CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35884 – udp: do not accept non-tunnel GSO skbs landing in a tunnel
https://notcve.org/view.php?id=CVE-2024-35884
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. ... RIP: 0010:skb_segment+0xd2a/0xf70 __udp_gso_segment+0xaa/0x560 En ... • https://git.kernel.org/stable/c/9fd1ff5d2ac7181844735806b0a703c942365291 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35883 – spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe
https://notcve.org/view.php?id=CVE-2024-35883
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null pointer that may be caused by a failed memory allocation by the function devm_kzalloc. In the Linux kernel, the following vulnerability has been resolved: spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe In function pci1xxxx_spi_probe, there is a potential null... • https://git.kernel.org/stable/c/1cc0cbea7167af524a7f7b2d0d2f19f7a324e807 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35882 – SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP
https://notcve.org/view.php?id=CVE-2024-35882
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memory exhaustion after just a few days. In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his small NFS servers suffer from memory exhaustion after just a few days. ... En el kernel de Linux, se resol... • https://git.kernel.org/stable/c/e18e157bb5c8c1cd8a9ba25acfdcf4f3035836f4 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35880 – io_uring/kbuf: hold io_buffer_list reference over mmap
https://notcve.org/view.php?id=CVE-2024-35880
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: hold io_buffer_list reference over mmap If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: hold io_buffer_list reference over mmap If we look up the kbuf, ensure that it doesn't get unregistered until after we're done with it. ... En el kernel de Linux, se ha resuelto la siguient... • https://git.kernel.org/stable/c/09f7520048eaaee9709091cd2787966f807da7c5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-35879 – of: dynamic: Synchronize of_changeset_destroy() with the devlink removals
https://notcve.org/view.php?id=CVE-2024-35879
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_... • https://git.kernel.org/stable/c/d007150b4e15bfcb8d36cfd88a5645d42e44d383 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35878 – of: module: prevent NULL pointer dereference in vsnprintf()
https://notcve.org/view.php?id=CVE-2024-35878
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf() In of_modalias(), we can get passed the str and len parameters which would cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr when the length is also 0. ... Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool. Found by Linux Verification Center (linuxtesting.org) with the Svace static analysis tool. ... • https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35877 – x86/mm/pat: fix VM_PAT handling in COW mappings
https://notcve.org/view.php?id=CVE-2024-35877
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. ... untrack_pfn+0xf4/0x100 [ 3 ---truncated--- En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/mm/pat: corrige el manejo de VM_PAT en asignaciones COW El manejo de PAT no funcionará correctamente en las as... • https://git.kernel.org/stable/c/5899329b19100c0b82dc78e9b21ed8b920c9ffb3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35875 – x86/coco: Require seeding RNG with RDRAND on CoCo systems
https://notcve.org/view.php?id=CVE-2024-35875
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. ... • https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35874 – aio: Fix null ptr deref in aio_complete() wakeup
https://notcve.org/view.php?id=CVE-2024-35874
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it effectively unlocks access. In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it effectively unlocks access. ... En el kernel de Linux, se ha resuel... • https://git.kernel.org/stable/c/71eb6b6b0ba93b1467bccff57b5de746b09113d2 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35873 – riscv: Fix vector state restore in rt_sigreturn()
https://notcve.org/view.php?id=CVE-2024-35873
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix vector state restore in rt_sigreturn() The RISC-V Vector specification states in "Appendix D: Calling Convention for Vector State" [1] that "Executing a system call causes all caller-saved vector registers (v0-v31, vl, vtype) and vstart to become unspecified.". In the Linux kernel, the following vulnerability has been resolved: riscv: Fix vector state restore in rt_sigreturn() The RISC-V Vector specification states ... • https://git.kernel.org/stable/c/c2a658d419246108c9bf065ec347355de5ba8a05 •