CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44942 – f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC
https://notcve.org/view.php?id=CVE-2024-44942
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inline.c:258! CPU: 1 PID: 34 Comm: kworker/u8:2 Not tainted 6.9.0-rc6-syzkaller-00012-g9e4bc4bcae01 #0 RIP: 0010:f2fs_write_inline_data+0x781/0x790 fs/f2fs/inline.c:258 Call Trace: f2fs_write_single_data_page+0xb65/0x1d60 fs/f2fs/data.c:2834 f2fs_write_cache_pages fs/f2fs/dat... • https://git.kernel.org/stable/c/ae00e6536a2dd54b64b39e9a39548870cf835745 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44941 – f2fs: fix to cover read extent cache access with lock
https://notcve.org/view.php?id=CVE-2024-44941
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to cover read extent cache access with lock syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in sanity_check_extent_cache+0x370/0x410 fs/f2fs/extent_cache.c:46 Read of size 4 at addr ffff8880739ab220 by task syz-executor200/5097 CPU: 0 PID: 5097 Comm: syz-executor200 Not tainted 6.9.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44940 – fou: remove warn in gue_gro_receive on unsupported protocol
https://notcve.org/view.php?id=CVE-2024-44940
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive ... • https://git.kernel.org/stable/c/b1453a5616c7bd8acd90633ceba4e59105ba3b51 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44939 – jfs: fix null ptr deref in dtInsertEntry
https://notcve.org/view.php?id=CVE-2024-44939
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEnt... • https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44938 – jfs: Fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2024-44938
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift expo... • https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44931 – gpio: prevent potential speculation leaks in gpio_device_get_desc()
https://notcve.org/view.php?id=CVE-2024-44931
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to... • https://git.kernel.org/stable/c/18504710442671b02d00e6db9804a0ad26c5a479 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43914 – md/raid5: avoid BUG_ON() while continue reshape after reassembling
https://notcve.org/view.php?id=CVE-2024-43914
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0... • https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43913 – nvme: apple: fix device reference counting
https://notcve.org/view.php?id=CVE-2024-43913
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ctrl after a successful nvme_init_ctrl. Split the allocation side out to make the error handling boundary easier to navigate. The apple driver had been doing this wrong, leaking the controller device memory on a tagset failure. In the Linux kernel, the following vulnerability has been resolved: nvme: apple: fix device reference counting Drivers must call nvme_uninit_ct... • https://git.kernel.org/stable/c/f7d9a18572fcd7130459b7691bd19ee2a2e951ad •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43912 – wifi: nl80211: disallow setting special AP channel widths
https://notcve.org/view.php?id=CVE-2024-43912
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz ch... • https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43911 – wifi: mac80211: fix NULL dereference at band check in starting tx ba session
https://notcve.org/view.php?id=CVE-2024-43911
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL dereference at band check in starting tx ba session In MLD connection, link_data/link_conf are dynamically allocated. They don't point to vif->bss_conf. So, there will be no chanreq assigned to vif->bss_conf and then the chan will be NULL. Tweak the code to check ht_supported/vht_supported/has_he/has_eht on sta deflink. Crash log (with rtw89 version under MLO development): [ 9890.526087] BUG: kernel NULL pointer der... • https://git.kernel.org/stable/c/0acaf4a5025d6dafb7da787d2d4c47ed95e46ed6 • CWE-476: NULL Pointer Dereference •