CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26626 – ipmr: fix kernel panic when forwarding mcast packets
https://notcve.org/view.php?id=CVE-2024-26626
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference, address: 0000000000000092 [ 86.306815] #PF: supervisor read access in kernel mode [ 86.307717] #PF: error_code(0x0000) - not-present page [ 86.308624] PGD 0 P4D 0 [ 86.309091] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 86.309883] CPU: 2 PID: 3139 Comm: pimd Tainted: G U 6.8.0-6wind-knet #1 [ 86.311027] Hardware name: QEMU Sta... • https://git.kernel.org/stable/c/f69365e3a7cab819099249c50b39f4450fdddc60 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26625 – llc: call sock_orphan() at release time
https://notcve.org/view.php?id=CVE-2024-26625
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling proto_ops::release()") Eric Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net-next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: ... • https://git.kernel.org/stable/c/43815482370c510c569fd18edb57afcb0fa8cab6 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26623 – pds_core: Prevent race issues involving the adminq
https://notcve.org/view.php?id=CVE-2024-26623
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e. pdsc_work_thread()->pdsc_process_adminq() [2] pdsc_adminq_post() When the device goes through reset via PCIe reset and/or a fw_down/fw_up cycle due to bad PCIe state or bad device state the adminq is destroyed and recreated. A NULL pointer dereference can h... • https://git.kernel.org/stable/c/01ba61b55b2041a39c54aefb3153c770dd59a0ef •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52607 – powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
https://notcve.org/view.php?id=CVE-2023-52607
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: powerpc/mm: corrige la desreferencia del puntero nulo en pgtable_cache_add kasprintf() devuelve un puntero a la memoria asignada dinámicamente que puede ... • https://git.kernel.org/stable/c/21e45a7b08d7cd98d6a53c5fc5111879f2d96611 • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52606 – powerpc/lib: Validate size for vector operations
https://notcve.org/view.php?id=CVE-2023-52606
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/lib: Validate size for vector operations Some of the fp/vmx code in sstep.c assume a certain maximum size for the instructions being emulated. The size of those operations however is determined separately in analyse_instr(). Add a check to validate the assumption on the maximum size of the operations, so as to prevent any unintended kernel stack corruption. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/l... • https://git.kernel.org/stable/c/42084a428a139f1a429f597d44621e3a18f3e414 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52604 – FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
https://notcve.org/view.php?id=CVE-2023-52604
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:2867:6 index 196694 is out of range for type 's8[1365]' (aka 'signed char[1365]') CPU: 1 PID: 109 Comm: jfsCommit Not tainted 6.6.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/04/2023 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52603 – UBSAN: array-index-out-of-bounds in dtSplitRoot
https://notcve.org/view.php?id=CVE-2023-52603
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: UBSAN: array-index-out-of-bounds in dtSplitRoot Syzkaller reported the following issue: oop0: detected capacity change from 0 to 32768 UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:1971:9 index -2 is out of range for type 'struct dtslot [128]' CPU: 0 PID: 3613 Comm: syz-executor270 Not tainted 6.0.0-syzkaller-09423-g493ffd6605b2 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/22/2022 Call Trace:... • https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52602 – jfs: fix slab-out-of-bounds Read in dtSearch
https://notcve.org/view.php?id=CVE-2023-52602
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: arreglar slab-out-of-bounds Leer en dtSearch Actualmente, mientras se busca la página actual en la tabla de entradas ordenadas de la página, hay u... • https://git.kernel.org/stable/c/ce8bc22e948634a5c0a3fa58a179177d0e3f3950 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52601 – jfs: fix array-index-out-of-bounds in dbAdjTree
https://notcve.org/view.php?id=CVE-2023-52601
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbAdjTree Currently there is a bound check missing in the dbAdjTree while accessing the dmt_stree. To add the required check added the bool is_ctl which is required to determine the size as suggest in the following commit. https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/ En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: corrige el índice... • https://git.kernel.org/stable/c/3d3898b4d72c677d47fe3cb554449f2df5c12555 • CWE-129: Improper Validation of Array Index •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52600 – jfs: fix uaf in jfs_evict_inode
https://notcve.org/view.php?id=CVE-2023-52600
06 Mar 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfs_evict_inode When the execution of diMount(ipimap) fails, the object ipimap that has been released may be accessed in diFreeSpecial(). Asynchronous ipimap release occurs when rcu_core() calls jfs_free_node(). Therefore, when diMount(ipimap) fails, sbi->ipimap should not be initialized as ipimap. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: jfs: corrige uaf en jfs_evict_inode Cuando falla la ejecución ... • https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35 •