CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50146 – net/mlx5e: Don't call cleanup on profile rollback failure
https://notcve.org/view.php?id=CVE-2024-50146
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile->cleanup in such a case. This was encountered while testing, with the original trigger that the wq rescuer thread creation got interrupted (presumably due to Ctrl+C-ing modprobe), which gets converted to ENOMEM (-12)... • https://git.kernel.org/stable/c/3ef14e463f6ed0218710f56b97e1a7d0448784d2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50145 – octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx()
https://notcve.org/view.php?id=CVE-2024-50145
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver. If skb allocation fails, keep on pulling packets out of the Rx DMA queue: we shouldn't break the polling immediately and thus falsely indicate to the octe... • https://git.kernel.org/stable/c/37d79d0596062057f588bdbb2ebad5455a43d353 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50143 – udf: fix uninit-value use in udf_get_fileshortad
https://notcve.org/view.php?id=CVE-2024-50143
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ud... • https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50142 – xfrm: validate new SA's prefixlen using SA family when sel.family is unset
https://notcve.org/view.php?id=CVE-2024-50142
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot created an SA with usersa.sel.family = AF_UNSPEC usersa.sel.prefixlen_s = 128 usersa.family = AF_INET Because of the AF_UNSPEC selector, verify_newsa_info doesn't put limits on prefixlen_{s,d}. But then copy_from_user_st... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50141 – ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context
https://notcve.org/view.php?id=CVE-2024-50141
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is finding a block of type EFI_CONVENTIONAL_MEMORY, which is not appropriate for runtime services as described in Section 2.2.2 (Runtime Services) of the UEFI Specification [1]. Since the PRM handler is a type of runtime service, this c... • https://git.kernel.org/stable/c/cefc7ca46235f01d5233e3abd4b79452af01d9e9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50140 – sched/core: Disable page allocation in task_tick_mm_cid()
https://notcve.org/view.php?id=CVE-2024-50140
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, expected: 0 [ 63.696416] RCU nest depth: ... • https://git.kernel.org/stable/c/223baf9d17f25e2608dbdff7232c095c1e612268 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50139 – KVM: arm64: Fix shift-out-of-bounds bug
https://notcve.org/view.php?id=CVE-2024-50139
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14 shift exponent 33 is too large for 32-bit type 'int' CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34 Hardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024 Call trace: dump_backtrace+0xa0/0x128 ... • https://git.kernel.org/stable/c/7af0c2534f4c57b16e92dfca8c5f40fa90fbb3f3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50138 – bpf: Use raw_spinlock_t in ringbuf
https://notcve.org/view.php?id=CVE-2024-50138
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is illustrated in the example below: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_... • https://git.kernel.org/stable/c/457f44363a8894135c85b7a9afd2bd8196db24ab •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50137 – reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
https://notcve.org/view.php?id=CVE-2024-50137
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver") was added. Add the judgment condition to avoid errors when calling reset_control_status on JH7110 SoC. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: reset: starfive: jh71x0: Se ha corregido el acceso al miembro vacío en el SoC JH... • https://git.kernel.org/stable/c/82327b127d4117e5b867cca945f97a5074aef786 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50136 – net/mlx5: Unregister notifier on eswitch init failure
https://notcve.org/view.php?id=CVE-2024-50136
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]------------ [ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered [ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90 [...snipped] [ 682.610052] Call Trace... • https://git.kernel.org/stable/c/0aa1e83a20f12e9eaad32f72212ebc7fe0c29c95 •