CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53045 – ASoC: dapm: fix bounds checker error in dapm_widget_list_create
https://notcve.org/view.php?id=CVE-2024-53045
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: fix bounds checker error in dapm_widget_list_create The widgets array in the snd_soc_dapm_widget_list has a __counted_by attribute attached to it, which points to the num_widgets variable. This attribute is used in bounds checking, and if it is not set before the array is filled, then the bounds sanitizer will issue a warning or a kernel panic if CONFIG_UBSAN_TRAP is set. This patch sets the size of the widgets list calculated w... • https://git.kernel.org/stable/c/80e698e2df5ba2124bdeca37f1e589de58a4d514 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53044 – net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext()
https://notcve.org/view.php?id=CVE-2024-53044
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() This command: $ tc qdisc replace dev eth0 ingress_block 1 egress_block 1 clsact Error: block dev insert failed: -EBUSY. fails because user space requests the same block index to be set for both ingress and egress. [ side note, I don't think it even failed prior to commit 913b47d3424e ("net/sched: Introduce tc block netdev tracking infra"), because this is a command from a... • https://git.kernel.org/stable/c/94e2557d086ad831027c54bc9c2130d337c72814 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53043 – mctp i2c: handle NULL header address
https://notcve.org/view.php?id=CVE-2024-53043
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is transmitted by a different protocol. In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case... • https://git.kernel.org/stable/c/f5b8abf9fc3dacd7529d363e26fe8230935d65f8 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53042 – ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow()
https://notcve.org/view.php?id=CVE-2024-53042
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning [1]. Fix by using l3mdev_master_upper_ifindex_by_index() which will acquire the RCU read lock before calling l3mdev_master_upper_ifindex_by_index_rcu(). [1] WARNING: suspicious RCU usage 6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted... • https://git.kernel.org/stable/c/ab6c9463b137163ba53fc050bf2c72bed2c997b8 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50304 – ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
https://notcve.org/view.php?id=CVE-2024-50304
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() The per-netns IP tunnel hash table is protected by the RTNL mutex and ip_tunnel_find() is only called from the control path where the mutex is taken. Add a lockdep expression to hlist_for_each_entry_rcu() in ip_tunnel_find() in order to validate that the mutex is held and to silence the suspicious RCU usage warning [1]. [1] WARNING: suspicious RCU usage 6.12.0-rc3-custom-... • https://git.kernel.org/stable/c/c54419321455631079c7d6e60bc732dd0c5914c5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50303 – resource,kexec: walk_system_ram_res_rev must retain resource flags
https://notcve.org/view.php?id=CVE-2024-50303
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passing the information to the callback. This causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory to have these resources selected during kexec to store kexec buffers if that memory happens to be at placed above normal system ram. This leads to undefined behavior after reboot. If the kexec buffer is n... • https://git.kernel.org/stable/c/7acf164b259d9007264d9d8501da1023f140a3b4 •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50302 – HID: core: zero-initialize the report buffer
https://notcve.org/view.php?id=CVE-2024-50302
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's... • https://git.kernel.org/stable/c/27ce405039bfe6d3f4143415c638f56a3df77dca •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50301 – security/keys: fix slab-out-of-bounds in key_task_permission
https://notcve.org/view.php?id=CVE-2024-50301
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline] BUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410 security/keys/permission.c:54 Read of size 4 at addr ffff88813c3ab618 by task stress-ng/4362 CPU: 2 PID: 4362 Comm: stress-ng Not tai... • https://git.kernel.org/stable/c/b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50300 – regulator: rtq2208: Fix uninitialized use of regulator_config
https://notcve.org/view.php?id=CVE-2024-50300
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: regulator: rtq2208: Fix uninitialized use of regulator_config Fix rtq2208 driver uninitialized use to cause kernel error. • https://git.kernel.org/stable/c/85a11f55621a0c18b22b43ab4219450ac1d19386 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50299 – sctp: properly validate chunk size in sctp_sf_ootb()
https://notcve.org/view.php?id=CVE-2024-50299
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •