CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-49949 – net: avoid potential underflow in qdisc_pkt_len_init() with UFO
https://notcve.org/view.php?id=CVE-2024-49949
21 Oct 2024 — [1] [ 70.724101] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 70.724561] #PF: supervisor read access in kernel mode [ 70.724561] #PF: error_code(0x0000) - not-present page [ 70.724561] PGD 10ac61067 P4D 10ac61067 PUD 107ee2067 PMD 0 [ 70.724561] Oops: Oops: 0000 [#1] SMP NOPTI [ 70.724561] CPU: 11 UID: 0 PID: 2163 Comm: b358537762 Not tainted 6.11.0-virtme #991 [ 70.724561] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 70.724561] RIP: 00... • https://git.kernel.org/stable/c/960b360ca7463921c1a6b72e7066a706d6406223 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49948 – net: add more sanity checks to qdisc_pkt_len_init()
https://notcve.org/view.php?id=CVE-2024-49948
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. • https://git.kernel.org/stable/c/1def9238d4aa2146924994aa4b7dc861f03b9362 • CWE-20: Improper Input Validation •
CVSS: 5.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49947 – net: test for not too small csum_start in virtio_net_hdr_to_skb()
https://notcve.org/view.php?id=CVE-2024-49947
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csum_start in virtio_net_hdr_to_skb() syzbot was able to trigger this warning [1], after injecting a malicious packet through af_packet, setting skb->csum_start and thus the transport header to an incorrect value. ... /include/linux/skbuff.h:1146 .... /include/linux/skbuff.h:1146 .... /include/linux/skbuff.h:1146 .... /include/net/l3mdev.h:213 ne ---truncated--- Michael Randrianantenai... • https://git.kernel.org/stable/c/342c88f406c2acd3dd00767aeacafe883cebb374 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49946 – ppp: do not assume bh is held in ppp_channel_bridge_input()
https://notcve.org/view.php?id=CVE-2024-49946
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input() Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the socket was owned by a user process. ... -{2:2}, at: spin_lock include/linux/spinlock.h:351 [inline] ffff0000db7f11e0 (&pch->downl){+.?.}... -{2:2}, at: spin_lock include/linux/spinlock.h:35... • https://git.kernel.org/stable/c/4cf476ced45d7f12df30a68e833b263e7a2202d1 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49945 – net/ncsi: Disable the ncsi work before freeing the associated structure
https://notcve.org/view.php?id=CVE-2024-49945
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic. In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic. • https://git.kernel.org/stable/c/2d283bdd079c0ad4da020bbc9e9c2a4280823098 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49944 – sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start
https://notcve.org/view.php?id=CVE-2024-49944
21 Oct 2024 — KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] RIP: 0010:sctp_inet_listen+0x7f0/0xa20 net/sctp/socket.c:8617 Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49943 – drm/xe/guc_submit: add missing locking in wedged_fini
https://notcve.org/view.php?id=CVE-2024-49943
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be running concurrently with an async queue destroy, therefore dereferencing the queue ptr to check wedge status after the lookup can trigger UAF if queue is not wedged. ... (cherry picked from commit d28af0b6b9580b9f90c265a7da0315b0ad20bbfd) In the Linux kernel, the following vulnerability has been resolved: drm/xe... • https://git.kernel.org/stable/c/8ed9aaae39f39130b7a3eb2726be05d7f64b344c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49942 – drm/xe: Prevent null pointer access in xe_migrate_copy
https://notcve.org/view.php?id=CVE-2024-49942
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. ... _raw_spin_unlock_irqrestore+0x31/0x60 <4> [317.128404] kunit_generic_run_threadfn_adapter+0x1e/0x40 [ku ---truncated--- In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. ... _raw_s... • https://git.kernel.org/stable/c/266c85885263022954928b125d46ab7a78c77a69 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49941 – gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
https://notcve.org/view.php?id=CVE-2024-49941
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may return a NULL pointer, leading to a scenario where `label->str` is accessed without verifying if `label` itself is NULL. In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In `gpiod_get_label()`, it i... • https://git.kernel.org/stable/c/a86d27693066a34a29be86f394bbad847b2d1749 •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49940 – l2tp: prevent possible tunnel refcount underflow
https://notcve.org/view.php?id=CVE-2024-49940
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. ... • https://git.kernel.org/stable/c/f7415e60c25a6108cd7955a20b2e66b6251ffe02 •