CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50134 – drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
https://notcve.org/view.php?id=CVE-2024-50134
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvid... • https://git.kernel.org/stable/c/dd55d44f408419278c00887bfcb2261d0caae350 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50133 – LoongArch: Don't crash in stack_top() for tasks without vDSO
https://notcve.org/view.php?id=CVE-2024-50133
05 Nov 2024 — This can for example happen when using kunit: [<9000000000203874>] stack_top+0x58/0xa8 [<90000000002956cc>] arch_pick_mmap_layout+0x164/0x220 [<90000000003c284c>] kunit_vm_mmap_init+0x108/0x12c [<90000000003c1fbc>] __kunit_add_resource+0x38/0x8c [<90000000003c2704>] kunit_vm_mmap+0x88/0xc8 [<9000000000410b14>] usercopy_test_init+0xbc/0x25c [<90000000003c1db4>] kunit_try_run_case+0x5c/0x184 [<90000000003c3d54>] kunit_generic_run_threadfn_adapter+0x24/0x48 [<900000000022e4bc>] kthread+0xc8/0xd4 [<900000000020... • https://git.kernel.org/stable/c/803b0fc5c3f2baa6e54978cd576407896f789b08 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50132 – tracing/probes: Fix MAX_TRACE_ARGS limit handling
https://notcve.org/view.php?id=CVE-2024-50132
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. ... En el kernel de Linux, se ha resuelto la siguie... • https://git.kernel.org/stable/c/035ba76014c096316fa809a46ce0a1b9af1cde0d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50131 – tracing: Consider the NULL character when validating the event length
https://notcve.org/view.php?id=CVE-2024-50131
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: considerar el carác... • https://git.kernel.org/stable/c/dec65d79fd269d05427c8167090bfc9c3d0b56c4 •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50130 – netfilter: bpf: must hold reference on net namespace
https://notcve.org/view.php?id=CVE-2024-50130
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpf_nf_link_release+0xda/0x1e0 bpf_link_free+0x139/0x2d0 bpf_link_release+0x68/0x80 __fput+0x414/0xb60 Eric says: It seems that bpf was able to defer the __nf_unregister_net_hook() after exit()/close() time. In the Linux kernel, the following vuln... • https://git.kernel.org/stable/c/84601d6ee68ae820dec97450934797046d62db4b • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50129 – net: pse-pd: Fix out of bound for loop
https://notcve.org/view.php?id=CVE-2024-50129
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures. In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: pse-pd: Corregir bucle ... • https://git.kernel.org/stable/c/9be9567a7c59b7314ea776f56945fe3fc28efe99 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50128 – net: wwan: fix global oob in wwan_rtnl_policy
https://notcve.org/view.php?id=CVE-2024-50128
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attrib... • https://git.kernel.org/stable/c/88b710532e53de2466d1033fb1d5125aabf3215a • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50127 – net: sched: fix use-after-free in taprio_change()
https://notcve.org/view.php?id=CVE-2024-50127
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->current_entry_lock' is too small to prevent from such a scenario (which causes use-after-free detected by KASAN). In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_ch... • https://git.kernel.org/stable/c/a3d43c0d56f1b94e74963a2fbadfb70126d92213 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50126 – net: sched: use RCU read-side critical section in taprio_dump()
https://notcve.org/view.php?id=CVE-2024-50126
05 Nov 2024 — extid=b65e0af58423fc8a73aa: [T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0 [T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862 [T15862] [T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2 [T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024 [T15862] Call trace: [T15862] dump_backtrace+0x20c/0x220 [T15862] show_stack+0x2c/0x40 [T15862] dump_stack_lvl+0xf8/0x174 [T15862] print_report+0x170/0x... • https://git.kernel.org/stable/c/18cdd2f0998a4967b1fff4c43ed9aef049e42c39 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-50125 – Bluetooth: SCO: Fix UAF on sco_sock_timeout
https://notcve.org/view.php?id=CVE-2024-50125
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid... • https://git.kernel.org/stable/c/ba316be1b6a00db7126ed9a39f9bee434a508043 • CWE-416: Use After Free •