CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2021-47222 – net: bridge: fix vlan tunnel dst refcnt when egressing
https://notcve.org/view.php?id=CVE-2021-47222
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dst_clone() and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It also triggers the WARN_ON() in dst_hold()[1] when a refcnt couldn't be taken. Fix it by using dst_hold_safe() and checking if a reference was actually taken before setting the dst. [1] dmesg WARN_ON log and fol... • https://git.kernel.org/stable/c/11538d039ac6efcf4f1a6c536e1b87cd3668a9fd •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-47221 – mm/slub: actually fix freelist pointer vs redzoning
https://notcve.org/view.php?id=CVE-2021-47221
21 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: actually fix freelist pointer vs redzoning It turns out that SLUB redzoning ("slub_debug=Z") checks from s->object_size rather than from s->inuse (which is normally bumped to make room for the freelist pointer), so a cache created with an object size less than 24 would have the freelist pointer written beyond s->object_size, causing the redzone to be corrupted by the freelist pointer. This was very visible with "slub_debug=ZF": ... • https://git.kernel.org/stable/c/89b83f282d8ba380cf2124f88106c57df49c538c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36009 – ax25: Fix netdev refcount issue
https://notcve.org/view.php?id=CVE-2024-36009
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tracker of ax25_cb should be deallocated in ax25_kill_by_device() instead of the dev_tracker of ax25_dev. The log reported by ref_tracker is shown below: [ 80.884935] ref_tracker: reference already released. [ 80.885150] ref_tracker: allocated in: [ 80.885349] ax25_dev_device_up+0x105/0x540 [ 80.885730] ... • https://git.kernel.org/stable/c/feef318c855a361a1eccd880f33e88c460eb63b4 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36008 – ipv4: check for NULL idev in ip_route_use_hint()
https://notcve.org/view.php?id=CVE-2024-36008
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu() must be checked for a NULL result. [1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 2 PID: 3257 Co... • https://git.kernel.org/stable/c/02b24941619fcce3d280311ac73b1e461552e9c8 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36007 – mlxsw: spectrum_acl_tcam: Fix warning during rehash
https://notcve.org/view.php?id=CVE-2024-36007
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. When the work runs out of credits it stores the current chunk and entry as markers in the per-work context so that it would know where to resume the... • https://git.kernel.org/stable/c/6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36006 – mlxsw: spectrum_acl_tcam: Fix incorrect list API usage
https://notcve.org/view.php?id=CVE-2024-36006
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorrect usage of the API, which leads to the following warning [1]. Fix by returning if the lists are empty as there is nothing to migrate in this case. [1... • https://git.kernel.org/stable/c/6f9579d4e3021b17b0a4cde6b04a6c94c9575cdf •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36005 – netfilter: nf_tables: honor table dormant flag from netdev release event path
https://notcve.org/view.php?id=CVE-2024-36005
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999] ------------[ cut here ]------------ [524854.858010] WARNING: CPU: 0 PID: 3386599 at net/netfilter/core.c:501 __nf_unregister_net_hook+0x21a/0x260 [...] [524854.858848] CPU: 0 PID: 3386599 Comm: kworker/u32:2 Not tainted 6.9.0-rc3+ ... • https://git.kernel.org/stable/c/d54725cd11a57c30f650260cfb0a92c268bdc3e0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36004 – i40e: Do not use WQ_MEM_RECLAIM flag for workqueue
https://notcve.org/view.php?id=CVE-2024-36004
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue Issue reported by customer during SRIOV testing, call trace: When both i40e and the i40iw driver are loaded, a warning in check_flush_dependency is being triggered. This seems to be because of the i40e driver workqueue is allocated with the WQ_MEM_RECLAIM flag, and the i40iw one is not. Similar error was encountered on ice too and it was fixed by removing the flag. Do the same for i40e t... • https://git.kernel.org/stable/c/4d5957cbdecdbb77d24c1465caadd801c07afa4a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36003 – ice: fix LAG and VF lock dependency in ice_reset_vf()
https://notcve.org/view.php?id=CVE-2024-36003
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix LAG and VF lock dependency in ice_reset_vf() 9f74a3dfcf83 ("ice: Fix VF Reset paths when interface in a failed over aggregate"), the ice driver has acquired the LAG mutex in ice_reset_vf(). The commit placed this lock acquisition just prior to the acquisition of the VF configuration lock. If ice_reset_vf() acquires the configuration lock via the ICE_VF_RESET_LOCK flag, this could deadlock with ice_vc_cfg_qs_msg() because it alwa... • https://git.kernel.org/stable/c/fd7f7a8ad3363fd94fc3868616cc70a1d8dfc01b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36002 – dpll: fix dpll_pin_on_pin_register() for multiple parent pins
https://notcve.org/view.php?id=CVE-2024-36002
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dpll: fix dpll_pin_on_pin_register() for multiple parent pins In scenario where pin is registered with multiple parent pins via dpll_pin_on_pin_register(..), all belonging to the same dpll device. A second call to dpll_pin_on_pin_unregister(..) would cause a call trace, as it tries to use already released registration resources (due to fix introduced in b446631f355e). In this scenario pin was registered twice, so resources are not yet exp... • https://git.kernel.org/stable/c/b27e32e9367dac024cd6f61f22655714f483fd67 •