CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26793 – gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
https://notcve.org/view.php?id=CVE-2024-26793
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_newlink() The gtp_link_ops operations structure for the subsystem must be registered after registering the gtp_net_ops pernet operations structure. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: [ 1010.702740] gtp: GTP module unloaded [ 1010.715877] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] SMP KASAN NOPTI [ 1010.715888... • https://git.kernel.org/stable/c/459aa660eb1d8ce67080da1983bb81d716aa5a69 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26792 – btrfs: fix double free of anonymous device after snapshot creation failure
https://notcve.org/view.php?id=CVE-2024-26792
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of anonymous device after snapshot creation failure When creating a snapshot we may do a double free of an anonymous device in case there's an error committing the transaction. The second free may result in freeing an anonymous device number that was allocated by some other subsystem in the kernel or another btrfs filesystem. The steps that lead to this: 1) At ioctl.c:create_snapshot() we allocate an anonymous dev... • https://git.kernel.org/stable/c/66b317a2fc45b2ef66527ee3f8fa08fb5beab88d •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26791 – btrfs: dev-replace: properly validate device names
https://notcve.org/view.php?id=CVE-2024-26791
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getname_kernel(). Add a helper that validates both source and target device name buffers. For devid as the source initialize the buffer to empty string in case something tries to read it later. This was originally analyzed ... • https://git.kernel.org/stable/c/11d7a2e429c02d51e2dc90713823ea8b8d3d3a84 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26790 – dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
https://notcve.org/view.php?id=CVE-2024-26790
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC (Network On-Chip), causing a deadlock condition. Stalled transactions will trigger completion timeouts in PCIe controller. Workaround: Enable prefetch by setting the source descriptor prefetchable bit ( SD[PF] =... • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26789 – crypto: arm64/neonbs - fix out-of-bounds access on short input
https://notcve.org/view.php?id=CVE-2024-26789
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/neonbs - fix out-of-bounds access on short input The bit-sliced implementation of AES-CTR operates on blocks of 128 bytes, and will fall back to the plain NEON version for tail blocks or inputs that are shorter than 128 bytes to begin with. It will call straight into the plain NEON asm helper, which performs all memory accesses in granules of 16 bytes (the size of a NEON register). For this reason, the associated plain NEON... • https://git.kernel.org/stable/c/fc074e130051015e39245a4241956ff122e2f465 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26788 – dmaengine: fsl-qdma: init irq after reg initialization
https://notcve.org/view.php?id=CVE-2024-26788
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x... • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26787 – mmc: mmci: stm32: fix DMA API overlapping mappings warning
https://notcve.org/view.php?id=CVE-2024-26787
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Boa... • https://git.kernel.org/stable/c/46b723dd867d599420fb640c0eaf2a866ef721d4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26786 – iommufd: Fix iopt_access_list_id overwrite bug
https://notcve.org/view.php?id=CVE-2024-26786
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix iopt_access_list_id overwrite bug Syzkaller reported the following WARN_ON: WARNING: CPU: 1 PID: 4738 at drivers/iommu/iommufd/io_pagetable.c:1360 Call Trace: iommufd_access_change_ioas+0x2fe/0x4e0 iommufd_access_destroy_object+0x50/0xb0 iommufd_object_remove+0x2a3/0x490 iommufd_object_destroy_user iommufd_access_destroy+0x71/0xb0 iommufd_test_staccess_release+0x89/0xd0 __fput+0x272/0xb50 __fput_s... • https://git.kernel.org/stable/c/9227da7816dd1a42e20d41e2244cb63c205477ca • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26785 – iommufd: Fix protection fault in iommufd_test_syz_conv_iova
https://notcve.org/view.php?id=CVE-2024-26785
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix protection fault in iommufd_test_syz_conv_iova Syzkaller reported the following bug: general protection fault, probably for non-canonical address 0xdffffc0000000038: 0000 [#1] SMP KASAN KASAN: null-ptr-deref in range [0x00000000000001c0-0x00000000000001c7] Call Trace: lock_acquire lock_acquire+0x1ce/0x4f0 down_read+0x93/0x4a0 iommufd_test_syz_conv_iova+0x56/0x1f0 iommufd_test_access_rw.isra.0+0x2ec/0x390... • https://git.kernel.org/stable/c/9227da7816dd1a42e20d41e2244cb63c205477ca • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26784 – pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
https://notcve.org/view.php?id=CVE-2024-26784
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal On unloading of the scmi_perf_domain module got the below splat, when in the DT provided to the system under test the '#power-domain-cells' property was missing. Indeed, this particular setup causes the probe to bail out early without giving any error, which leads to the ->remove() callback gets to run too, but without all the expected initialized structures in place. Add a ... • https://git.kernel.org/stable/c/2af23ceb8624a419eaf40295c11fcb86ec9ee303 •