CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26910 – netfilter: ipset: fix performance regression in swap operation
https://notcve.org/view.php?id=CVE-2024-26910
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not wo... • https://git.kernel.org/stable/c/427deb5ba5661c4ae1cfb35955d2e01bd5f3090a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52645 – pmdomain: mediatek: fix race conditions with genpd
https://notcve.org/view.php?id=CVE-2023-52645
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after t... • https://git.kernel.org/stable/c/59b644b01cf48d6042f3c5983d464921a4920845 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26907 – RDMA/mlx5: Fix fortify source warning while accessing Eth segment
https://notcve.org/view.php?id=CVE-2024-26907
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules... • https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26906 – x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
https://notcve.org/view.php?id=CVE-2024-26906
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address: ffffffffff600000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 3231067 P4D 3231067 PUD 3233067 PMD 3235067 PTE 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU... • https://git.kernel.org/stable/c/6e4694e65b6db4c3de125115dd4f55848cc48381 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26903 – Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
https://notcve.org/view.php?id=CVE-2024-26903
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a normal connection and disconnection process with the testcase that triggered a KASAN report. We analyzed the cause of this bug as follows: 1. In the packets captured during a normal connection, the host sends a `Read Encryption Key S... • https://git.kernel.org/stable/c/369f419c097e82407dd429a202cde9a73d3ae29b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26902 – perf: RISCV: Fix panic on pmu overflow handler
https://notcve.org/view.php?id=CVE-2024-26902
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: perf: RISCV: Fix panic on pmu overflow handler (1 << idx) of int is not desired when setting bits in unsigned long overflowed_ctrs, use BIT() instead. This panic happens when running 'perf record -e branches' on sophgo sg2042. [ 273.311852] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000098 [ 273.320851] Oops [#1] [ 273.323179] Modules linked in: [ 273.326303] CPU: 0 PID: 1475 Comm: perf Not tainted ... • https://git.kernel.org/stable/c/3ede8e94de6b834b48b0643385e66363e7a04be9 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26901 – do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
https://notcve.org/view.php?id=CVE-2024-26901
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak syzbot identified a kernel information leak vulnerability in do_sys_name_to_handle() and issued the following report [1]. [1] "BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x100 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user... • https://git.kernel.org/stable/c/990d6c2d7aee921e3bce22b2d6a750fd552262be • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') CWE-908: Use of Uninitialized Resource •
CVSS: 6.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26900 – md: fix kmemleak of rdev->serial
https://notcve.org/view.php?id=CVE-2024-26900
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev->serial If kobject_add() is fail in bind_rdev_to_array(), 'rdev->serial' will be alloc not be freed, and kmemleak occurs. unreferenced object 0xffff88815a350000 (size 49152): comm "mdadm", pid 789, jiffies 4294716910 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc f773277a): ... • https://git.kernel.org/stable/c/963c555e75b033202dd76cf6325a7b7c83d08d5f • CWE-401: Missing Release of Memory after Effective Lifetime CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26898 – aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
https://notcve.org/view.php?id=CVE-2024-26898
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue. This could l... • https://git.kernel.org/stable/c/7562f876cd93800f2f8c89445f2a563590b24e09 • CWE-416: Use After Free •
CVSS: 4.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26897 – wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
https://notcve.org/view.php?id=CVE-2024-26897
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete The ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order in which things are initialised, this is not guaranteed to be the case, because the device is exposed to the USB subsystem before the ath9k driver initialisation is completed. We already committed a par... • https://git.kernel.org/stable/c/78c8397132dd4735ac6a7b5a651302f0b9f264ad • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •