CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27074 – media: go7007: fix a memleak in go7007_load_encoder
https://notcve.org/view.php?id=CVE-2024-27074
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go is freed and thus bounce is leaked. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medios: go7007: corrige una fuga de memoria en go7007_load_encoder En go7007_... • https://git.kernel.org/stable/c/95ef39403f890360a3e48fe550d8e8e5d088ad74 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27073 – media: ttpci: fix two memleaks in budget_av_attach
https://notcve.org/view.php?id=CVE-2024-27073
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: ttpci: corrige dos fugas de mem en Budget_av_attach Cuando fallan saa7146_register_devi... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27072 – media: usbtv: Remove useless locks in usbtv_video_free()
https://notcve.org/view.php?id=CVE-2024-27072
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting... • https://git.kernel.org/stable/c/f3d27f34fdd7701e499617d2c1d94480a98f6d07 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27071 – backlight: hx8357: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-27071
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: backlight: hx8357: Fix potential NULL pointer dereference The "im" pins are optional. Add missing check in the hx8357_probe(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: retroiluminación: hx8357: corrige una posible desreferencia del puntero NULL Los pines "im" son opcionales. Agregue el cheque que falta en hx8357_probe(). • https://git.kernel.org/stable/c/7d84a63a39b78443d09f2b4edf7ecb1d586379b4 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27070 – f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
https://notcve.org/view.php?id=CVE-2024-27070
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr ffff88807bb22680 by task syz-executor184/5058 CPU: 0 PID: 5058 Comm: syz-executor184 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace:
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27069 – ovl: relax WARN_ON in ovl_verify_area()
https://notcve.org/view.php?id=CVE-2024-27069
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARN_ON in ovl_verify_area() syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause undefined behavior, so returning EIO error for the copy up makes sense, but it should not be causing a WARN_ON assertion. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ovl: relax WARN_ON en ovl_ve... • https://git.kernel.org/stable/c/ca7ab482401cf0a7497dad05f4918dc64115538b •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27068 – thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2024-27068
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path If devm_krealloc() fails, then 'efuse' is leaking. So free it to avoid a leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/mediatek/lvts_thermal: corrige una pérdida de memoria en una ruta de manejo de errores. Si devm_krealloc() falla, entonces 'efuse' tiene una fuga. Así que libérelo para evitar una fuga. In the Linux ... • https://git.kernel.org/stable/c/f5f633b18234cecb0e6ee6e5fbb358807dda15c3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27067 – xen/evtchn: avoid WARN() when unbinding an event channel
https://notcve.org/view.php?id=CVE-2024-27067
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN() when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIG_DEBUG_SHIRQ. This might cause a WARN() in the handler. Avoid that by adding an "unbinding" flag to struct user_event which will short circuit the handler. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: xen/evtchn: evite WARN() al desvincular un... • https://git.kernel.org/stable/c/3c8f5965a99397368d3762a9814a21a3e442e1a4 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27066 – virtio: packed: fix unmap leak for indirect desc table
https://notcve.org/view.php?id=CVE-2024-27066
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. Thi... • https://git.kernel.org/stable/c/b319940f83c21bb4c1fabffe68a862be879a6193 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27065 – netfilter: nf_tables: do not compare internal table flags on updates
https://notcve.org/view.php?id=CVE-2024-27065
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: no comparar indicadores de tablas internas en las actualizaciones Restaurar la transacción omitida si la actualización de la tabla no modifica los indicadores. • https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87 •