CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-40899 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
https://notcve.org/view.php?id=CVE-2024-40899
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/e73fa11a356ca0905c3cc648eaacc6f0f2d2c8b3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-39510 – cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
https://notcve.org/view.php?id=CVE-2024-39510
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/0a7e54c1959c0feb2de23397ec09c7692364313e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39509 – HID: core: remove unnecessary WARN_ON() in implement()
https://notcve.org/view.php?id=CVE-2024-39509
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous. Remove it to suppress future syzkaller triggers. [1] WARNING: CPU: 0 PID... • https://git.kernel.org/stable/c/95d1c8951e5bd50bb89654a99a7012b1e75646bd •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39508 – io_uring/io-wq: Use set_bit() and test_bit() at worker->flags
https://notcve.org/view.php?id=CVE-2024-39508
12 Jul 2024 — To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. ... To mitigate this, refactor the code to use atomic operations such as set_bit(), test_bit(), and clear_bit() instead of basic "and" and "or" operations. ... A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/ab702c3483db9046bab9f40306f1a28b22dbbdc0 • CWE-364: Signal Handler Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-39507 – net: hns3: fix kernel crash problem in concurrent scenario
https://notcve.org/view.php?id=CVE-2024-39507
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/45e92b7e4e27a427de7e87d5c4d63d4ce7ba02ab •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39506 – liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet
https://notcve.org/view.php?id=CVE-2024-39506
12 Jul 2024 — ->disp_fn(rdisp->rinfo, ...) lio_vf_rep_pkt_recv(struct octeon_recv_info *recv_info, ...) In this path there is no code which sets pg_info->page to NULL. So this check looks unneeded and doesn't solve potential problem. But I guess the author had reason to add a check and I have no such card and can't do real test. In addition, the code in the function liquidio_push_packet() in liquidio/lio_core.c does exactly the same. In addition, the code in the function liquidio_push_packet() in liq... • https://git.kernel.org/stable/c/1f233f327913f3dee0602cba9c64df1903772b55 • CWE-476: NULL Pointer Dereference •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39505 – drm/komeda: check for error-valued pointer
https://notcve.org/view.php?id=CVE-2024-39505
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komeda_pipeline_get_state() may return an error-valued pointer, thus check the pointer for negative or null value before dereferencing. In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komeda_pipeline_get_state() may return an error-valued pointer, thus check the pointer for negative or null value before dereferencing. Ziming Zhang disco... • https://git.kernel.org/stable/c/502932a03fceca1cb161eba5f30b18eb640aa8de •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39504 – netfilter: nft_inner: validate mandatory meta and payload
https://notcve.org/view.php?id=CVE-2024-39504
12 Jul 2024 — A local attacker could use this to cause a denial of service or possibly execute arbitrary code. • https://git.kernel.org/stable/c/3a07327d10a09379315c844c63f27941f5081e0a • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-39503 – netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type
https://notcve.org/view.php?id=CVE-2024-39503
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type Lion Ackermann reported that there is a race condition between namespace cleanup in ipset and the garbage collection of the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free. The patch contains the f... • https://git.kernel.org/stable/c/c7f2733e5011bfd136f1ca93497394d43aa76225 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-39502 – ionic: fix use after netif_napi_del()
https://notcve.org/view.php?id=CVE-2024-39502
12 Jul 2024 — Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 3 PID: 1057 Comm: kworker/3:3 Not tainted 6.10.0-rc2+ #16 Workqueue: events ionic_lif_deferred_work [ionic] RIP: 0010:napi_enable+0x3b/0x40 Code: 48 89 c2 48 83 e2 f6 80 b9 61 09 00 00 00 74 0d 48 83 bf 60 01 00 00 00 74 03 80 ce 01 f0 4f RSP: 0018:ffffb6ed83227d48 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff97560cda0828 RCX: 0000000000000029 RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff97560cda0a28 RBP: ffffb6ed83227d50 R08: 00000000... • https://git.kernel.org/stable/c/0f3154e6bcb354968cc04f7cd86ce466f7b9a814 • CWE-416: Use After Free •