CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26726 – btrfs: don't drop extent_map for free space inode on write error
https://notcve.org/view.php?id=CVE-2024-26726
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. assertion failed: block_start != EXTENT_MAP_HOLE, in fs/btrfs/extent_io.c:1385 ------------[ cut here ]------------ kernel BUG at fs/btrfs/extent_io.c:1385! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 2695096 Comm: fsstress Kdump: loaded Tainted: G W 6... • https://git.kernel.org/stable/c/02f2b95b00bf57d20320ee168b30fb7f3db8e555 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26725 – dpll: fix possible deadlock during netlink dump operation
https://notcve.org/view.php?id=CVE-2024-26725
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dpll: fix possible deadlock during netlink dump operation Recently, I've been hitting following deadlock warning during dpll pin dump: [52804.637962] ====================================================== [52804.638536] WARNING: possible circular locking dependency detected [52804.639111] 6.8.0-rc2jiri+ #1 Not tainted [52804.639529] ------------------------------------------------------ [52804.640104] python3/2984 is trying to acquire lock:... • https://git.kernel.org/stable/c/9d71b54b65b1fb6c0d3a6c5c88ba9b915c783fbc • CWE-833: Deadlock •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26724 – net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
https://notcve.org/view.php?id=CVE-2024-26724
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers I managed to hit following use after free warning recently: [ 2169.711665] ================================================================== [ 2169.714009] BUG: KASAN: slab-use-after-free in __run_timers.part.0+0x179/0x4c0 [ 2169.716293] Write of size 8 at addr ffff88812b326a70 by task swapper/4/0 [ 2169.719022] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 6.8.0-rc2... • https://git.kernel.org/stable/c/496fd0a26bbf73b6b12407ee4fbe5ff49d659a6d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26723 – lan966x: Fix crash when adding interface under a lag
https://notcve.org/view.php?id=CVE-2024-26723
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a lag interface. The issue can be reproduced like this: ip link add name bond0 type bond miimon 100 mode balance-xor ip link set dev eth0 master bond0 The reason is because when adding a interface under the lag it would go through all the ports and try to figure out which other ports are under that lag interface. And the iss... • https://git.kernel.org/stable/c/cabc9d49333df72fe0f6d58bdcf9057ba341e701 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26722 – ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
https://notcve.org/view.php?id=CVE-2024-26722
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() There is a path in rt5645_jack_detect_work(), where rt5645->jd_mutex is left locked forever. That may lead to deadlock when rt5645_jack_detect_work() is called for the second time. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: rt5645: corrige el punto muerto en rt5645_jack_detect_work() Hay una... • https://git.kernel.org/stable/c/48ce529c83522944f116f03884819051f44f0fb6 •
CVSS: 2.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26721 – drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
https://notcve.org/view.php?id=CVE-2024-26721
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPS register") defines a new macro to calculate the DSC PPS register addresses with PPS number as an input. This macro correctly calculates the addresses till PPS 11 since the addresses increment by 4. So in that case the following macro works correctly to give correct register address: _MMIO(_DSCA_PPS_0 + (p... • https://git.kernel.org/stable/c/bd077259d0a9c9bf453e7e9751bf41f1996e6585 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26719 – nouveau: offload fence uevents work to workqueue
https://notcve.org/view.php?id=CVE-2024-26719
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau: offload fence uevents work to workqueue This should break the deadlock between the fctx lock and the irq lock. This offloads the processing off the work from the irq into a workqueue. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nuevo: descargar valla uevents work to workqueue Esto debería romper el punto muerto entre el bloqueo fctx y el bloqueo irq. Esto descarga el procesamiento del trabajo del irq a una co... • https://git.kernel.org/stable/c/cc0037fa592d56e4abb9c7d1c52c4d2dc25cd906 • CWE-833: Deadlock •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26718 – dm-crypt, dm-verity: disable tasklets
https://notcve.org/view.php?id=CVE-2024-26718
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dm-crypt, dm-verity: disable tasklets Tasklets have an inherent problem with memory corruption. The function tasklet_action_common calls tasklet_trylock, then it calls the tasklet callback and then it calls tasklet_unlock. If the tasklet callback frees the structure that contains the tasklet or if it calls some code that may free it, tasklet_unlock will write into free memory. The commits 8e14f610159d and d9a02e016aaf try to fix it for dm-c... • https://git.kernel.org/stable/c/39d42fa96ba1b7d2544db3f8ed5da8fb0d5cb877 •
CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26717 – HID: i2c-hid-of: fix NULL-deref on failed power up
https://notcve.org/view.php?id=CVE-2024-26717
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid-of: fix NULL-deref on failed power up A while back the I2C HID implementation was split in an ACPI and OF part, but the new OF driver never initialises the client pointer which is dereferenced on power-up failures. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: HID: i2c-hid-of: corrige NULL-deref en caso de encendido fallido Hace un tiempo, la implementación de I2C HID se dividió en una parte ACPI y OF, pero el... • https://git.kernel.org/stable/c/b33752c300232d7f95dd9a4353947d0c9e6a0e52 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26716 – usb: core: Prevent null pointer dereference in update_port_device_state
https://notcve.org/view.php?id=CVE-2024-26716
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: core: Prevent null pointer dereference in update_port_device_state Currently, the function update_port_device_state gets the usb_hub from udev->parent by calling usb_hub_to_struct_hub. However, in case the actconfig or the maxchild is 0, the usb_hub would be NULL and upon further accessing to get port_dev would result in null pointer dereference. Fix this by introducing an if check after the usb_hub is populated. En el kernel de Linux,... • https://git.kernel.org/stable/c/83cb2604f641cecadc275ca18adbba4bf262320f •