CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35849 – btrfs: fix information leak in btrfs_ioctl_logical_to_ino()
https://notcve.org/view.php?id=CVE-2024-35849
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:114 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_user+0xbc/0x110 lib/usercopy.c:40 instrument_copy_to_user include/linux/instrumented.h:114 [inline] _copy_to_user+0xbc/0x110 lib/usercopy.c:40 copy_to_user include... • https://git.kernel.org/stable/c/689efe22e9b5b7d9d523119a9a5c3c17107a0772 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35848 – eeprom: at24: fix memory corruption race condition
https://notcve.org/view.php?id=CVE-2024-35848
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the failure point before registering the nvmem device. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: eeprom: at24: corrige la condición de ejecución ... • https://git.kernel.org/stable/c/b20eb4c1f0261eebe6e1b9221c0d6e4048837778 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35847 – irqchip/gic-v3-its: Prevent double free on error
https://notcve.org/view.php?id=CVE-2024-35847
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double free on error The error handling path in its_vpe_irq_domain_alloc() causes a double free when its_vpe_init() fails after successfully allocating at least one interrupt. This happens because its_vpe_irq_domain_free() frees the interrupts along with the area bitmap and the vprop_page and its_vpe_irq_domain_alloc() subsequently frees the area bitmap and the vprop_page again. Fix this by unconditionally invoki... • https://git.kernel.org/stable/c/7d75bbb4bc1ad90386776459d37e4ddfe605671e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35846 – mm: zswap: fix shrinker NULL crash with cgroup_disable=memory
https://notcve.org/view.php?id=CVE-2024-35846
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix shrinker NULL crash with cgroup_disable=memory Christian reports a NULL deref in zswap that he bisected down to the zswap shrinker. The issue also cropped up in the bug trackers of libguestfs [1] and the Red Hat bugzilla [2]. The problem is that when memcg is disabled with the boot time flag, the zswap shrinker might get called with sc->memcg == NULL. This is okay in many places, like the lruvec operations. But it crashes in ... • https://git.kernel.org/stable/c/b5ba474f3f518701249598b35c581b92a3c95b48 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35845 – wifi: iwlwifi: dbg-tlv: ensure NUL termination
https://notcve.org/view.php?id=CVE-2024-35845
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: dbg-tlv: asegurar terminación NUL. El iwl_fw_ini_debug_info_tlv se usa como una cadena, por lo que debemos asegurarnos de que la cadena termine correctamente antes de usarla. In the Linux kernel... • https://git.kernel.org/stable/c/a9248de42464e546b624e3fc6a8b04b991af3591 • CWE-20: Improper Input Validation CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35844 – f2fs: compress: fix reserve_cblocks counting error when out of space
https://notcve.org/view.php?id=CVE-2024-35844
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apk unisoc #df -h | grep dm-48 /dev/block/dm-48 112G 112G 1.2M 100% /data unisoc # ./f2fs_io release_cblocks test.apk 924 unisoc # df -h | grep dm-48 /dev/block/dm-48 112G 112G 4.8M 100% /data unisoc # dd if=/dev/random of=fil... • https://git.kernel.org/stable/c/c75488fb4d82b697f381f855bf5b16779df440aa •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35843 – iommu/vt-d: Use device rbtree in iopf reporting path
https://notcve.org/view.php?id=CVE-2024-35843
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Use device rbtree in iopf reporting path The existing I/O page fault handler currently locates the PCI device by calling pci_get_domain_bus_and_slot(). This function searches the list of all PCI devices until the desired device is found. To improve lookup efficiency, replace it with device_rbtree_find() to search the device within the probed device rbtree. The I/O page fault is initiated by the device, which does not have any sy... • https://git.kernel.org/stable/c/3d39238991e745c5df85785604f037f35d9d1b15 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35842 – ASoC: mediatek: sof-common: Add NULL check for normal_link string
https://notcve.org/view.php?id=CVE-2024-35842
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: sof-common: Add NULL check for normal_link string It's not granted that all entries of struct sof_conn_stream declare a `normal_link` (a non-SOF, direct link) string, and this is the case for SoCs that support only SOF paths (hence do not support both direct and SOF usecases). For example, in the case of MT8188 there is no normal_link string in any of the sof_conn_stream entries and there will be more drivers doing that in t... • https://git.kernel.org/stable/c/0caf1120c58395108344d5df4e09359b67e95094 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35841 – net: tls, fix WARNIING in __sk_msg_free
https://notcve.org/view.php?id=CVE-2024-35841
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: tls, fix WARNIING in __sk_msg_free A splice with MSG_SPLICE_PAGES will cause tls code to use the tls_sw_sendmsg_splice path in the TLS sendmsg code to move the user provided pages from the msg into the msg_pl. This will loop over the msg until msg_pl is full, checked by sk_msg_full(msg_pl). The user can also set the MORE flag to hint stack to delay sending until receiving more pages and ideally a full buffer. If the user adds more page... • https://git.kernel.org/stable/c/fe1e81d4f73b6cbaed4fcc476960d26770642842 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35840 – mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()
https://notcve.org/view.php?id=CVE-2024-35840
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() subflow_finish_connect() uses four fields (backup, join_id, thmac, none) that may contain garbage unless OPTION_MPTCP_MPJ_SYNACK has been set in mptcp_parse_option() En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: use OPTION_MPTCP_MPJ_SYNACK en subflow_finish_connect() subflow_finish_connect() usa cuatro campos (backup, join_id, thmac, none) que pueden ... • https://git.kernel.org/stable/c/f296234c98a8fcec94eec80304a873f635d350ea •