CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-40910 – ax25: Fix refcount imbalance on inbound connections
https://notcve.org/view.php?id=CVE-2024-40910
12 Jul 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/9fd75b66b8f68498454d685dc4ba13192ae069b0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40909 – bpf: Fix a potential use-after-free in bpf_link_free()
https://notcve.org/view.php?id=CVE-2024-40909
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-free as reported by syzbot. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->o... • https://git.kernel.org/stable/c/876941f533e7b47fc69977fc4551c02f2d18af97 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40906 – net/mlx5: Always stop health timer during driver removal
https://notcve.org/view.php?id=CVE-2024-40906
12 Jul 2024 — cpuidle_enter_state+0xbd/0x440 cpuidle_enter+0x2d/0x40 do_idle+0x20d/0x270 cpu_startup_entry+0x2a/0x30 rest_init+0xd0/0xd0 arch_call_rest_init+0xe/0x30 start_kernel+0x709/0xa90 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x96/0xa0 secondary_startup_64_no_verify+0x18f/0x19b ---[ end trace 0000000000000000 ]--- In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Always stop health timer during driver removal Currently, if teardown_hca fails to execute during driver... • https://git.kernel.org/stable/c/9b98d395b85dd042fe83fb696b1ac02e6c93a520 • CWE-416: Use After Free •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40905 – ipv6: fix possible race in __fib6_drop_pcpu_from()
https://notcve.org/view.php?id=CVE-2024-40905
12 Jul 2024 — [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097] CPU: 0 PID: 7543 Comm: kworker/u8:17 Not tainted 6.10.0-rc1-syzkaller-00013-g2bfcfd584ff5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: netns cleanup_net RIP: 0010:__fib6_drop_pcpu_from.part.0+0x10a/0x370 net/ipv6/ip6_fib.c:984 Code: f8 48 c1 e8 03 80 3... • https://git.kernel.org/stable/c/d52d3997f843ffefaa8d8462790ffcaca6c74192 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40904 – USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages
https://notcve.org/view.php?id=CVE-2024-40904
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/9908a32e94de2141463e104c9924279ed3509447 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40903 – usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps
https://notcve.org/view.php?id=CVE-2024-40903
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/cfcd544a9974c6b6fb37ca385146e4796dcaf66d • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40900 – cachefiles: remove requests from xarray during flushing requests
https://notcve.org/view.php?id=CVE-2024-40900
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40899 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
https://notcve.org/view.php?id=CVE-2024-40899
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/e73fa11a356ca0905c3cc648eaacc6f0f2d2c8b3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39510 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
https://notcve.org/view.php?id=CVE-2024-39510
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0a7e54c1959c0feb2de23397ec09c7692364313e •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39508 – io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
https://notcve.org/view.php?id=CVE-2024-39508
12 Jul 2024 — To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. ... To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. ... A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0 • CWE-364: Signal Handler Race Condition •