CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26710 – powerpc/kasan: Limit KASAN thread size increase to 32KB
https://notcve.org/view.php?id=CVE-2024-26710
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: ... • https://git.kernel.org/stable/c/9ccf64e763aca088b0d25c1274af42b1a6a45135 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26708 – mptcp: really cope with fastopen race
https://notcve.org/view.php?id=CVE-2024-26708
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: really cope with fastopen race Fastopen and PM-trigger subflow shutdown can race, as reported by syzkaller. In my first attempt to close such race, I missed the fact that the subflow status can change again before the subflow_state_change callback is invoked. Address the issue additionally copying with all the states directly reachable from TCP_FIN_WAIT1. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: realm... • https://git.kernel.org/stable/c/1e777f39b4d75e599a3aac8e0f67d739474f198c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26707 – net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
https://notcve.org/view.php?id=CVE-2024-26707
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will not help much in this case, it might be prudent to switch to netdev_warn_once(). At the very least it will suppress syzkaller reports such as [1]. Just in case, use netdev_warn_once() in send_prp_supervision_frame() for similar reasons. [1] HSR: Cou... • https://git.kernel.org/stable/c/121c33b07b3127f501b366bc23d2a590e2f2b8ef •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26706 – parisc: Fix random data corruption from exception handler
https://notcve.org/view.php?id=CVE-2024-26706
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash ... • https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26705 – parisc: BTLB: Fix crash when setting up BTLB at CPU bringup
https://notcve.org/view.php?id=CVE-2024-26705
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static (block) TLB entries. For that write access to the static btlb_info struct is needed, but since it is marked __ro_after_init the kernel segfaults with missing write permissions. Fix the crash by dropping the __ro_after_init annotation. En el kernel de Linux, se ha resuel... • https://git.kernel.org/stable/c/e5ef93d02d6c9cc3a14e7348481c9e41a528caa1 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26704 – ext4: fix double-free of blocks due to wrong extents moved_len
https://notcve.org/view.php?id=CVE-2024-26704
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len is not zero. When the loop fails to exit after successfully moving some extents, moved_len is not updated and remains at 0, so it does not discard the preallocations. If the moved extents overlap with the prealloca... • https://git.kernel.org/stable/c/fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26703 – tracing/timerlat: Move hrtimer_init to timerlat_fd open()
https://notcve.org/view.php?id=CVE-2024-26703
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Move hrtimer_init to timerlat_fd open() Currently, the timerlat's hrtimer is initialized at the first read of timerlat_fd, and destroyed at close(). It works, but it causes an error if the user program open() and close() the file without reading. Here's an example: # echo NO_OSNOISE_WORKLOAD > /sys/kernel/debug/tracing/osnoise/options # echo timerlat > /sys/kernel/debug/tracing/current_tracer # cat <
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26702 – iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
https://notcve.org/view.php?id=CVE-2024-26702
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iio: magnetómetro: rm3100: agregue verificación de los límites para el valo... • https://git.kernel.org/stable/c/121354b2eceb2669ebdffa76b105ad6c03413966 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26700 – drm/amd/display: Fix MST Null Ptr for RV
https://notcve.org/view.php?id=CVE-2024-26700
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix MST Null Ptr for RV The change try to fix below error specific to RV platform: BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time_slots+0x5e/0x260 [drm_disp... • https://git.kernel.org/stable/c/01d992088dce3945f70f49f34b0b911c5213c238 • CWE-476: NULL Pointer Dereference •
CVSS: 4.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26698 – hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
https://notcve.org/view.php?id=CVE-2024-26698
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, including all subchannels without confirming if they are enabled or not. This caused hv_netvsc getting hung at napi_disable, when netvsc_probe() has finished running but nvdev->subchan_work has not started yet. netvsc_subchan_work() -> rndi... • https://git.kernel.org/stable/c/ac5047671758ad4be9f93898247b3a8b6dfde4c7 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •