CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26789 – crypto: arm64/neonbs - fix out-of-bounds access on short input
https://notcve.org/view.php?id=CVE-2024-26789
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in granules of 16 bytes (the size of a NEON register). For this reason, the associated plain NEON gl... • https://git.kernel.org/stable/c/fc074e130051015e39245a4241956ff122e2f465 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26788 – dmaengine: fsl-qdma: init irq after reg initialization
https://notcve.org/view.php?id=CVE-2024-26788
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi... • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26787 – mmc: mmci: stm32: fix DMA API overlapping mappings warning
https://notcve.org/view.php?id=CVE-2024-26787
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board ... • https://git.kernel.org/stable/c/46b723dd867d599420fb640c0eaf2a866ef721d4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26783 – mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
https://notcve.org/view.php?id=CVE-2024-26783
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supe... • https://git.kernel.org/stable/c/c574bbe917036c8968b984c82c7b13194fe5ce98 • CWE-762: Mismatched Memory Management Routines •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26782 – mptcp: fix double-free on socket dismantle
https://notcve.org/view.php?id=CVE-2024-26782
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump... • https://git.kernel.org/stable/c/cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26781 – mptcp: fix possible deadlock in subflow diag
https://notcve.org/view.php?id=CVE-2024-26781
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/24141 is trying to acquire lock: ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline] ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_get_aux+0x... • https://git.kernel.org/stable/c/8affdbb3e2ef6b6a3a467b87dc336dc601dc2ed9 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26750 – af_unix: Drop oob_skb ref before purging queue in GC.
https://notcve.org/view.php?id=CVE-2024-26750
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Drop oob_skb ref before purging queue in GC. syzbot reported another task hung in __unix_gc(). [0] The current while loop assumes that all of the left candidates have oob_skb and calling kfree_skb(oob_skb) releases the remaining candidates. However, I missed a case that oob_skb has self-referencing fd and another fd and the latter sk is placed before the former in the candidate list. Then, the while loop never proceeds, resulting t... • https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26745 – powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
https://notcve.org/view.php?id=CVE-2024-26745
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics due to NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc000000020847ad4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA ... • https://git.kernel.org/stable/c/b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26779 – wifi: mac80211: fix race condition on enabling fast-xmit
https://notcve.org/view.php?id=CVE-2024-26779
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wi... • https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26778 – fbdev: savage: Error out if pixclock equals zero
https://notcve.org/view.php?id=CVE-2024-26778
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used ... • https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1 •