CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50150 – usb: typec: altmode should keep reference to parent
https://notcve.org/view.php?id=CVE-2024-50150
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a reference to the parent and put it in the release function. Before this fix, when using CONFIG_DEBUG_KOBJECT_RELEASE, we see issues like this: [ 43.572860] kobject: 'port0.0' (ffff8880057ba008): kobject_release, parent 0000000000000000 (delayed 3000) [ 43.57353... • https://git.kernel.org/stable/c/8a37d87d72f0c69f837229c04d2fcd7117ea57e7 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50148 – Bluetooth: bnep: fix wild-memory-access in proto_unregister
https://notcve.org/view.php?id=CVE-2024-50148
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows: KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G W RIP: 0010:proto_unregister+0xee/0x400 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50147 – net/mlx5: Fix command bitmask initialization
https://notcve.org/view.php?id=CVE-2024-50147
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In addition, mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command as well. Hence, in case health error occurred before any MANAGE_PAGES command have been invoke (for example, during mlx5_enable_hca()), mlx5_cmd... • https://git.kernel.org/stable/c/9b98d395b85dd042fe83fb696b1ac02e6c93a520 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50146 – net/mlx5e: Don't call cleanup on profile rollback failure
https://notcve.org/view.php?id=CVE-2024-50146
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile->cleanup in such a case. This was encountered while testing, with the original trigger that the wq rescuer thread creation got interrupted (presumably due to Ctrl+C-ing modprobe), which gets converted to ENOMEM (-12) by... • https://git.kernel.org/stable/c/3ef14e463f6ed0218710f56b97e1a7d0448784d2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50145 – octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
https://notcve.org/view.php?id=CVE-2024-50145
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver. If skb allocation fails, keep on pulling packets out of the Rx DMA queue: we shouldn't break the polling immediately and thus falsely indicate to the octep_n... • https://git.kernel.org/stable/c/37d79d0596062057f588bdbb2ebad5455a43d353 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50143 – udf: fix uninit-value use in udf_get_fileshortad
https://notcve.org/view.php?id=CVE-2024-50143
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: ... • https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50142 – xfrm: validate new SA's prefixlen using SA family when sel.family is unset
https://notcve.org/view.php?id=CVE-2024-50142
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot created an SA with usersa.sel.family = AF_UNSPEC usersa.sel.prefixlen_s = 128 usersa.family = AF_INET Because of the AF_UNSPEC selector, verify_newsa_info doesn't put limits on prefixlen_{s,d}. But then copy_from_user_state sets x->sel.... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50141 – ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
https://notcve.org/view.php?id=CVE-2024-50141
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1]. Since the PRM handler is a type of runtime service, this caus... • https://git.kernel.org/stable/c/cefc7ca46235f01d5233e3abd4b79452af01d9e9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50140 – sched/core: Disable page allocation in task_tick_mm_cid()
https://notcve.org/view.php?id=CVE-2024-50140
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, expected: 0 [ 63.696416] RCU nest depth: 1, expected... • https://git.kernel.org/stable/c/223baf9d17f25e2608dbdff7232c095c1e612268 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50139 – KVM: arm64: Fix shift-out-of-bounds bug
https://notcve.org/view.php?id=CVE-2024-50139
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14 shift exponent 33 is too large for 32-bit type 'int' CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34 Hardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024 Call trace: dump_backtrace+0xa0/0x128 show... • https://git.kernel.org/stable/c/7af0c2534f4c57b16e92dfca8c5f40fa90fbb3f3 •