CVSS: 5.5EPSS: 0%CPEs: 17EXPL: 0CVE-2024-26920 – tracing/trigger: Fix to return error if failed to alloc snapshot
https://notcve.org/view.php?id=CVE-2024-26920
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register snapshot trigger without an error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rastreo/activador: Corrección para devolver error si no se pudo asignar la instantánea. Corrección de Register_snapshot_trigger() para de... • https://git.kernel.org/stable/c/57f2a2ad73e99a7594515848f4da987326a15981 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26919 – usb: ulpi: Fix debugfs directory leak
https://notcve.org/view.php?id=CVE-2024-26919
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpi_unregister_interface tries to remove a debugfs directory named after the ulpi device itself. This results in the directory sticking around and preventing subsequent (deferred) probes from succeeding. Change the directory name to match the ulpi device. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: ul... • https://git.kernel.org/stable/c/bd0a0a024f2a41e7cc8eadb9862f82c45884b69c •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-26917 – scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
https://notcve.org/view.php?id=CVE-2024-26917
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" This reverts commit 1a1975551943f681772720f639ff42fbaa746212. This commit causes interrupts to be lost for FCoE devices, since it changed sping locks from "bh" to "irqsave". Instead, a work queue should be used, and will be addressed in a separate commit. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: Revertir "scsi: fcoe: Reparar posible punto muert... • https://git.kernel.org/stable/c/264eae2f523d2aae38188facb4ece893023f25da •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26916 – Revert "drm/amd: flush any delayed gfxoff on suspend entry"
https://notcve.org/view.php?id=CVE-2024-26916
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: flush any delayed gfxoff on suspend entry" commit ab4750332dbe ("drm/amdgpu/sdma5.2: add begin/end_use ring callbacks") caused GFXOFF control to be used more heavily and the codepath that was removed from commit 0dee72639533 ("drm/amd: flush any delayed gfxoff on suspend entry") now can be exercised at suspend again. Users report that by using GNOME to suspend the lockscreen trigger will cause SDMA traffic and the system ca... • https://git.kernel.org/stable/c/f94942885e8416ce9de84d8fae93684002682b5d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26915 – drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
https://notcve.org/view.php?id=CVE-2024-26915
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit Allows us to detect subsequent IH ring buffer overflows as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Restablecer el bit IH OVERFLOW_CLEAR También nos permite detectar desbordamientos posteriores del búfer en anillo IH. A flaw was found in the Linux kernel. The IH OVERFLOW_CLEAR bit was not reset. • https://git.kernel.org/stable/c/9a9d00c23d170d4ef5a1b28e6b69f5c85dd12bc1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26914 – drm/amd/display: fix incorrect mpc_combine array size
https://notcve.org/view.php?id=CVE-2024-26914
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix incorrect mpc_combine array size [why] MAX_SURFACES is per stream, while MAX_PLANES is per asic. The mpc_combine is an array that records all the planes per asic. Therefore MAX_PLANES should be used as the array size. Using MAX_SURFACES causes array overflow when there are more than 3 planes. [how] Use the MAX_PLANES for the mpc_combine array size. • https://git.kernel.org/stable/c/0bd8ef618a42d7e6ea3f701065264e15678025e3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26913 – drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
https://notcve.org/view.php?id=CVE-2024-26913
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue [why] odm calculation is missing for pipe split policy determination and cause Underflow/Corruption issue. [how] Add the odm calculation. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: solucione el problema de corrupción/desbordamiento de dcn35 8k30 [por qué] falta el cálculo de odm para la determinación de la política de división de tuberías y caus... • https://git.kernel.org/stable/c/cdbe0be8874c63bca85b8c38e5b1eecbdd18df31 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26910 – netfilter: ipset: fix performance regression in swap operation
https://notcve.org/view.php?id=CVE-2024-26910
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix performance regression in swap operation The patch "netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test", commit 28628fa9 fixes a race condition. But the synchronize_rcu() added to the swap function unnecessarily slows it down: it can safely be moved to destroy and use call_rcu() instead. Eric Dumazet pointed out that simply calling the destroy functions as rcu callback does not work:... • https://git.kernel.org/stable/c/427deb5ba5661c4ae1cfb35955d2e01bd5f3090a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52645 – pmdomain: mediatek: fix race conditions with genpd
https://notcve.org/view.php?id=CVE-2023-52645
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix race conditions with genpd If the power domains are registered first with genpd and *after that* the driver attempts to power them on in the probe sequence, then it is possible that a race condition occurs if genpd tries to power them on in the same time. The same is valid for powering them off before unregistering them from genpd. Attempt to fix race conditions by first removing the domains from genpd and *after tha... • https://git.kernel.org/stable/c/59b644b01cf48d6042f3c5983d464921a4920845 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26907 – RDMA/mlx5: Fix fortify source warning while accessing Eth segment
https://notcve.org/view.php?id=CVE-2024-26907
17 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix fortify source warning while accessing Eth segment ------------[ cut here ]------------ memcpy: detected field-spanning write (size 56) of single field "eseg->inline_hdr.start" at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 (size 2) WARNING: CPU: 0 PID: 293779 at /var/lib/dkms/mlnx-ofed-kernel/5.8/build/drivers/infiniband/hw/mlx5/wr.c:131 mlx5_ib_post_send+0x191b/0x1a60 [mlx5_ib] Modules linke... • https://git.kernel.org/stable/c/d27c48dc309da72c3b46351a1205d89687272baa • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-416: Use After Free •