CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37026 – drm/xe: Only use reserved BCS instances for usm migrate exec queue
https://notcve.org/view.php?id=CVE-2024-37026
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/a043fbab7af54c64017269dc96f43f441ed4bcaf •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-37021 – fpga: manager: add owner module and take its refcount
https://notcve.org/view.php?id=CVE-2024-37021
24 Jun 2024 — Other changes: opportunistically move put_device() from __fpga_mgr_get() to fpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the manager device is taken in these functions. Other changes: opportunistically move put_device() from __fpga_mgr_get() to fpga_mgr_get() and of_fpga_mgr_get() to improve code clarity since the manager device is taken in these functions. ... • https://git.kernel.org/stable/c/654ba4cc0f3ed7c0f08bfb39f66059d8c42943ee •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36479 – fpga: bridge: add owner module and take its refcount
https://notcve.org/view.php?id=CVE-2024-36479
24 Jun 2024 — Other changes: opportunistically move put_device() from __fpga_bridge_get() to fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since the bridge device is taken in these functions. Other changes: opportunistically move put_device() from __fpga_bridge_get() to fpga_bridge_get() and of_fpga_bridge_get() to improve code clarity since the bridge device is taken in these functions. ... • https://git.kernel.org/stable/c/21aeda950c5f84a8351b862816d832120b217a9b •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-34030 – PCI: of_property: Return error for int_map allocation failure
https://notcve.org/view.php?id=CVE-2024-34030
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/407d1a51921e9f28c1bcec647c2205925bd1fdab • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-34027 – f2fs: compress: fix to cover {reserve,release}_compress_blocks() w/ cp_rwsem lock
https://notcve.org/view.php?id=CVE-2024-34027
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c75488fb4d82b697f381f855bf5b16779df440aa • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2024-33847 – f2fs: compress: don't allow unaligned truncation on released compress inode
https://notcve.org/view.php?id=CVE-2024-33847
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/c61404153eb683da9c35aad133131554861ed561 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32936 – media: ti: j721e-csi2rx: Fix races while restarting DMA
https://notcve.org/view.php?id=CVE-2024-32936
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/b4a3d877dc92963a4db16ddb71df3d333c0d40bd •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39291 – drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
https://notcve.org/view.php?id=CVE-2024-39291
24 Jun 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/86301129698be52f8398f92ea8564168f6bfcae1 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38667 – riscv: prevent pt_regs corruption for secondary idle threads
https://notcve.org/view.php?id=CVE-2024-38667
24 Jun 2024 — A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. ... A physically proximate remote attacker could use this to expose sensitive information. • https://git.kernel.org/stable/c/2875fe0561569f82d0e63658ccf0d11ce7da8922 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4748 – RCE in Cruddiy
https://notcve.org/view.php?id=CVE-2024-4748
24 Jun 2024 — The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which would send such a malicious request to the locally launched server. El proyecto CRUDDIY es vulnerable a la inyección de comandos de shell mediante el envío de una solicitud POST manipulada al servidor de aplicaciones.... • https://cert.pl/en/posts/2024/06/CVE-2024-4748 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •