CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26711 – iio: adc: ad4130: zero-initialize clock init data
https://notcve.org/view.php?id=CVE-2024-26711
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4130: zero-initialize clock init data The clk_init_data struct does not have all its members initialized, causing issues when trying to expose the internal clock on the CLK pin. Fix this by zero-initializing the clk_init_data struct. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iio: adc: ad4130: datos de inicio de reloj con inicialización cero La estructura clk_init_data no tiene todos sus miembros inicializad... • https://git.kernel.org/stable/c/62094060cf3acaf52e277457d807ea753269b89e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26710 – powerpc/kasan: Limit KASAN thread size increase to 32KB
https://notcve.org/view.php?id=CVE-2024-26710
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Limit KASAN thread size increase to 32KB KASAN is seen to increase stack usage, to the point that it was reported to lead to stack overflow on some 32-bit machines (see link). To avoid overflows the stack size was doubled for KASAN builds in commit 3e8635fb2e07 ("powerpc/kasan: Force thread size increase with KASAN"). However with a 32KB stack size to begin with, the doubling leads to a 64KB stack, which causes build errors: ... • https://git.kernel.org/stable/c/9ccf64e763aca088b0d25c1274af42b1a6a45135 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26709 – powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
https://notcve.org/view.php?id=CVE-2024-26709
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach The function spapr_tce_platform_iommu_attach_dev() is missing to call iommu_group_put() when the domain is already set. This refcount leak shows up with BUG_ON() during DLPAR remove operation as: KernelBug: Kernel bug in state 'None': kernel BUG at arch/powerpc/platforms/pseries/iommu.c:100! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix S... • https://git.kernel.org/stable/c/a8ca9fc9134c1a43e6d4db7ff59496bbd7075def •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26708 – mptcp: really cope with fastopen race
https://notcve.org/view.php?id=CVE-2024-26708
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: really cope with fastopen race Fastopen and PM-trigger subflow shutdown can race, as reported by syzkaller. In my first attempt to close such race, I missed the fact that the subflow status can change again before the subflow_state_change callback is invoked. Address the issue additionally copying with all the states directly reachable from TCP_FIN_WAIT1. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mptcp: realm... • https://git.kernel.org/stable/c/1e777f39b4d75e599a3aac8e0f67d739474f198c • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26707 – net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
https://notcve.org/view.php?id=CVE-2024-26707
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will not help much in this case, it might be prudent to switch to netdev_warn_once(). At the very least it will suppress syzkaller reports such as [1]. Just in case, use netdev_warn_once() in send_prp_supervision_frame() for similar reasons. [1] HSR: Cou... • https://git.kernel.org/stable/c/121c33b07b3127f501b366bc23d2a590e2f2b8ef •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26706 – parisc: Fix random data corruption from exception handler
https://notcve.org/view.php?id=CVE-2024-26706
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: Fix random data corruption from exception handler The current exception handler implementation, which assists when accessing user space memory, may exhibit random data corruption if the compiler decides to use a different register than the specified register %r29 (defined in ASM_EXCEPTIONTABLE_REG) for the error code. If the compiler choose another register, the fault handler will nevertheless store -EFAULT into %r29 and thus trash ... • https://git.kernel.org/stable/c/23027309b099ffc4efca5477009a11dccbdae592 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26705 – parisc: BTLB: Fix crash when setting up BTLB at CPU bringup
https://notcve.org/view.php?id=CVE-2024-26705
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about the BTLB information to set up the static (block) TLB entries. For that write access to the static btlb_info struct is needed, but since it is marked __ro_after_init the kernel segfaults with missing write permissions. Fix the crash by dropping the __ro_after_init annotation. En el kernel de Linux, se ha resuel... • https://git.kernel.org/stable/c/e5ef93d02d6c9cc3a14e7348481c9e41a528caa1 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26704 – ext4: fix double-free of blocks due to wrong extents moved_len
https://notcve.org/view.php?id=CVE-2024-26704
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len is not zero. When the loop fails to exit after successfully moving some extents, moved_len is not updated and remains at 0, so it does not discard the preallocations. If the moved extents overlap with the prealloca... • https://git.kernel.org/stable/c/fcf6b1b729bcd23f2b49a84fb33ffbb44712ee6a • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26703 – tracing/timerlat: Move hrtimer_init to timerlat_fd open()
https://notcve.org/view.php?id=CVE-2024-26703
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Move hrtimer_init to timerlat_fd open() Currently, the timerlat's hrtimer is initialized at the first read of timerlat_fd, and destroyed at close(). It works, but it causes an error if the user program open() and close() the file without reading. Here's an example: # echo NO_OSNOISE_WORKLOAD > /sys/kernel/debug/tracing/osnoise/options # echo timerlat > /sys/kernel/debug/tracing/current_tracer # cat <
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26702 – iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC
https://notcve.org/view.php?id=CVE-2024-26702
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to prevent out of bound access. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iio: magnetómetro: rm3100: agregue verificación de los límites para el valo... • https://git.kernel.org/stable/c/121354b2eceb2669ebdffa76b105ad6c03413966 • CWE-125: Out-of-bounds Read •