CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27011 – netfilter: nf_tables: fix memleak in map from abort path
https://notcve.org/view.php?id=CVE-2024-27011
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already clear... • https://git.kernel.org/stable/c/591054469b3eef34bc097c30fae8ededddf8d796 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27010 – net/sched: Fix mirred deadlock on device recursion
https://notcve.org/view.php?id=CVE-2024-27010
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W [ 82.8... • https://git.kernel.org/stable/c/e578d9c02587d57bfa7b560767c698a668a468c6 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27009 – s390/cio: fix race condition during online processing
https://notcve.org/view.php?id=CVE-2024-27009
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix race condition during online processing A race condition exists in ccw_device_set_online() that can cause the online process to fail, leaving the affected device in an inconsistent state. As a result, subsequent attempts to set that device online fail with return code ENODEV. The problem occurs when a path verification request arrives after a wait for final device state completed, but before the result state is evaluated. Fix ... • https://git.kernel.org/stable/c/2297791c92d04a154ad29ba5a073f9f627982110 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27008 – drm: nv04: Fix out of bounds access
https://notcve.org/view.php?id=CVE-2024-27008
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must be interpreted as a number of bit to set, not value. Utilize macros from 'enum nouveau_or' in calls instead of hardcoding. Found by Linux Verification Center (li... • https://git.kernel.org/stable/c/2e5702aff39532662198459726c624d5eadbdd78 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27007 – userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE
https://notcve.org/view.php?id=CVE-2024-27007
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: change src_folio after ensuring it's unpinned in UFFDIO_MOVE Commit d7a08838ab74 ("mm: userfaultfd: fix unexpected change to src_folio when UFFDIO_MOVE fails") moved the src_folio->{mapping, index} changing to after clearing the page-table and ensuring that it's not pinned. This avoids failure of swapout+migration and possibly memory corruption. However, the commit missed fixing it in the huge-page case. En el kernel de Linux, ... • https://git.kernel.org/stable/c/adef440691bab824e39c1b17382322d195e1fab0 •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27006 – thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up()
https://notcve.org/view.php?id=CVE-2024-27006
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Add missing count increment to thermal_debug_tz_trip_up() The count field in struct trip_stats, representing the number of times the zone temperature was above the trip point, needs to be incremented in thermal_debug_tz_trip_up(), for two reasons. First, if a trip point is crossed on the way up for the first time, thermal_debug_update_temp() called from update_temperature() does not see it because it has not been added to t... • https://git.kernel.org/stable/c/7ef01f228c9f54c6260319858be138a8a7e9e704 •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27005 – interconnect: Don't access req_list while it's being manipulated
https://notcve.org/view.php?id=CVE-2024-27005
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: interconnect: Don't access req_list while it's being manipulated The icc_lock mutex was split into separate icc_lock and icc_bw_lock mutexes in [1] to avoid lockdep splats. However, this didn't adequately protect access to icc_node::req_list. The icc_set_bw() function will eventually iterate over req_list while only holding icc_bw_lock, but req_list can be modified while only holding icc_lock. This causes races between icc_set_bw(), of_icc_... • https://git.kernel.org/stable/c/af42269c3523492d71ebbe11fefae2653e9cdc78 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27004 – clk: Get runtime PM before walking tree during disable_unused
https://notcve.org/view.php?id=CVE-2024-27004
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:swapper/0 state:D stack: 0 pid: 1 ppid: 0 flags:0x00000008 Call trace: __switch_to+0xf4/0x1f4 __schedule+0x418/0xb80 schedule+0x5c/0x10c rpm_resume+0xe0/0x52c... • https://git.kernel.org/stable/c/9a34b45397e5a389e25a0c5d39983300d040e5e2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27003 – clk: Get runtime PM before walking tree for clk_summary
https://notcve.org/view.php?id=CVE-2024-27003
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree for clk_summary Similar to the previous commit, we should make sure that all devices are runtime resumed before printing the clk_summary through debugfs. Failure to do so would result in a deadlock if the thread is resuming a device to print clk state and that device is also runtime resuming in another thread, e.g the screen is turning on and the display driver is starting up. We remove the calls to c... • https://git.kernel.org/stable/c/1bb294a7981c737e2311a78e4086635ac0220ace •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27002 – clk: mediatek: Do a runtime PM get on controllers during probe
https://notcve.org/view.php?id=CVE-2024-27002
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Do a runtime PM get on controllers during probe mt8183-mfgcfg has a mutual dependency with genpd during the probing stage, which leads to a deadlock in the following call stack: CPU0: genpd_lock --> clk_prepare_lock genpd_power_off_work_fn() genpd_lock() generic_pm_domain::power_off() clk_unprepare() clk_prepare_lock() CPU1: clk_prepare_lock --> genpd_lock clk_register() __clk_core_init() clk_prepare_lock() clk_pm_runtime_get... • https://git.kernel.org/stable/c/acddfc2c261b3653ab1c1b567a427299bac20d31 •