CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26667 – drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup
https://notcve.org/view.php?id=CVE-2024-26667
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another conditional block in dpu_encoder_helper_phys_cleanup() which had assumed hw_pp will always be valid which may not necessarily be true. Lets fix the other conditional block by making sure hw_pp is valid before dereferencing it. Patchwork... • https://git.kernel.org/stable/c/ae4d721ce10057a4aa9f0d253e0d460518a9ef75 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26666 – wifi: mac80211: fix RCU use in TDLS fast-xmit
https://notcve.org/view.php?id=CVE-2024-26666
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix RCU use in TDLS fast-xmit This looks up the link under RCU protection, but isn't guaranteed to actually have protection. Fix that. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: mac80211: corrige el uso de RCU en TDLS fast-xmit Esto busca el enlace bajo protección de RCU, pero no se garantiza que realmente tenga protección. Arregla eso. In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/8cc07265b69141f8ed9597d0f27185239c241c80 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26665 – tunnels: fix out of bounds access when building IPv6 PMTU error
https://notcve.org/view.php?id=CVE-2024-26665
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tunnels: fix out of bounds access when building IPv6 PMTU error If the ICMPv6 error is built from a non-linear skb we get the following splat, BUG: KASAN: slab-out-of-bounds in do_csum+0x220/0x240 Read of size 4 at addr ffff88811d402c80 by task netperf/820 CPU: 0 PID: 820 Comm: netperf Not tainted 6.8.0-rc1+ #543 ... kasan_report+0xd8/0x110 do_csum+0x220/0x240 csum_partial+0xc/0x20 skb_tunnel_check_pmtu+0xeb9/0x3280 vxlan_xmit_one+0x14c2/0x... • https://git.kernel.org/stable/c/4cb47a8644cc9eb8ec81190a50e79e6530d0297f • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26664 – hwmon: (coretemp) Fix out-of-bounds memory access
https://notcve.org/view.php?id=CVE-2024-26664
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Fix out-of-bounds memory access Fix a bug that pdata->cpu_map[] is set before out-of-bounds check. The problem might be triggered on systems with more than 128 cores per package. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: hwmon: (coretemp) Arreglar el acceso a memoria fuera de los límites Arreglar un error que pdata->cpu_map[] está configurado antes de la verificación de los límites. El problema pod... • https://git.kernel.org/stable/c/4f9dcadc55c21b39b072bb0882362c7edc4340bc • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26663 – tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()
https://notcve.org/view.php?id=CVE-2024-26663
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26662 – drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'
https://notcve.org/view.php?id=CVE-2024-26662
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' 'panel_cntl' structure used to control the display panel could be null, dereferencing it could lead to a null pointer access. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn21/dcn21_hwseq.c:269 dcn21_set_backlight_level() error: we previously assumed 'panel_cntl' could be null (see line 250) En el kernel de Linux, se ha resuelto la siguiente ... • https://git.kernel.org/stable/c/474ac4a875ca6fea3fc5183d3ad22ef7523dca53 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26661 – drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'
https://notcve.org/view.php?id=CVE-2024-26661
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg is not NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregue prueba NULL para 'generador de sincronización' en 'dcn21_set_pipe()' en "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pi... • https://git.kernel.org/stable/c/474ac4a875ca6fea3fc5183d3ad22ef7523dca53 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26660 – drm/amd/display: Implement bounds check for stream encoder creation in DCN301
https://notcve.org/view.php?id=CVE-2024-26660
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, corresponding to the four calls to stream_enc_regs() in the array initializer. This means that valid indices for this array are 0, 1, 2, and 3. The error message 'stream_enc_regs' 4 <= 5 below, is indicating that there is an attempt to access ... • https://git.kernel.org/stable/c/3a83e4e64bb1522ddac67ffc787d1c38291e1a65 • CWE-125: Out-of-bounds Read •
CVSS: 6.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26659 – xhci: handle isoc Babble and Buffer Overrun events properly
https://notcve.org/view.php?id=CVE-2024-26659
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet the driver makes such assumption and releases the TD, allowing the remaining TRBs to be freed or overwritten by new TDs. The xHC should also report completion of the final TRB due to its IOC flag being set by us, regardless of prior e... • https://git.kernel.org/stable/c/696e4112e5c1ee61996198f0ebb6ca3fab55166e • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26658 – bcachefs: grab s_umount only if snapshotting
https://notcve.org/view.php?id=CVE-2024-26658
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: bcachefs: grab s_umount only if snapshotting When I was testing mongodb over bcachefs with compression, there is a lockdep warning when snapshotting mongodb data volume. $ cat test.sh prog=bcachefs $prog subvolume create /mnt/data $prog subvolume create /mnt/data/snapshots while true;do $prog subvolume snapshot /mnt/data /mnt/data/snapshots/$(date +%s) sleep 1s done $ cat /etc/mongodb.conf systemLog: destination: file logAppend: true path: ... • https://git.kernel.org/stable/c/1c6fdbd8f2465ddfb73a01ec620cbf3d14044e1a •