CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-53064 – idpf: fix idpf_vc_core_init error path
https://notcve.org/view.php?id=CVE-2024-53064
In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpf_vc_core_init error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset is done, it tries to build the resources back. At this time if the device control plane is not yet started, then the driver timeouts on the virtchnl message and retries to establish the mailbox again. In the retry flow, mailbox is deinitialized but the mailbox workqueue is still alive and polling for the mailbox message. This results in accessing the released control queue leading to null-ptr-deref. Fix it by unrolling the work queue cancellation and mailbox deinitialization in the reverse order which they got initialized. • https://git.kernel.org/stable/c/4930fbf419a72d7477426fd883bfc37e20a61a6e https://git.kernel.org/stable/c/683fcd90ba22507ebeb1921a26dfe77efff8c266 https://git.kernel.org/stable/c/9b58031ff96b84a38d7b73b23c7ecfb2e0557f43 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53063 – media: dvbdev: prevent the risk of out of memory access
https://notcve.org/view.php?id=CVE-2024-53063
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did the needed checks. This can be fragile if some device ends using different calls. This also generate warnings on static check analysers like Coverity. So, add explicit guards to prevent potential risk of OOM issues. • https://git.kernel.org/stable/c/5dd3f3071070f5a306bdf8d474c80062f5691cba https://git.kernel.org/stable/c/fedfde9deb83ac8d2f3d5f36f111023df34b1684 https://git.kernel.org/stable/c/3b88675e18b6517043a6f734eaa8ea6eb3bfa140 https://git.kernel.org/stable/c/a4a17210c03ade1c8d9a9f193a105654b7a05c11 https://git.kernel.org/stable/c/5f76f7df14861e3a560898fa41979ec92424b58f https://git.kernel.org/stable/c/b751a96025275c17f04083cbfe856822f1658946 https://git.kernel.org/stable/c/1e461672616b726f29261ee81bb991528818537c https://git.kernel.org/stable/c/9c17085fabbde2041c893d29599800f2d •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-53062 – media: mgb4: protect driver against spectre
https://notcve.org/view.php?id=CVE-2024-53062
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: protect driver against spectre Frequency range is set from sysfs via frequency_range_store(), being vulnerable to spectre, as reported by smatch: drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r] drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half. 'reg_set' Fix it. • https://git.kernel.org/stable/c/0ab13674a9bd10514486cf1670d71dbd8afec421 https://git.kernel.org/stable/c/e0bc90742bbd6eb9c63e6c22f8f6e10be7b1e225 https://git.kernel.org/stable/c/2aee207e5b3c94ef859316008119ea06d6798d49 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53061 – media: s5p-jpeg: prevent buffer overflows
https://notcve.org/view.php?id=CVE-2024-53061
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment. • https://git.kernel.org/stable/c/6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4 https://git.kernel.org/stable/c/c5f6fefcda8fac8f082b6c5bf416567f4e100c51 https://git.kernel.org/stable/c/e5117f6e7adcf9fd7546cdd0edc9abe4474bc98b https://git.kernel.org/stable/c/f54e8e1e39dacccebcfb9a9a36f0552a0a97e2ef https://git.kernel.org/stable/c/a930cddfd153b5d4401df0c01effa14c831ff21e https://git.kernel.org/stable/c/c85db2d4432de4ff9d97006691ce2dcb5bda660e https://git.kernel.org/stable/c/784bc785a453eb2f8433dd62075befdfa1b2d6fd https://git.kernel.org/stable/c/c951a0859fdacf49a2298b5551a7e52b9 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53060 – drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
https://notcve.org/view.php?id=CVE-2024-53060
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) (cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1) • https://git.kernel.org/stable/c/ce8a00a00e36f61f5a1e47734332420b68784c43 https://git.kernel.org/stable/c/8d7a28eca7553d35d4ce192fa1f390f2357df41b https://git.kernel.org/stable/c/2ac7f253deada4d449559b65a1c1cd0a6f6f19b7 https://git.kernel.org/stable/c/27fc29b5376998c126c85cf9b15d9dfc2afc9cbe https://git.kernel.org/stable/c/1a9f55ed5b512f510ccd21ad527d532e60550e80 https://git.kernel.org/stable/c/a613a392417532ca5aaf3deac6e3277aa7aaef2b https://git.kernel.org/stable/c/b9d9881237afeb52eddd70077b7174bf17e2fa30 https://git.kernel.org/stable/c/a6dd15981c03f2cdc9a351a278f09b547 •