CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49868 – btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
https://notcve.org/view.php?id=CVE-2024-49868
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a failure. start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676 prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642 relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678 ... BTRFS info (device loop0): balance: ended with status: -12 Oops: general pr... • https://git.kernel.org/stable/c/1282f001cbf56e5dd6e90a18e205a566793f4be0 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49867 – btrfs: wait for fixup workers before stopping cleaner kthread during umount
https://notcve.org/view.php?id=CVE-2024-49867
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for any job... • https://git.kernel.org/stable/c/cd686dfff63f27d712877aef5b962fbf6b8bc264 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49860 – ACPI: sysfs: validate return type of _STR method
https://notcve.org/view.php?id=CVE-2024-49860
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory. In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory. Andy Nguyen discov... • https://git.kernel.org/stable/c/d1efe3c324ead77d3f6cd85093b50f6bd2e17aba •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49859 – f2fs: fix to check atomic_file in f2fs ioctl interfaces
https://notcve.org/view.php?id=CVE-2024-49859
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atomic_write status, which may cause potential race issue, fix it. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_... • https://git.kernel.org/stable/c/26b07bd2e1f124b0e430c8d250023f7205c549c3 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49858 – efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption
https://notcve.org/view.php?id=CVE-2024-49858
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and passed on to the OS using an EFI configuration table. The use of EFI_LOADER_DATA here results in the region being left unreserved in the E820 memory map constructed by the EFI stub, and this is the memory description that is passed on ... • https://git.kernel.org/stable/c/f76b69ab9cf04358266e3cea5748c0c2791fbb08 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49851 – tpm: Clean up TPM space after command failure
https://notcve.org/view.php?id=CVE-2024-49851
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed. Fix this by flushing the space in the event of command transmission failure. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/745b361e989af21ad40811c2586b60229f870a68 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47757 – nilfs2: fix potential oob read in nilfs_btree_check_delete()
https://notcve.org/view.php?id=CVE-2024-47757
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can h... • https://git.kernel.org/stable/c/17c76b0104e4a6513983777e1a17e0297a12b0c4 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47749 – RDMA/cxgb4: Added NULL check for lookup_atid
https://notcve.org/view.php?id=CVE-2024-47749
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookup_atid The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the `act_establish()` and `act_open_rpl()` functions. Add a NULL check to prevent null pointer dereferencing. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/cfdda9d764362ab77b11a410bb928400e6520d57 •
CVSS: 7.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47747 – net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2024-47747
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup. The sequence of operations that may lead to a UAF bug is as follows: CPU0 CPU1 | et... • https://git.kernel.org/stable/c/6fd9c53f71862a4797b7ed8a5de80e2c64829f56 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47745 – mm: call the security_mmap_file() LSM hook in remap_file_pages()
https://notcve.org/view.php?id=CVE-2024-47745
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: call the security_mmap_file() LSM hook in remap_file_pages() The remap_file_pages syscall handler calls do_mmap() directly, which doesn't contain the LSM security check. And if the process has called personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for RW pages, this will actually result in remapping the pages to RWX, bypassing a W^X policy enforced by SELinux. So we should check prot by security_mmap_file LSM hook... • https://git.kernel.org/stable/c/0f910dbf2f2a4a7820ba4bac7b280f7108aa05b1 •