CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50057 – usb: typec: tipd: Free IRQ only if it was requested before
https://notcve.org/view.php?id=CVE-2024-50057
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: tipd: Free IRQ only if it was requested before In polling mode, if no IRQ was requested there is no need to free it. Call devm_free_irq() only if client->irq is set. This fixes the warning caused by the tps6598x module removal: WARNING: CPU: 2 PID: 333 at kernel/irq/devres.c:144 devm_free_irq+0x80/0x8c ... ... Call trace: devm_free_irq+0x80/0x8c tps6598x_remove+0x28/0x88 [tps6598x] i2c_device_remove+0x2c/0x9c device_remove+0x4c/... • https://git.kernel.org/stable/c/b72bf5cade51ba4055c8a8998d275e72e6b521ce •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50056 – usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c
https://notcve.org/view.php?id=CVE-2024-50056
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). Fix the following smatch errors: drivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix() error: 'fmtdesc' dereferencing possible ERR_PTR() drivers/usb/gadget/function/uvc_v4l2.c:392 uvc_v4l2_enum_format() error: 'fmtdesc' dereferencing possible ERR_PTR() Also, fix similar issue in uvc_v... • https://git.kernel.org/stable/c/cedeb36c3ff4acd0f3d09918dfd8ed1df05efdd6 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50055 – driver core: bus: Fix double free in driver API bus_register()
https://notcve.org/view.php?id=CVE-2024-50055
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the first free. In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv ar... • https://git.kernel.org/stable/c/5be4bc1c73ca389a96d418a52054d897c6fe6d21 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50049 – drm/amd/display: Check null pointer before dereferencing se
https://notcve.org/view.php?id=CVE-2024-50049
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before dereferencing se [WHAT & HOW] se is null checked previously in the same function, indicating it might be null; therefore, it must be checked when used again. This fixes 1 FORWARD_NULL issue reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before dereferencing se [WHAT & HOW] se is null checked previously in the same functi... • https://git.kernel.org/stable/c/f4149eec960110ffd5bcb161075dd9f1d7773075 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50048 – fbcon: Fix a NULL pointer dereference issue in fbcon_putcs
https://notcve.org/view.php?id=CVE-2024-50048
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs syzbot has found a NULL pointer dereference bug in fbcon. Here is the simplified C reproducer: struct param { uint8_t type; struct tiocl_selection ts; }; int main() { struct fb_con2fbmap con2fb; struct param param; int fd = open("/dev/fb1", 0, 0); con2fb.console = 0x19; con2fb.framebuffer = 0; ioctl(fd, FBIOPUT_CON2FBMAP, &con2fb); param.type = 2; param.ts.xs = 0; param.ts.ys = 0; p... • https://git.kernel.org/stable/c/8266ae6eafdcd5a3136592445ff4038bbc7ee80e •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50047 – smb: client: fix UAF in async decryption
https://notcve.org/view.php?id=CVE-2024-50047
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt # dd if=/mnt/largefile of=/dev/null ... [ 194.196391] ================================================================== [ 194.196844] BUG: KASAN: slab-use-after-free in gf128mul_4k_lle+0xc1/0x110 [ 194.197269] Read of size 8 at addr ffff8... • https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50046 – NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
https://notcve.org/view.php?id=CVE-2024-50046
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash with the following syslog: [232064.838881] NFSv4: state recovery failed for open file nfs/pvc-12b5200d-cd0f-46a3-b9f0-af8f4fe0ef64.qcow2, error = -116 [232064.... • https://git.kernel.org/stable/c/0e65a32c8a569db363048e17a708b1a0913adbef •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50045 – netfilter: br_netfilter: fix panic with metadata_dst skb
https://notcve.org/view.php?id=CVE-2024-50045
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in br_nf_dev_queue_xmit. It is dependent on: 1) the br_netfilter module being loaded; 2) net.bridge.bridge-nf-call-iptables set to 1; 3) a bridge with a VxLAN (single-vxlan-device) netdevice as a bridge port; 4) untagged frames with size highe... • https://git.kernel.org/stable/c/11538d039ac6efcf4f1a6c536e1b87cd3668a9fd •
CVSS: 3.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50044 – Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
https://notcve.org/view.php?id=CVE-2024-50044
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it causing the following trace: ====================================================== WARNING: possible circular locking dependency detected 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Not tainted ------------------------------------------------... • https://git.kernel.org/stable/c/3241ad820dbb172021e0268b5611031991431626 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50041 – i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
https://notcve.org/view.php?id=CVE-2024-50041
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi->mac_filter_hash. The leak occurs when multiple threads attempt to modify the mac_filter_hash simultaneously, leading to inconsistent state and potential memory leaks. To fix this, we now wrap the calls to i40e_del_mac_filter() and zeroing vf->default_lan_addr.addr with spin_lock/u... • https://git.kernel.org/stable/c/ddec6cbbe22781d17965f1e6386e5a6363c058d2 •