CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27391 – wifi: wilc1000: do not realloc workqueue everytime an interface is added
https://notcve.org/view.php?id=CVE-2024-27391
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: do not realloc workqueue everytime an interface is added Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to "NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to set the interface name in the workqueue name. However, while the driver needs only one workqueue, the wilc_netdev_ifc_init is called each time we add an interface over a phy, which in turns overwrite the workqueue with a new one.... • https://git.kernel.org/stable/c/09ed8bfc5215ad5aac91c50008277b5586b9ef24 •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27390 – ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
https://notcve.org/view.php?id=CVE-2024-27390
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()")) I think the synchronize_net() call in ipv6_mc_down() is not needed. Under load, synchronize_net() can last between 200 usec and 5 ms. KASAN seems to agree as well. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: mcast: elimina una barr... • https://git.kernel.org/stable/c/f185de28d9ae6c978135993769352e523ee8df06 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27389 – pstore: inode: Only d_invalidate() is needed
https://notcve.org/view.php?id=CVE-2024-27389
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the combo of d_drop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use d_invalidate() and update the code to not both... • https://git.kernel.org/stable/c/609e28bb139e53621521130f0d4aea27a725d465 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27388 – SUNRPC: fix some memleaks in gssx_dec_option_array
https://notcve.org/view.php?id=CVE-2024-27388
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores después de su asignación. Entonces ... • https://git.kernel.org/stable/c/1d658336b05f8697d6445834f8867f8ad5e4f735 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27080 – btrfs: fix race when detecting delalloc ranges during fiemap
https://notcve.org/view.php?id=CVE-2024-27080
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when detecting delalloc ranges during fiemap For fiemap we recently stopped locking the target extent range for the whole duration of the fiemap call, in order to avoid a deadlock in a scenario where the fiemap buffer happens to be a memory mapped range of the same file. This use case is very unlikely to be useful in practice but it may be triggered by fuzz testing (syzbot, etc). This however introduced a race that makes us ... • https://git.kernel.org/stable/c/ded566b4637f1b6b4c9ba74e7d0b8493e93f19cf •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27079 – iommu/vt-d: Fix NULL domain on device release
https://notcve.org/view.php?id=CVE-2024-27079
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel: BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170... • https://git.kernel.org/stable/c/586081d3f6b13ec9dfdfdf3d7842a688b376fa5e •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27078 – media: v4l2-tpg: fix some memleaks in tpg_alloc
https://notcve.org/view.php?id=CVE-2024-27078
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medio: v4l2-tpg: corrige algunas fugas de memoria en tpg_alloc En tpg_alloc, los recursos deben desasignarse... • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27077 – media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
https://notcve.org/view.php?id=CVE-2024-27077
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity->name. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medio: v4l2-mem2mem: corrige una fuga de mem en v4l2_m2m_register_entity La entidad->nombre (es decir, nombre) se asign... • https://git.kernel.org/stable/c/be2fff656322e82f215730839063c2c2ca73d14b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27076 – media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
https://notcve.org/view.php?id=CVE-2024-27076
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: imx: csc/scaler: corrige la pérdida de memoria v4l2_ctrl_handler Libere la memoria asignada en v4l2_ctrl_handler_init en el lanzamiento. • https://git.kernel.org/stable/c/a8ef0488cc592921a917362cca66af4a601987b9 •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-27075 – media: dvb-frontends: avoid stack overflow warnings with clang
https://notcve.org/view.php?id=CVE-2024-27075
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend' [-Werror,-Wframe-larger-than] 1214 | static int stv0367ter_set_frontend(struct dvb_frontend *fe) Rework the stv0367_writereg() function to be simpler an... • https://git.kernel.org/stable/c/3cd890dbe2a4f14cc44c85bb6cf37e5e22d4dd0e •