CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35796 – net: ll_temac: platform_get_resource replaced by wrong function
https://notcve.org/view.php?id=CVE-2024-35796
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in platform_get_resource_byname in the call stack, where it causes a null pointer in strcmp. if (type == resource_type(r) && !strcmp(r->name, name)) It should have been replaced with devm_platform_ioremap_resource. En el kernel de Lin... • https://git.kernel.org/stable/c/bd69058f50d5ffa659423bcfa6fe6280ce9c760a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35795 – drm/amdgpu: fix deadlock while reading mqd from debugfs
https://notcve.org/view.php?id=CVE-2024-35795
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix deadlock while reading mqd from debugfs An errant disk backup on my desktop got into debugfs and triggered the following deadlock scenario in the amdgpu debugfs files. The machine also hard-resets immediately after those lines are printed (although I wasn't able to reproduce that part when reading by hand): [ 1318.016074][ T1082] ====================================================== [ 1318.016607][ T1082] WARNING: possible ... • https://git.kernel.org/stable/c/445d85e3c1dfd8c45b24be6f1527f1e117256d0e • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35794 – dm-raid: really frozen sync_thread during suspend
https://notcve.org/view.php?id=CVE-2024-35794
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dm-raid: really frozen sync_thread during suspend 1) commit f52f5c71f3d4 ("md: fix stopping sync thread") remove MD_RECOVERY_FROZEN from __md_stop_writes() and doesn't realize that dm-raid relies on __md_stop_writes() to frozen sync_thread indirectly. Fix this problem by adding MD_RECOVERY_FROZEN in md_stop_writes(), and since stop_sync_thread() is only used for dm-raid in this case, also move stop_sync_thread() to md_stop_writes(). 2) The ... • https://git.kernel.org/stable/c/9dbd1aa3a81c6166608fec87994b6c464701f73a •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35793 – debugfs: fix wait/cancellation handling during remove
https://notcve.org/view.php?id=CVE-2024-35793
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: debugfs: fix wait/cancellation handling during remove Ben Greear further reports deadlocks during concurrent debugfs remove while files are being accessed, even though the code in question now uses debugfs cancellations. Turns out that despite all the review on the locking, we missed completely that the logic is wrong: if the refcount hits zero we can finish (and need not wait for the completion), but if it doesn't we have to trigger all th... • https://git.kernel.org/stable/c/8c88a474357ead632b07c70bf7f119ace8c3b39e •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-35789 – wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
https://notcve.org/view.php?id=CVE-2024-35789
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: comprobar/borrar fast rx para cambios de VLAN ... • https://git.kernel.org/stable/c/a7f1721684628b8ae6015bca9a176046ee6f30cc •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35787 – md/md-bitmap: fix incorrect usage for sb_index
https://notcve.org/view.php?id=CVE-2024-35787
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap code, but left wrong code logic for clustered-md. current code never set slot offset for cluster nodes, will sometimes cause crash in clustered env. Call trace (partly): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6... • https://git.kernel.org/stable/c/d7038f951828da19fa9aafddfa087b69032c9687 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27436 – ALSA: usb-audio: Stop parsing channels bits when all channels are found.
https://notcve.org/view.php?id=CVE-2024-27436
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ALSA: usb-audio: deja de analizar bits de canales cuando se encuentran todos los canales. Si un dispositivo de audio USB establece más bits que la cantidad de canales, podría escribir fuera de la mat... • https://git.kernel.org/stable/c/04324ccc75f96b3ed7aad1c866d1b7925e977bdf • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27435 – nvme: fix reconnection fail due to reserved tag allocation
https://notcve.org/view.php?id=CVE-2024-27435
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: fix reconnection fail due to reserved tag allocation We found a issue on production environment while using NVMe over RDMA, admin_q reconnect failed forever while remote target and network is ok. After dig into it, we found it may caused by a ABBA deadlock due to tag allocation. In my case, the tag was hold by a keep alive request waiting inside admin_q, as we quiesced admin_q while reset ctrl, so the request maked as idle and will no... • https://git.kernel.org/stable/c/ed01fee283a067c72b2d6500046080dbc1bb9dae •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27434 – wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
https://notcve.org/view.php?id=CVE-2024-27434
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't set the MFP flag for the GTK The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: no configure el indicador MFP para GTK El firmware no necesita el in... • https://git.kernel.org/stable/c/5c75a208c2449c6ea24f07610cc052f6a352246c •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27433 – clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe()
https://notcve.org/view.php?id=CVE-2024-27433
17 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() 'clk_data' is allocated with mtk_devm_alloc_clk_data(). So calling mtk_free_clk_data() explicitly in the remove function would lead to a double-free. Remove the redundant call. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: clk: mediatek: mt7622-apmixedsys: se corrigió una ruta de manejo de errores en clk_mt8135_apmixed_probe() 'clk_d... • https://git.kernel.org/stable/c/c50e2ea6507bcf5a4475f821fc03dd1fdcb894a7 •