CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43886 – drm/amd/display: Add null check in resource_log_pipe_topology_update
https://notcve.org/view.php?id=CVE-2024-43886
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null c... • https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43883 – usb: vhci-hcd: Do not drop references before new references are gained
https://notcve.org/view.php?id=CVE-2024-43883
23 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the ... • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48938 – CDC-NCM: avoid overflow in sanity checking
https://notcve.org/view.php?id=CVE-2022-48938
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48931 – configfs: fix a race in configfs_{,un}register_subsystem()
https://notcve.org/view.php?id=CVE-2022-48931
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|--------... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48930 – RDMA/ib_srp: Fix a deadlock
https://notcve.org/view.php?id=CVE-2022-48930
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_wo... • https://git.kernel.org/stable/c/ef6c49d87c3418c442a22e55e3ce2f91b163d69e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48943 – KVM: x86/mmu: make apf token non-zero to fix bug
https://notcve.org/view.php?id=CVE-2022-48943
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest. This function test token value of struct kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a READY event is finished by Guest. If value is zero meaning that a READY event is done, so the KVM can deliver... • https://git.kernel.org/stable/c/72fdfc75d4217b32363cc80def3de2cb3fef3f02 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48923 – btrfs: prevent copying too big compressed lzo segment
https://notcve.org/view.php?id=CVE-2022-48923
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write outside of allocated memory. This mostly results in stuck read syscall but sometimes when using btrfs send can get #GP kernel: general protection fault, probably for non-canonical address 0x841551d5c1000: 0000 [#1] PREEMPT SMP NOPTI ke... • https://git.kernel.org/stable/c/8df508b7a44cd8110c726057cd28e8f8116885eb •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48920 – btrfs: get rid of warning on transaction commit when using flushoncommit
https://notcve.org/view.php?id=CVE-2022-48920
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): $ cat fs/fs-writeback.c: (...) static void __writeback_inodes_sb_nr(struct super_block *sb, ... { (...) WARN_ON(!rwsem_is_locked(&sb->s_umount)); (...) } (...) The trace produced in dmesg looks like the following: [947.473890] WARNING:... • https://git.kernel.org/stable/c/850a77c999b81dd2724efd2684068d6f90db8c16 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48919 – cifs: fix double free race when mount fails in cifs_get_root()
https://notcve.org/view.php?id=CVE-2022-48919
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free the context. In this situation we should not proceed to enter the out: section in cifs_smb3_do_mount() and free the same resources a second time. [Thu Feb 10 12:59:06 2022] BUG: KASAN: use-after-free in rcu_cblist_dequeue+0x32/0x60 [T... • https://git.kernel.org/stable/c/da834d6c1147c7519a9e55b510a03b7055104749 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48911 – netfilter: nf_queue: fix possible use-after-free
https://notcve.org/view.php?id=CVE-2022-48911
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet and need to indicate an error. The packet will be dropped by the caller. v2: split skb prefetch hunk into separate change In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free... • https://git.kernel.org/stable/c/271b72c7fa82c2c7a795bc16896149933110672d •