CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46772 – drm/amd/display: Check denominator crb_pipes before used
https://notcve.org/view.php?id=CVE-2024-46772
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator crb_pipes before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 2 DIVIDE_BY_ZERO issues reported by Coverity. Ubuntu Secur... • https://git.kernel.org/stable/c/ede06d23392529b039cf7ac11b5875b047900f1c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46771 – can: bcm: Remove proc entry when dev is unregistered.
https://notcve.org/view.php?id=CVE-2024-46771
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcm_connect() below. [0] The repro calls connect() to vxcan1, removes vxcan1, and calls connect() with ifindex == 0. Calling connect() for a BCM socket allocates a proc entry. Then, bcm_sk(sk)->bound is set to 1 to prevent further connect(). However, removing the bound device resets bcm_sk(sk)->bound to 0 in bcm_notify(). The 2nd connect() tries to allocat... • https://git.kernel.org/stable/c/ffd980f976e7fd666c2e61bf8ab35107efd11828 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46762 – xen: privcmd: Fix possible access to a freed kirqfd instance
https://notcve.org/view.php?id=CVE-2024-46762
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). If that happens, it is possible that a kirqfd created and added to the irqfds_list by privcmd_irqfd_assign() may get removed by another thread executing privcmd_irqfd_deassign(), while the former is still using it after dropping the locks. This can lead to a situation where an already... • https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46761 – pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
https://notcve.org/view.php?id=CVE-2024-46761
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes ... • https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46759 – hwmon: (adc128d818) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46759
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after ... • https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46755 – wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
https://notcve.org/view.php?id=CVE-2024-46755
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack. Fix this by returning only used priv pointers which have priv->bss_mode set to something ... • https://git.kernel.org/stable/c/a12cf97cbefa139ef8d95081f2ea047cbbd74b7a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46753 – btrfs: handle errors from btrfs_dec_ref() properly
https://notcve.org/view.php?id=CVE-2024-46753
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. Ubuntu Security No... • https://git.kernel.org/stable/c/a7f16a7a709845855cb5a0e080a52bda5873f9de •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46752 – btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
https://notcve.org/view.php?id=CVE-2024-46752
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory). In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_O... • https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46751 – btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
https://notcve.org/view.php?id=CVE-2024-46751
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and loggin... • https://git.kernel.org/stable/c/ef9a8b73c8b60b27d9db4787e624a3438ffe8428 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46750 – PCI: Add missing bridge lock to pci_bus_lock()
https://notcve.org/view.php?id=CVE-2024-46750
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? • https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9 •