CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26938 – drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()
https://notcve.org/view.php?id=CVE-2024-26938
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() If we have no VBT, or the VBT didn't declare the encoder in question, we won't have the 'devdata' for the encoder. Instead of oopsing just bail early. We won't be able to tell whether the port is DP++ or not, but so be it. (cherry picked from commit 26410896206342c8a80d2b027923e9ee7d33b733) En el kernel de Linux se ha resuelto la siguiente vulnerabilidad... • https://git.kernel.org/stable/c/72e4d3fb72e9f0f016946158a7d95304832768e6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26937 – drm/i915/gt: Reset queue_priority_hint on parking
https://notcve.org/view.php?id=CVE-2024-26937
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happens, the request is retired from the queue, but the queue_priority_hint remains set, preventing direct submission until after the next CS interrupt is processed.... • https://git.kernel.org/stable/c/22b7a426bbe1ebe1520f92da4cd1617d1e1b5fc4 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26935 – scsi: core: Fix unremoved procfs host directory regression
https://notcve.org/view.php?id=CVE-2024-26935
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potential duplicate call to the hostdir_rm() routine, since it's also called from scsi_host_dev_release(). That triggered a regression report, which was then fi... • https://git.kernel.org/stable/c/88c3d3bb6469cea929ac68fd326bdcbefcdfdd83 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26934 – USB: core: Fix deadlock in usb_deauthorize_interface()
https://notcve.org/view.php?id=CVE-2024-26934
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through ... • https://git.kernel.org/stable/c/310d2b4124c073a2057ef9d952d4d938e9b1dfd9 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26933 – USB: core: Fix deadlock in port "disable" sysfs attribute
https://notcve.org/view.php?id=CVE-2024-26933
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device. This can cause problems if another process has locked the hub to remove it or change its configuration: Removing the hub or changing its configuration requires the hub interface to be removed, which requires the port device to be remov... • https://git.kernel.org/stable/c/f061f43d7418cb62b8d073e221ec75d3f5b89e17 • CWE-667: Improper Locking •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26932 – usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()
https://notcve.org/view.php?id=CVE-2024-26932
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is kfreed by pd_capabilities_release() and the second time is explicitly kfreed by tcpm_port_unregister_pd(). [ 3.988059] BUG: KASAN: double-free in tcpm_port_unregister_pd+0x1a4/0x3dc [ 3.995001] Free of ... • https://git.kernel.org/stable/c/cd099cde4ed264403b434d8344994f97ac2a4349 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26931 – scsi: qla2xxx: Fix command flush on cable pull
https://notcve.org/view.php?id=CVE-2024-26931
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Tainted: G OE --------- - - 4.18.0-372.9.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 Work... • https://git.kernel.org/stable/c/b73377124f56d2fec154737c2f8d2e839c237d5a • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26930 – scsi: qla2xxx: Fix double free of the ha->vp_map pointer
https://notcve.org/view.php?id=CVE-2024-26930
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map. ha->vp_map was freed in qla2x00_mem_alloc(), and again freed in function qla2x00_mem_free(ha). Assign NULL to vp_map and kfree take care of NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: qla2xxx: Corrección de doble liberación del puntero ha->vp_map Coverity scan info... • https://git.kernel.org/stable/c/f14cee7a882cb79528f17a2335f53e9fd1848467 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26929 – scsi: qla2xxx: Fix double free of fcport
https://notcve.org/view.php?id=CVE-2024-26929
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of fcport The server was crashing after LOGO because fcport was getting freed twice. -----------[ cut here ]----------- kernel BUG at mm/slub.c:371! invalid opcode: 0000 1 SMP PTI CPU: 35 PID: 4610 Comm: bash Kdump: loaded Tainted: G OE --------- - - 4.18.0-425.3.1.el8.x86_64 #1 Hardware name: HPE ProLiant DL360 Gen10/ProLiant DL360 Gen10, BIOS U32 09/03/2021 RIP: 0010:set_freepointer.part.57+0x0/0x10... • https://git.kernel.org/stable/c/b03e626bd6d3f0684f56ee1890d70fc9ca991c04 • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52648 – drm/vmwgfx: Unmap the surface before resetting it on a plane state
https://notcve.org/view.php?id=CVE-2023-52648
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Unmap the surface before resetting it on a plane state Switch to a new plane state requires unreferencing of all held surfaces. In the work required for mob cursors the mapped surfaces started being cached but the variable indicating whether the surface is currently mapped was not being reset. This leads to crashes as the duplicated state, incorrectly, indicates the that surface is mapped even when no surface is present. That'... • https://git.kernel.org/stable/c/485d98d472d53f9617ffdfba5e677ac29ad4fe20 •