CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48877 – f2fs: let's avoid panic if extent_tree is not created
https://notcve.org/view.php?id=CVE-2022-48877
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: let's avoid panic if extent_tree is not created This patch avoids the below panic. pc : __lookup_extent_tree+0xd8/0x760 lr : f2fs_do_write_data_page+0x104/0x87c sp : ffffffc010cbb3c0 x29: ffffffc010cbb3e0 x28: 0000000000000000 x27: ffffff8803e7f020 x26: ffffff8803e7ed40 x25: ffffff8803e7f020 x24: ffffffc010cbb460 x23: ffffffc010cbb480 x22: 0000000000000000 x21: 0000000000000000 x20: ffffffff22e90900 x19: 0000000000000000 x18: ffffffc0... • https://git.kernel.org/stable/c/dd83a9763e29ed7a21c8a43f7a62cd0a6bf74692 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48875 – wifi: mac80211: sdata can be NULL during AMPDU start
https://notcve.org/view.php?id=CVE-2022-48875
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test multi_ap_fronthaul_on_ap: (gdb) list *drv_ampdu_action+0x46 0x8b16 is in drv_ampdu_action (net/mac80211/driver-ops.c:396). 391 int ret = -EOPNOTSUPP; 392 393 might_sleep(); 394 395 sdata = get_bss_sdata(sdata); 396 if (!check_sdata_in_dri... • https://git.kernel.org/stable/c/187523fa7c2d4c780f775cb869216865c4a909ef •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43882 – exec: Fix ToCToU between perm check and set-uid/gid usage
https://notcve.org/view.php?id=CVE-2024-43882
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning ... • https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43858 – jfs: Fix array-index-out-of-bounds in diFree
https://notcve.org/view.php?id=CVE-2024-43858
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in some situations. A physically proximate rem... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42311 – hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
https://notcve.org/view.php?id=CVE-2024-42311
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk... • https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42301 – dev/parport: fix the array out-of-bounds risk
https://notcve.org/view.php?id=CVE-2024-42301
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below is the stack trace I encountered during the actual issue: [ 66.575408s] [pid:5118,cpu4,QThread,4]Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: do_hardware_base_addr+0xcc/0xd0 [parport] [ 66.575408s] [pid:511... • https://git.kernel.org/stable/c/166a0bddcc27de41fe13f861c8348e8e53e988c8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42297 – f2fs: fix to don't dirty inode for readonly filesystem
https://notcve.org/view.php?id=CVE-2024-42297
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't dirty inode for readonly filesystem syzbot reports f2fs bug as below: kernel BUG at fs/f2fs/inode.c:933! RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 Call Trace: evict+0x2a4/0x620 fs/inode.c:664 dispose_list fs/inode.c:697 [inline] evict_inodes+0x5f8/0x690 fs/inode.c:747 generic_shutdown_super+0x9d/0x2c0 fs/super.c:675 kill_block_super+0x44/0x90 fs/super.c:1667 kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4... • https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42296 – f2fs: fix return value of f2fs_convert_inline_inode()
https://notcve.org/view.php?id=CVE-2024-42296
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_convert_inline_inode() If device is readonly, make f2fs_convert_inline_inode() return EROFS instead of zero, otherwise it may trigger panic during writeback of inline inode's dirty page as below: f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888 f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:... • https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42289 – scsi: qla2xxx: During vport delete send async logout explicitly
https://notcve.org/view.php?id=CVE-2024-42289
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access i... • https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42288 – scsi: qla2xxx: Fix for possible memory corruption
https://notcve.org/view.php?id=CVE-2024-42288
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cau... • https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb •