CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46749 – Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
https://notcve.org/view.php?id=CVE-2024-46749
18 Sep 2024 — dmesg log: [ 54.634586] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000080 [ 54.643398] Mem abort info: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (current EL), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: level 0 translation fault [ 54.666391] Data abort info: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overl... • https://git.kernel.org/stable/c/ab3a769b4dccec2cf60f0a0700b140991bf9afc8 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46748 – cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
https://notcve.org/view.php?id=CVE-2024-46748
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT Set the maximum size of a subrequest that writes to cachefiles to be MAX_RW_COUNT so that we don't overrun the maximum write we can make to the backing filesystem. In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT Set the maximum size of a subrequest that writes to cachefil... • https://git.kernel.org/stable/c/64e64e6c18c6bc7767ea6f2762c87c9ac981f2d1 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46747 – HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
https://notcve.org/view.php?id=CVE-2024-46747
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was ... • https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46746 – HID: amd_sfh: free driver_data after destroying hid device
https://notcve.org/view.php?id=CVE-2024-46746
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has been called. ... kasan_unpoison+0x44/0x70 [ 13.216688] do_init_module+0x238/0x750 [ 13.2196 ---truncated--- In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_dev... • https://git.kernel.org/stable/c/4f567b9f8141a86c7d878fadf136e5d1408e3e61 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46745 – Input: uinput - reject requests with unreasonable number of slots
https://notcve.org/view.php?id=CVE-2024-46745
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting ... • https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46744 – Squashfs: sanity check symbolic link size
https://notcve.org/view.php?id=CVE-2024-46744
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. ... • https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46743 – of/irq: Prevent device address out-of-bounds read in interrupt map walk
https://notcve.org/view.php?id=CVE-2024-46743
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2... • https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46742 – smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
https://notcve.org/view.php?id=CVE-2024-46742
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return ... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46741 – misc: fastrpc: Fix double free of 'buf' in error path
https://notcve.org/view.php?id=CVE-2024-46741
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' In fastrpc_req_mmap() error path, the fastrpc buffer is freed in fastrpc_req_munmap_impl() if unmap is successful. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix double free of 'buf' in error path smatch warning: drivers/misc/fastrpc.c:1926 fast... • https://git.kernel.org/stable/c/72fa6f7820c4cf96c5f7aabc4e54bdf52d1e2ac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46740 – binder: fix UAF caused by offsets overwrite
https://notcve.org/view.php?id=CVE-2024-46740
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. ... This issue is made evident by the following KASAN report (trimmed): ========... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a • CWE-416: Use After Free •