CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52656 – io_uring: drop any code related to SCM_RIGHTS
https://notcve.org/view.php?id=CVE-2023-52656
13 May 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it. In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilid... • https://git.kernel.org/stable/c/cfb24022bb2c31f1f555dc6bc3cc5e2547446fb3 •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27401 – firewire: nosy: ensure user_length is taken into account when fetching packet contents
https://notcve.org/view.php?id=CVE-2024-27401
13 May 2024 — In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. ... En el kernel de Linux, se ha resuelto la siguie... • https://git.kernel.org/stable/c/67f34f093c0f7bf33f5b4ae64d3d695a3b978285 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27400 – drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2
https://notcve.org/view.php?id=CVE-2024-27400
13 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 This reverts drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap. ... Also rework the statistic handling so that we don't update the eviction counter before the move. v2: add missing NULL check En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: una vez más corrige la llamada oder en amdgpu_ttm_move() v2. ... • https://git.kernel.org/stable/c/d443fb67ca5ab04760449d21ddea66f6728e5b00 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27399 – Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout
https://notcve.org/view.php?id=CVE-2024-27399
13 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). ... mutex_lock+0x75/0xc0 [ 472.096136] l2cap_chan_timeo ---truncated--- En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: l2cap: corrige null-ptr-deref en l2cap_chan_timeout Existe una condición de ejecución entre l2cap_chan_timeout() y l2cap_chan_del(). ... mutex_l... • https://git.kernel.org/stable/c/3df91ea20e744344100b10ae69a17211fcf5b207 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-27398 – Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout
https://notcve.org/view.php?id=CVE-2024-27398
13 May 2024 — kthread_blkcg+0xa0/0xa0 [ 95.890755] ret_from_fork_asm+0x11/0x20 [ 95.890755] [ 95.890755] [ 95.890755] Allocated by task 506: [ 95.890755] kasan_save_track+0x3f/0x70 [ 95.890755] __kasan_kmalloc+0x86/0x90 [ 95.890755] __kmalloc+0x17f/0x360 [ 95.890755] sk_prot_alloc+0xe1/0x1a0 [ 95.890755] sk_alloc+0x31/0x4e0 [ 95.890755] bt_sock_alloc+0x2b/0x2a0 [ 95.890755] sco_sock_create+0xad/0x320 [ 95.890755] bt_sock_create+0x145/0x320 [ 95.890755] __sock_create+0x2e1/0x650 [ 95.890755] __sys_socket+0xd0/0x28... • https://git.kernel.org/stable/c/48669c81a65628ef234cbdd91b9395952c7c27fe •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-52655 – usb: aqc111: check packet for fixup for true limit
https://notcve.org/view.php?id=CVE-2023-52655
13 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length will wrap around ending up as some very large value. In the Linux kernel, the following vulnerability has been resolved: usb: aqc111: check packet for fixup for true limit If a device sends a packet that is inbetween 0 and sizeof(u64) the value passed to skb_trim() as length... • https://git.kernel.org/stable/c/84f2e5b3e70f08fce3cb1ff73414631c5e490204 •
CVSS: 7.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27397 – netfilter: nf_tables: use timestamp to check for set element timeout
https://notcve.org/view.php?id=CVE-2024-27397
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use timestamp to check for set element timeout Add a timestamp field at the beginning of the transaction, store it in the nftables per-netns area. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: use la marca de tiempo para verificar el tiempo de espera del elemento establecido. ... A use-after-free flaw was found in the Linux kernel’s netfilter subsystem in... • https://git.kernel.org/stable/c/c3e1b005ed1cc068fc9d454a6e745830d55d251d •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27396 – net: gtp: Fix Use-After-Free in gtp_dellink
https://notcve.org/view.php?id=CVE-2024-27396
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the h... • https://git.kernel.org/stable/c/043a283d24f40fea4c8a8d06b0e2694c8e372200 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27395 – net: openvswitch: Fix Use-After-Free in ovs_ct_exit
https://notcve.org/view.php?id=CVE-2024-27395
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, ... • https://git.kernel.org/stable/c/11efd5cb04a184eea4f57b68ea63dddd463158d1 •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27394 – tcp: Fix Use-After-Free in tcp_ao_connect_init
https://notcve.org/view.php?id=CVE-2024-27394
09 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of tcp_ao_connect_init, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix Use-After-Free in tcp_ao_connect_init Since call_rcu, which is c... • https://git.kernel.org/stable/c/7c2ffaf21bd67f73d21560995ce17eaf5fc1d37f • CWE-416: Use After Free •