CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41077 – null_blk: fix validation of block size
https://notcve.org/view.php?id=CVE-2024-41077
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: null_blk: fix validation of block size Block size should be between 512 and PAGE_SIZE and be a power of 2. ... = 0 check] In the Linux kernel, the following vulnerability has been resolved: null_blk: fix validation of block size Block size should be between 512 and PAGE_SIZE and be a power of 2. ... = 0 check] Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential ... • https://git.kernel.org/stable/c/9625afe1dd4a158a14bb50f81af9e2dac634c0b1 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41076 – NFSv4: Fix memory leak in nfs4_set_security_label
https://notcve.org/view.php?id=CVE-2024-41076
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. A vulnerability was found in the nfs4_set_security_label() in the Linux kernel, where the function fails to free the nfs_fattr attribute before exiting, leaving said memory allocation present. ... Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the d... • https://git.kernel.org/stable/c/899604a7c958771840941caff9ee3dd8193d984c • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41075 – cachefiles: add consistency check for copen/cread
https://notcve.org/view.php?id=CVE-2024-41075
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. In the Linux kernel, the following vulnerability has been resolved: cachefiles: add consistency check for copen/cread This prevents malicious processes from completing random copen/cread requests and crashing the system. ... • https://git.kernel.org/stable/c/9032b6e8589f269743984aac53e82e4835be16dc •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41074 – cachefiles: Set object to close if ondemand_id < 0 in copen
https://notcve.org/view.php?id=CVE-2024-41074
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. In the Linux kernel, the following vulnerability has been resolved: cachefiles: Set object to close if ondemand_id < 0 in copen If copen is maliciously called in the user mode, it may delete the request corresponding to the random id. ... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41073 – nvme: avoid double free special payload
https://notcve.org/view.php?id=CVE-2024-41073
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. ... • https://git.kernel.org/stable/c/882574942a9be8b9d70d13462ddacc80c4b385ba • CWE-415: Double Free •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41072 – wifi: cfg80211: wext: add extra SIOCSIWSCAN data check
https://notcve.org/view.php?id=CVE-2024-41072
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check wheth... • https://git.kernel.org/stable/c/b02ba9a0b55b762bd04743a22f3d9f9645005e79 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41070 – KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()
https://notcve.org/view.php?id=CVE-2024-41070
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() Al reported a possible use-after-free (UAF) in kvm_spapr_tce_attach_iommu_group(). ... • https://git.kernel.org/stable/c/121f80ba68f1a5779a36d7b3247206e60e0a7418 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41069 – ASoC: topology: Fix references to freed memory
https://notcve.org/view.php?id=CVE-2024-41069
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology fi... • https://git.kernel.org/stable/c/b188d7f3dfab10e332e3c1066e18857964a520d2 •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41068 – s390/sclp: Fix sclp_init() cleanup on failure
https://notcve.org/view.php?id=CVE-2024-41068
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix sclp_init() cleanup on failure If sclp_init() fails it only partially cleans up: if there are multiple failing calls to sclp_init() sclp_state_change_event will be added several times to sclp_reg_list, which results in the following warning: ------------[ cut here ]------------ list_add double add: new=000003ffe1598c10, prev=000003ffe1598bf0, next=000003ffe1598c10. In the Linux kernel, the following vulnerabilit... • https://git.kernel.org/stable/c/a778987afc36d5dc02a1f82d352a81edcaf7eb83 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41067 – btrfs: scrub: handle RST lookup error correctly
https://notcve.org/view.php?id=CVE-2024-41067
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup error correctly [BUG] When running btrfs/060 with forced RST feature, it would crash the following ASSERT() inside scrub_read_endio(): ASSERT(sector_nr < stripe->nr_sectors); Before that, we would have tree dump from btrfs_get_raid_extent_offset(), as we failed to find the RST entry for the range. In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: handle RST lookup... • https://git.kernel.org/stable/c/17d1fd302a53d7e456a7412da74be74a0cf63a72 •