CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26791 – btrfs: dev-replace: properly validate device names
https://notcve.org/view.php?id=CVE-2024-26791
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper that validates both source and target device name buffers. For devid as the source initialize the buffer to empty string in case something tries to read it later. This was originally analyzed and ... • https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26790 – dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
https://notcve.org/view.php?id=CVE-2024-26790
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC (Network On-Chip), causing a deadlock condition. Stalled transactions will trigger completion timeouts in PCIe controller. Workaround: Enable prefetch by setting the source descriptor prefetchable bit ( SD[PF] = 1 ).... • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26789 – crypto: arm64/neonbs - fix out-of-bounds access on short input
https://notcve.org/view.php?id=CVE-2024-26789
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in granules of 16 bytes (the size of a NEON register). For this reason, the associated plain NEON gl... • https://git.kernel.org/stable/c/fc074e130051015e39245a4241956ff122e2f465 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26788 – dmaengine: fsl-qdma: init irq after reg initialization
https://notcve.org/view.php?id=CVE-2024-26788
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi... • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26787 – mmc: mmci: stm32: fix DMA API overlapping mappings warning
https://notcve.org/view.php?id=CVE-2024-26787
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board ... • https://git.kernel.org/stable/c/46b723dd867d599420fb640c0eaf2a866ef721d4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26783 – mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
https://notcve.org/view.php?id=CVE-2024-26783
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index With numa balancing on, when a numa system is running where a numa node doesn't have its local memory so it has no managed zones, the following oops has been observed. It's because wakeup_kswapd() is called with a wrong zone index, -1. Fixed it by checking the index before calling wakeup_kswapd(). > BUG: unable to handle page fault for address: 00000000000033f3 > #PF: supe... • https://git.kernel.org/stable/c/c574bbe917036c8968b984c82c7b13194fe5ce98 • CWE-762: Mismatched Memory Management Routines •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26782 – mptcp: fix double-free on socket dismantle
https://notcve.org/view.php?id=CVE-2024-26782
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix double-free on socket dismantle when MPTCP server accepts an incoming connection, it clones its listener socket. However, the pointer to 'inet_opt' for the new socket has the same value as the original one: as a consequence, on program exit it's possible to observe the following splat: BUG: KASAN: double-free in inet_sock_destruct+0x54f/0x8b0 Free of addr ffff888485950880 by task swapper/25/0 CPU: 25 PID: 0 Comm: swapper/25 Kdump... • https://git.kernel.org/stable/c/cf7da0d66cc1a2a19fc5930bb746ffbb2d4cd1be •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26781 – mptcp: fix possible deadlock in subflow diag
https://notcve.org/view.php?id=CVE-2024-26781
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/24141 is trying to acquire lock: ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_put_ulp net/ipv4/tcp_diag.c:100 [inline] ffff888045870130 (k-sk_lock-AF_INET6){+.+.}-{0:0}, at: tcp_diag_get_aux+0x... • https://git.kernel.org/stable/c/8affdbb3e2ef6b6a3a467b87dc336dc601dc2ed9 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26750 – af_unix: Drop oob_skb ref before purging queue in GC.
https://notcve.org/view.php?id=CVE-2024-26750
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Drop oob_skb ref before purging queue in GC. syzbot reported another task hung in __unix_gc(). [0] The current while loop assumes that all of the left candidates have oob_skb and calling kfree_skb(oob_skb) releases the remaining candidates. However, I missed a case that oob_skb has self-referencing fd and another fd and the latter sk is placed before the former in the candidate list. Then, the while loop never proceeds, resulting t... • https://git.kernel.org/stable/c/36f7371de977f805750748e80279be7e370df85c •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26745 – powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
https://notcve.org/view.php?id=CVE-2024-26745
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics due to NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc000000020847ad4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA ... • https://git.kernel.org/stable/c/b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d •