
https://notcve.org/view.php?id=CVE-2024-46729
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY] fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is lager than the array size. [HOW] Divide byte size 20 by its element size. This fixes 2 OVERRUN issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix incorrect size calculation for loop [WHY] fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte... • https://git.kernel.org/stable/c/712be65b3b372a82bff0865b9c090147764bf1c4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46728 – drm/amd/display: Check index for aux_rd_interval before using
https://notcve.org/view.php?id=CVE-2024-46728
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check index for aux_rd_interval before using aux_rd_interval has size of 7 and should be checked. This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity. Ubuntu Security Notice 7154-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/48e0b68e2360b16edf2a0bae05c0051c00fbb48a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46727 – drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
https://notcve.org/view.php?id=CVE-2024-46727
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update [Why] Coverity reports NULL_RETURN warning. [How] Add otg_master NULL check. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update [Why] Coverity reports NULL_RETURN warning. [How] Add otg_master NULL check. Ubuntu Security Notice 7156-1 - Chenyuan Yang discover... • https://git.kernel.org/stable/c/aad4d3d3d3b6a362bf5db11e1f28c4a60620900d •