CVSS: 8.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26952 – ksmbd: fix potencial out-of-bounds when buffer offset is invalid
https://notcve.org/view.php?id=CVE-2024-26952
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige posibles límites cuando el desplazamiento del búfer no es válido. Encontré posibles límites cuando los campos ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26951 – wireguard: netlink: check for dangling peer via is_dead instead of empty list
https://notcve.org/view.php?id=CVE-2024-26951
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list with a head on the stack of wg_peer_remove_all(). If a netlink dump is resumed and the cursored peer is one that has been removed via wg_peer_remove_all(), it will iterate from that peer and then attempt to dump freed peers. Fix this by ... • https://git.kernel.org/stable/c/e7096c131e5161fa3b8e52a650d7719d2857adfd •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26950 – wireguard: netlink: access device through ctx instead of peer
https://notcve.org/view.php?id=CVE-2024-26950
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since ctx->wg->peer_allowedips.seq is compared with ctx->allowedips_seq, basing them both in ctx. This also acts as a defence in depth provision against freed peers. En ... • https://git.kernel.org/stable/c/e7096c131e5161fa3b8e52a650d7719d2857adfd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26949 – drm/amdgpu/pm: Fix NULL pointer dereference when get power limit
https://notcve.org/view.php?id=CVE-2024-26949
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplay_table initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplay_table is NULL. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu/pm: corrige la desreferencia del puntero NULL cuando se obtiene el límite de energía. Debido a que la inicialización de powerplay_table se omite en el caso sr... • https://git.kernel.org/stable/c/c83d9cce713f148750d686174743ca2364b7a06e • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26948 – drm/amd/display: Add a dc_state NULL check in dc_state_release
https://notcve.org/view.php?id=CVE-2024-26948
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregue una verificación dc_state NULL en dc_state_release [Cómo] Verifique si el estado es NULL antes de liberarlo. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_r... • https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26947 – ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses
https://notcve.org/view.php?id=CVE-2024-26947
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses Since commit a4d5613c4dc6 ("arm: extend pfn_valid to take into account freed memory map alignment") changes the semantics of pfn_valid() to check presence of the memory map for a PFN. A valid page for an address which is reserved but not mapped by the kernel[1], the system crashed during some uio test with the following memory layout: node 0: [mem 0x00000000c0a00000... • https://git.kernel.org/stable/c/a4d5613c4dc6d413e0733e37db9d116a2a36b9f3 • CWE-439: Behavioral Change in New Version or Environment •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26946 – kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
https://notcve.org/view.php?id=CVE-2024-26946
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ] En el kernel de Linux, se ha ... • https://git.kernel.org/stable/c/cc66bb91457827f62e2b6cb2518666820f0a6c48 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26945 – crypto: iaa - Fix nr_cpus < nr_iaa case
https://notcve.org/view.php?id=CVE-2024-26945
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in rebalance_wq_table(). Make sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0 case, even though cpus_per_iaa is never used if nr_iaa == 0, for paranoia. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: iaa - Corrige el caso nr_cpus < nr_iaa Si nr_cpus < nr_iaa, el cpus_p... • https://git.kernel.org/stable/c/ea7a5cbb43696cfacf73e61916d1860ac30b5b2f • CWE-369: Divide By Zero •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26944 – btrfs: zoned: fix use-after-free in do_zone_finish()
https://notcve.org/view.php?id=CVE-2024-26944
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0 ================================================================== BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs] Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007 C... • https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26943 – nouveau/dmem: handle kcalloc() allocation failure
https://notcve.org/view.php?id=CVE-2024-26943
01 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). • https://git.kernel.org/stable/c/249881232e1471d28b68f9a3829acc14d150cf5d •