CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23851
https://notcve.org/view.php?id=CVE-2024-23851
copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. copy_params en drivers/md/dm-ioctl.c en el kernel de Linux hasta 6.7.1 puede intentar asignar más de INT_MAX bytes y fallar debido a que falta una verificación de param_kernel->data_size. Esto está relacionado con ctl_ioctl. • https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM https://www.spinics.net/lists/dm-devel/msg56574.html https://www.spinics.net/lists/dm-devel/msg56694.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23850
https://notcve.org/view.php?id=CVE-2024-23850
In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. En btrfs_get_root_ref en fs/btrfs/disk-io.c en el kernel de Linux hasta 6.7.1, puede haber una falla de aserción y un bloqueo porque un subvolumen se puede leer demasiado pronto después de que se inserta su elemento raíz durante la creación del subvolumen. • https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu%40suse.com https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA%40mail.gmail.com •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51042 – kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c
https://notcve.org/view.php?id=CVE-2023-51042
In the Linux kernel before 6.4.12, amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free. En el kernel de Linux anterior a 6.4.12, amdgpu_cs_wait_all_fences en drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c tiene una barrera de use-after-free. A use-after-free flaw was found in the Linux kernel's AMD GPU driver which may allow access to members of a synchronization structure after the structure is freed. This issue could allow a local user to crash the system or to access confidential system memory. • https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.4.12 https://github.com/torvalds/linux/commit/2e54154b9f27262efd0cb4f903cc7d5ad1fe9628 https://access.redhat.com/security/cve/CVE-2023-51042 https://bugzilla.redhat.com/show_bug.cgi?id=2259866 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-0775 – Kernel: use-after-free while changing the mount option in __ext4_remount leading
https://notcve.org/view.php?id=CVE-2024-0775
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. Se encontró una falla de use-after-free en __ext4_remount en fs/ext4/super.c en ext4 en el kernel de Linux. Esta falla permite que un usuario local cause un problema de fuga de información mientras libera los nombres de archivos de cuota antiguos antes de una posible falla, lo que lleva a un use-after-free. • https://access.redhat.com/security/cve/CVE-2024-0775 https://bugzilla.redhat.com/show_bug.cgi?id=2259414 https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162 • CWE-416: Use After Free •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-0607 – Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
https://notcve.org/view.php?id=CVE-2024-0607
A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. • https://access.redhat.com/security/cve/CVE-2024-0607 https://bugzilla.redhat.com/show_bug.cgi?id=2258635 https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html • CWE-229: Improper Handling of Values •