CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46807 – drm/amd/amdgpu: Check tbo resource pointer
https://notcve.org/view.php?id=CVE-2024-46807
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory in s... • https://git.kernel.org/stable/c/e55e3904ffeaff81715256a711b1a61f4ad5258a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46806 – drm/amdgpu: Fix the warning division or modulo by zero
https://notcve.org/view.php?id=CVE-2024-46806
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the warning division or modulo by zero Checks the partition mode and returns an error for an invalid mode. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker co... • https://git.kernel.org/stable/c/d116bb921e8b104f45d1f30a473ea99ef4262b9a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46805 – drm/amdgpu: fix the waring dereferencing hive
https://notcve.org/view.php?id=CVE-2024-46805
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix the waring dereferencing hive Check the amdgpu_hive_info *hive that maybe is NULL. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize... • https://git.kernel.org/stable/c/f20d1d5cbb39802f68be24458861094f3e66f356 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46804 – drm/amd/display: Add array index check for hdcp ddc access
https://notcve.org/view.php?id=CVE-2024-46804
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. [How] Check msg_id valid and valid array index. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add array index check for hdcp ddc access [Why] Coverity reports OVERRUN warning. Do not check if array index valid. • https://git.kernel.org/stable/c/2a63c90c7a90ab2bd23deebc2814fc5b52abf6d2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46803 – drm/amdkfd: Check debug trap enable before write dbg_ev_file
https://notcve.org/view.php?id=CVE-2024-46803
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interrupt context, write dbg_ev_file will be run by work queue. It will cause write dbg_ev_file execution after debug_trap_disable, which will cause NULL pointer access. v2: cancel work "debug_event_workarea" before set dbg_ev_file as NULL. In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check debug trap enable before write dbg_ev_file In interru... • https://git.kernel.org/stable/c/e6ea3b8fe398915338147fe54dd2db8155fdafd8 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46802 – drm/amd/display: added NULL check at start of dc_validate_stream
https://notcve.org/view.php?id=CVE-2024-46802
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linu... • https://git.kernel.org/stable/c/356fcce9cdbfe338a275e9e1836adfdd7f5c52a9 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48945 – media: vivid: fix compose size exceed boundary
https://notcve.org/view.php?id=CVE-2022-48945
23 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose size exceed boundary syzkaller found a bug: BUG: unable to handle page fault for address: ffffc9000a3b1000 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0 Oops: 0002 [#1] PREEMPT SMP CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0... • https://git.kernel.org/stable/c/ef834f7836ec0502f49f20bbc42f1240577a9c83 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46800 – sch/netem: fix use after free in netem_dequeue
https://notcve.org/view.php?id=CVE-2024-46800
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to update the parent's q.qlen, leading to the similar use-after-free as Commit e04991a48dbaf382 ("netem: fix return value if duplicate enqueue fails") Commands to trigger KASAN UaF: ip link add type dummy ip link set lo up ip link set du... • https://git.kernel.org/stable/c/50612537e9ab29693122fab20fc1eed235054ffe •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46787 – userfaultfd: fix checks for huge PMDs
https://notcve.org/view.php?id=CVE-2024-46787
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel version: 1. The pmd_trans_huge() check is racy and can lead to a BUG_ON() (if you hit the right two race windows) - I've tested this in a kernel build with some extra mdelay() calls. See the commit message for a description of the race ... • https://git.kernel.org/stable/c/c1a4de99fada21e2e9251e52cbb51eff5aadc757 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46782 – ila: call nf_unregister_net_hooks() sooner
https://notcve.org/view.php?id=CVE-2024-46782
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner syzbot found an use-after-free Read in ila_nf_input [1] Issue here is that ila_xlat_exit_net() frees the rhashtable, then call nf_unregister_net_hooks(). It should be done in the reverse way, with a synchronize_rcu(). This is a good match for a pre_exit() method. [1] BUG: KASAN: use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: use-after-free in __rhashtable_looku... • https://git.kernel.org/stable/c/7f00feaf107645d95a6d87e99b4d141ac0a08efd •