CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50166 – fsl/fman: Fix refcount handling of fman-related devices
https://notcve.org/view.php?id=CVE-2024-50166
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In mac_probe() there are multiple calls to of_find_device_by_node(), fman_bind() and fman_port_bind() which takes references to of_dev->dev. Not all references taken by these calls are released later on error path in mac_probe() and in mac_remove() which lead to reference leaks. Add references release. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fsl/fman: se h... • https://git.kernel.org/stable/c/3933961682a30ae7d405cda344c040a129fea422 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50164 – bpf: Fix overloading of MEM_UNINIT's meaning
https://notcve.org/view.php?id=CVE-2024-50164
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEM_UNINIT's meaning Lonial reported an issue in the BPF verifier where check_mem_size_reg() has the following code: if (!tnum_is_const(reg->var_off)) /* For unprivileged variable accesses, disable raw * mode so that the program is required to * initialize all the memory that the helper could * just partially fill up. */ meta = NULL; This means that writes ... • https://git.kernel.org/stable/c/7b3552d3f9f6897851fc453b5131a967167e43c2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50163 – bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
https://notcve.org/view.php?id=CVE-2024-50163
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap The bpf_redirect_info is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri->flags field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that if skb bpf_redirect_neigh() is used with a non-NULL params argument and, subsequently, an XDP redirect is performed using the same bpf_redirect_info struct, the XDP... • https://git.kernel.org/stable/c/e624d4ed4aa8cc3c69d1359b0aaea539203ed266 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50162 – bpf: devmap: provide rxq after redirect
https://notcve.org/view.php?id=CVE-2024-50162
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPF_MAP_TYPE_DEVMAP* does not have it set. This is particularly bad since accessing ingress_ifindex, e.g. SEC("xdp") int prog(struct xdp_md *pkt) { return bpf_redirect_map(&dev_redirect_map, 0, 0); } SEC("xdp/devmap") int prog_after_redirect(struct xdp_m... • https://git.kernel.org/stable/c/cb261b594b4108668e00f565184c7c221efe0359 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50160 – ALSA: hda/cs8409: Fix possible NULL dereference
https://notcve.org/view.php?id=CVE-2024-50160
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguien... • https://git.kernel.org/stable/c/20e507724113300794f16884e7e7507d9b4dec68 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50159 – firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()
https://notcve.org/view.php?id=CVE-2024-50159
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Clang static checker(scan-build) throws below warning: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Attempt to free released memory. When devm_add_action_or_reset() fails, scmi_debugfs_common_cleanup() will run twice which causes double free of 'dbg->name'. Remove the redundant scmi_debugfs_common_cleanup() to fix this problem. En el kernel ... • https://git.kernel.org/stable/c/c3d4aed763ce4a39f8ed36c7b7cd9a6a35971329 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50158 – RDMA/bnxt_re: Fix out of bound check
https://notcve.org/view.php?id=CVE-2024-50158
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix out of bound check Driver exports pacing stats only on GenP5 and P7 adapters. But while parsing the pacing stats, driver has a check for "rdev->dbr_pacing". This caused a trace when KASAN is enabled. BUG: KASAN: slab-out-of-bounds in bnxt_re_get_hw_stats+0x2b6a/0x2e00 [bnxt_re] Write of size 8 at addr ffff8885942a6340 by task modprobe/4809 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/bnxt_re:... • https://git.kernel.org/stable/c/8b6573ff3420a2da1deb469a480dbc454745f784 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50157 – RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop
https://notcve.org/view.php?id=CVE-2024-50157
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop Driver waits indefinitely for the fifo occupancy to go below a threshold as soon as the pacing interrupt is received. This can cause soft lockup on one of the processors, if the rate of DB is very high. Add a loop count for FPGA and exit the __wait_for_fifo_occupancy_below_th if the loop is taking more time. Pacing will be continuing until the occupancy is below the threshold.... • https://git.kernel.org/stable/c/2ad4e6303a6d7518632739eaf67821a3553db1bd •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50156 – drm/msm: Avoid NULL dereference in msm_disp_state_print_regs()
https://notcve.org/view.php?id=CVE-2024-50156
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed then `block->state` can be NULL. The msm_disp_state_print_regs() function _does_ have code to try to handle it with: if (*reg) dump_addr = *reg; ...but since "dump_addr" is initialized to NULL the above is actually a noop. The code then goes on to dereference `dump_addr`. Make the function print "Registers not sto... • https://git.kernel.org/stable/c/98659487b845c05b6bed85d881713545db674c7c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50155 – netdevsim: use cond_resched() in nsim_dev_trap_report_work()
https://notcve.org/view.php?id=CVE-2024-50155
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool nsim_dev_trap_report_work() with hundreds of ports [1] Lets use cond_resched(), and system_unbound_wq instead of implicit system_wq. [1] INFO: task syz-executor:20633 blocked for more than 143 seconds. Not tainted 6.12.0-rc2-syzkaller-00205-g1d227fcc7222 #0 "echo 0 > /proc/sys/kernel/hung_task_timeout_s... • https://git.kernel.org/stable/c/0193e0660cc6689c794794b471492923cfd7bfbc •