
CVE-2024-46740 – binder: fix UAF caused by offsets overwrite
https://notcve.org/view.php?id=CVE-2024-46740
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. ... This issue is made evident by the following KASAN report (trimmed): ========... • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a • CWE-416: Use After Free •

CVE-2024-46739 – uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
https://notcve.org/view.php?id=CVE-2024-46739
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. ... • https://git.kernel.org/stable/c/ca3cda6fcf1e922213a0cc58e708ffb999151db3 •

CVE-2024-46738 – VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
https://notcve.org/view.php?id=CVE-2024-46738
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_t... • https://git.kernel.org/stable/c/bc63dedb7d46a7d690c6b6edf69136b88af06cc6 •

CVE-2024-46737 – nvmet-tcp: fix kernel crash if commands allocation fails
https://notcve.org/view.php?id=CVE-2024-46737
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_releas... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •

CVE-2024-46736 – smb: client: fix double put of @cfile in smb2_rename_path()
https://notcve.org/view.php?id=CVE-2024-46736
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() again as the reference of @cfile was already dropped by previous smb2_compound_op() call. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_rename_path() If smb2_set_path_attr() is called w... • https://git.kernel.org/stable/c/1e60bc0e954389af82f1d9a85f13a63f6572350f •

CVE-2024-46735 – ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
https://notcve.org/view.php?id=CVE-2024-46735
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() When two UBLK_CMD_START_USER_RECOVERY commands are submitted, the first one sets 'ubq->ubq_daemon' to NULL, and the second one triggers WARN in ublk_queue_reinit() and subsequently a NULL pointer dereference issue. ... __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 In the Linux kernel, the following vulnerability has been resolved: ublk_drv:... • https://git.kernel.org/stable/c/c732a852b419fa057b53657e2daaf9433940391c •

CVE-2024-46734 – btrfs: fix race between direct IO write and fsync when using same fd
https://notcve.org/view.php?id=CVE-2024-46734
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we can end up either: 1) Attempt a fsync without holding the inode's lock, triggering an assertion failures when assertions are enabled; 2) Do an invalid memory access from the fsync task because the file private... • https://git.kernel.org/stable/c/4e17707035a65f6e5b2a4d987a308cf8ed8c5ad1 •

CVE-2024-46733 – btrfs: fix qgroup reserve leaks in cow_file_range
https://notcve.org/view.php?id=CVE-2024-46733
18 Sep 2024 — This results in failures at the unmount stage of the test that look like: BTRFS: error (device dm-8 state EA) in cleanup_transaction:2018: errno=-5 IO failure BTRFS: error (device dm-8 state EA) in btrfs_replace_file_extents:2416: errno=-5 IO failure BTRFS warning (device dm-8 state EA): qgroup 0/5 has unreleased space, type 0 rsv 28672 ------------[ cut here ]------------ WARNING: CPU: 3 PID: 22588 at fs/btrfs/disk-io.c:4333 close_ctree+0x222/0x4d0 [btrfs] Modules linked in: btrfs blake2b_generic libcrc32c... • https://git.kernel.org/stable/c/159f0f61b283ea71e827dd0c18c5dce197de1fa2 •

CVE-2024-46732 – drm/amd/display: Assign linear_pitch_alignment even for VM
https://notcve.org/view.php?id=CVE-2024-46732
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Supraja Sridhara, Benedict Schlüter, Mark... • https://git.kernel.org/stable/c/4562236b3bc0a28aeb6ee93b2d8a849a4c4e1c7c •

CVE-2024-46731 – drm/amd/pm: fix the Out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46731
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 •