CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45008 – Input: MT - limit max slots
https://notcve.org/view.php?id=CVE-2024-45008
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI... • https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45007 – char: xillybus: Don't destroy workqueue from work item running on it
https://notcve.org/view.php?id=CVE-2024-45007
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance. In the Linux kernel, the following vulnerability ... • https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44977 – drm/amdgpu: Validate TA binary size
https://notcve.org/view.php?id=CVE-2024-44977
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442) Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in ... • https://git.kernel.org/stable/c/5ab8793b9a6cc059f503cbe6fe596f80765e0f19 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44972 – btrfs: do not clear page dirty inside extent_write_locked_range()
https://notcve.org/view.php?id=CVE-2024-44972
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not clear page dirty inside extent_write_locked_range() [BUG] For subpage + zoned case, the following workload can lead to rsv data leak at unmount time: # mkfs.btrfs -f -s 4k $dev # mount $dev $mnt # fsstress -w -n 8 -d $mnt -s 1709539240 0/0: fiemap - no filename 0/1: copyrange read - no filename 0/2: write - no filename 0/3: rename - no source filename 0/4: creat f0 x:0 0 0 0/4: creat add id=0,parent=-1 0/5: writev f0[259 1 0 0... • https://git.kernel.org/stable/c/ba4dedb71356638d8284e34724daca944be70368 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44970 – net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
https://notcve.org/view.php?id=CVE-2024-44970
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides wi... • https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44969 – s390/sclp: Prevent release of buffer in I/O
https://notcve.org/view.php?id=CVE-2024-44969
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. ... • https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44963 – btrfs: do not BUG_ON() when freeing tree block after error
https://notcve.org/view.php?id=CVE-2024-44963
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). The error most likely to happen is -ENOMEM, and we have a comment mentioning that only -ENOMEM can happen, but that is not true, because in case qgroups are enabled any error returned from btrfs_qgroup_trace_extent_post() (can be -EUCLE... • https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44961 – drm/amdgpu: Forward soft recovery errors to userspace
https://notcve.org/view.php?id=CVE-2024-44961
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ (cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01) In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44957 – xen: privcmd: Switch from mutex to spinlock for irqfds
https://notcve.org/view.php?id=CVE-2024-44957
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can't use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock. In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wak... • https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44955 – drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute
https://notcve.org/view.php?id=CVE-2024-44955
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute [Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference. It's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When commit new state which directly referring to info stored in dc_sink will cause null pointer dereference. [how] Remove redundant checking condition. Relevant condition should already be covered b... • https://git.kernel.org/stable/c/c7e65cab54a89f4df54110f0b44c4ade93d1a911 •