CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46861 – usbnet: ipheth: do not stop RX on failing RX callback
https://notcve.org/view.php?id=CVE-2024-46861
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. bad NCM framing) * Lack of memory None of these should cause the driver to seize up. Make such failures non-critical and continue processing further incoming URBs. In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX ... • https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46860 – wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
https://notcve.org/view.php?id=CVE-2024-46860
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is... • https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46859 – platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
https://notcve.org/view.php?id=CVE-2024-46859
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SINF a... • https://git.kernel.org/stable/c/e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46848 – perf/x86/intel: Limit the period on Haswell
https://notcve.org/view.php?id=CVE-2024-46848
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? • https://git.kernel.org/stable/c/3a632cb229bfb18b6d09822cc842451ea46c013e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46844 – um: line: always fill *error_out in setup_one_line()
https://notcve.org/view.php?id=CVE-2024-46844
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line(). In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in al... • https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46843 – scsi: ufs: core: Remove SCSI host only if added
https://notcve.org/view.php?id=CVE-2024-46843
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is remov... • https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46842 – scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info
https://notcve.org/view.php?id=CVE-2024-46842
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for MBX_TIMEOUT cases, when firmware returns SFP information at a later time, that same mailbox memory region references previously freed memory in its cmpl routine. Fix by adding checks for the MBX_TIMEOUT retu... • https://git.kernel.org/stable/c/bba47fe3b038cca3d3ebd799665ce69d6d273b58 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46841 – btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
https://notcve.org/view.php?id=CVE-2024-46841
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/c1406d8329f500e4594cd9730cd313aebc3a4333 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46840 – btrfs: clean up our handling of refs == 0 in snapshot delete
https://notcve.org/view.php?id=CVE-2024-46840
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN... • https://git.kernel.org/stable/c/c847b28a799733b04574060ab9d00f215970627d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46836 – usb: gadget: aspeed_udc: validate endpoint index for ast udc
https://notcve.org/view.php?id=CVE-2024-46836
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoi... • https://git.kernel.org/stable/c/31bd4fab49c0adc6228848357c1b1df9395858af •