CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35909 – net: wwan: t7xx: Split 64bit accesses to fix alignment issues
https://notcve.org/view.php?id=CVE-2024-35909
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Split 64bit accesses to fix alignment issues Some of the registers are aligned on a 32bit boundary, causing alignment faults on 64bit platforms. Unable to handle kernel paging request at virtual address ffffffc084a1d004 Mem abort info: ESR = 0x0000000096000061 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x21: alignment fault Data abort info: ISV = 0, ISS = 0x00000061, ISS2 = 0x0000000... • https://git.kernel.org/stable/c/39d439047f1dc88f98b755d6f3a53a4ef8f0de21 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35908 – tls: get psock ref after taking rxlock to avoid leak
https://notcve.org/view.php?id=CVE-2024-35908
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tls: get psock ref after taking rxlock to avoid leak At the start of tls_sw_recvmsg, we take a reference on the psock, and then call tls_rx_reader_lock. If that fails, we return directly without releasing the reference. Instead of adding a new label, just take the reference after locking has succeeded, since we don't need it before. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: tls: obtenga referencia de psock después de t... • https://git.kernel.org/stable/c/4cbc325ed6b4dce4910be06d9d6940a8b919c59b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35907 – mlxbf_gige: call request_irq() after NAPI initialized
https://notcve.org/view.php?id=CVE-2024-35907
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxbf_gige: call request_irq() after NAPI initialized The mlxbf_gige driver encounters a NULL pointer exception in mlxbf_gige_open() when kdump is enabled. The sequence to reproduce the exception is as follows: a) enable kdump b) trigger kdump via "echo c > /proc/sysrq-trigger" c) kdump kernel executes d) kdump kernel loads mlxbf_gige module e) the mlxbf_gige module runs its open() as the the "oob_net0" interface is brought up f) mlxbf_gige... • https://git.kernel.org/stable/c/f92e1869d74e1acc6551256eb084a1c14a054e19 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35905 – bpf: Protect against int overflow for stack access size
https://notcve.org/view.php?id=CVE-2024-35905
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflowing its signed int representation. This should not actually happen, as there are other protections along the way, but we should protect against it anyway. One code path was missing such protections (fixed in the previous patch in the ... • https://git.kernel.org/stable/c/afea95d319ccb4ad2060dece9ac5e2e364dec543 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35904 – selinux: avoid dereference of garbage after mount failure
https://notcve.org/view.php?id=CVE-2024-35904
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: selinux: avoid dereference of garbage after mount failure In case kern_mount() fails and returns an error pointer return in the error branch instead of continuing and dereferencing the error pointer. While on it drop the never read static variable selinuxfs_mount. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: selinux: evita la desreferenciación de basura después de un error de montaje En caso de que kern_mount() falle y... • https://git.kernel.org/stable/c/0619f0f5e36f12e100ef294f5980cfe7c93ff23e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35903 – x86/bpf: Fix IP after emitting call depth accounting
https://notcve.org/view.php?id=CVE-2024-35903
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/bpf: Fix IP after emitting call depth accounting Adjust the IP passed to `emit_patch` so it calculates the correct offset for the CALL instruction if `x86_call_depth_emit_accounting` emits code. Otherwise we will skip some instructions and most likely crash. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: x86/bpf: corrige la IP después de emitir la contabilidad de profundidad de llamadas. Ajuste la IP pasada a `emit_patc... • https://git.kernel.org/stable/c/b2e9dfe54be4d023124d588d6f03d16a9c0d2507 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-35902 – net/rds: fix possible cp null dereference
https://notcve.org/view.php?id=CVE-2024-35902
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() - rds_get_mr() - rds_get_mr_for_dest * Prior to the code above, the following assumes that cp may be NULL (which is indicative, but could itself be unnecessary) trans_pri... • https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35901 – net: mana: Fix Rx DMA datasize and skb_over_panic
https://notcve.org/view.php?id=CVE-2024-35901
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix Rx DMA datasize and skb_over_panic mana_get_rxbuf_cfg() aligns the RX buffer's DMA datasize to be multiple of 64. So a packet slightly bigger than mtu+14, say 1536, can be received and cause skb_over_panic. Sample dmesg: [ 5325.237162] skbuff: skb_over_panic: text:ffffffffc043277a len:1536 put:1536 head:ff1100018b517000 data:ff1100018b517100 tail:0x700 end:0x6ea dev:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35900 – netfilter: nf_tables: reject new basechain after table flag update
https://notcve.org/view.php?id=CVE-2024-35900
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table (existing and new). The following configuration allows for an inconsistent state: add table x add chain x y { type filter hook input priority 0; } add table x { flags dormant; } add chain x w { type filter hook input priority 1; } which triggers the following warnin... • https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87 •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35899 – netfilter: nf_tables: flush pending destroy work before exit_net release
https://notcve.org/view.php?id=CVE-2024-35899
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net and the destroy workqueue. The trace below shows an element to be released via destroy workqueue while exit_net path (triggered via module removal) has already released the set that is used in such transaction. [ 1360.547789] BUG: KASA... • https://git.kernel.org/stable/c/0935d558840099b3679c67bb7468dc78fcbad940 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •