CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50126 – net: sched: use RCU read-side critical section in taprio_dump()
https://notcve.org/view.php?id=CVE-2024-50126
05 Nov 2024 — extid=b65e0af58423fc8a73aa: [T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0 [T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862 [T15862] [T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2 [T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024 [T15862] Call trace: [T15862] dump_backtrace+0x20c/0x220 [T15862] show_stack+0x2c/0x40 [T15862] dump_stack_lvl+0xf8/0x174 [T15862] print_report+0x170/0x... • https://git.kernel.org/stable/c/18cdd2f0998a4967b1fff4c43ed9aef049e42c39 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-50125 – Bluetooth: SCO: Fix UAF on sco_sock_timeout
https://notcve.org/view.php?id=CVE-2024-50125
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid... • https://git.kernel.org/stable/c/ba316be1b6a00db7126ed9a39f9bee434a508043 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50124 – Bluetooth: ISO: Fix UAF on iso_sock_timeout
https://notcve.org/view.php?id=CVE-2024-50124
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid... • https://git.kernel.org/stable/c/ccf74f2390d60a2f9a75ef496d2564abb478f46a • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50123 – bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
https://notcve.org/view.php?id=CVE-2024-50123
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf:... • https://git.kernel.org/stable/c/699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50122 – PCI: Hold rescan lock while adding devices during host probe
https://notcve.org/view.php?id=CVE-2024-50122
05 Nov 2024 — The latter need to take the rescan lock when adding devices or we may end up in an undefined state having two incompletely added devices and hit the following crash when trying to remove the device over sysfs: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Internal error: Oops: 0000000096000004 [#1] SMP Call trace: __pi_strlen+0x14/0x150 kernfs_find_ns+0x80/0x13c kernfs_remove_by_name_ns+0x54/0xf0 sysfs_remove_bin_file+0x24/0x34 pci_remove_resource_files+0x3c/0x84 pci_r... • https://git.kernel.org/stable/c/4565d2652a37e438e4cd729e2a8dfeffe34c958c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50121 – nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
https://notcve.org/view.php?id=CVE-2024-50121
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`. In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the norma... • https://git.kernel.org/stable/c/2bbf10861d51dae76c6da7113516d0071c782653 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50120 – smb: client: Handle kstrdup failures for passwords
https://notcve.org/view.php?id=CVE-2024-50120
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failur... • https://git.kernel.org/stable/c/7e8cffa4f85e6839335d75e6b47f918d90c1d194 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50119 – cifs: fix warning when destroy 'cifs_io_request_pool'
https://notcve.org/view.php?id=CVE-2024-50119
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifs_io_request_pool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50118 – btrfs: reject ro->rw reconfiguration if there are hard ro requirements
https://notcve.org/view.php?id=CVE-2024-50118
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) Oops: general protection fault, probably for non-canonical addres... • https://git.kernel.org/stable/c/f044b318675f0347ecfb88377542651ba4eb9e1f •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50117 – drm/amd: Guard against bad data for ATIF ACPI method
https://notcve.org/view.php?id=CVE-2024-50117
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ... (cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd: Protección contra datos erróneos para el método ACPI de ATIF Si un BIOS proporciona datos erróneos en respuesta... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 • CWE-476: NULL Pointer Dereference •