CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources
https://notcve.org/view.php?id=CVE-2024-53150
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. • https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd https://git.kernel.org/stable/c/45a92cbc88e4013bfed7fd2ccab3ade45f8e896b https://git.kernel.org/stable/c/ab011f7439d9bbfd34fd3b9cef4b2d6d952c9bb9 https://git.kernel.org/stable/c/da13ade87a12dd58829278bc816a61bea06a56a9 https://git.kernel.org/stable/c/74cb86e1006c5437b1d90084d22018da30fddc77 https://git.kernel.org/stable/c/ea0fa76f61cf8e932d1d26e6193513230816e11d https://git.kernel.org/stable/c/096bb5b43edf755bc4477e64004fa3a20539ec2f https://git.kernel.org/stable/c/a3dd4d63eeb452cfb064a13862fb376ab •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53148 – comedi: Flush partial mappings in error case
https://notcve.org/view.php?id=CVE-2024-53148
In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case"). • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 https://git.kernel.org/stable/c/57f048c2d205b85e34282a9b0b0ae177e84c2f44 https://git.kernel.org/stable/c/b9322408d83accc8b96322bc7356593206288c56 https://git.kernel.org/stable/c/8797b7712de704dc231f9e821d8eb3b9aeb3a032 https://git.kernel.org/stable/c/16c507df509113c037cdc0ba642b9ab3389bd26c https://git.kernel.org/stable/c/9b07fb464eb69a752406e78e62ab3a60bfa7b00d https://git.kernel.org/stable/c/c6963a06ce5c61d3238751ada04ee1569663a828 https://git.kernel.org/stable/c/297f14fbb81895f4ccdb0ad25d196786d •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-53147 – exfat: fix out-of-bounds access of directory entries
https://notcve.org/view.php?id=CVE-2024-53147
In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty. • https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c https://git.kernel.org/stable/c/3ddd1cb2b458ff6a193bc845f408dfff217db29e https://git.kernel.org/stable/c/184fa506e392eb78364d9283c961217ff2c0617b •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2024-53146 – NFSD: Prevent a potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53146
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. • https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8 https://git.kernel.org/stable/c/90adbae9dd158da8331d9fdd32077bd1af04f553 https://git.kernel.org/stable/c/3c5f545c9a1f8a1869246f6f3ae8c17289d6a841 https://git.kernel.org/stable/c/842f1c27a1aef5367e535f9e85c8c3b06352151a https://git.kernel.org/stable/c/de53c5305184ca1333b87e695d329d1502d694ce https://git.kernel.org/stable/c/dde654cad08fdaac370febb161ec41eb58e9d2a2 https://git.kernel.org/stable/c/084f797dbc7e52209a4ab6dbc7f0109268754eb9 https://git.kernel.org/stable/c/ccd3394f9a7200d6b088553bf38e68862 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53145 – um: Fix potential integer overflow during physmem setup
https://notcve.org/view.php?id=CVE-2024-53145
In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. • https://git.kernel.org/stable/c/fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2 https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3 https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db •