CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50183 – scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
https://notcve.org/view.php?id=CVE-2024-50183
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID to complete synchronously with usage of wait_queue. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID han... • https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50180 – fbdev: sisfb: Fix strbuf array overflow
https://notcve.org/view.php?id=CVE-2024-50180
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verificatio... • https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50143 – udf: fix uninit-value use in udf_get_fileshortad
https://notcve.org/view.php?id=CVE-2024-50143
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch reproducer did not trigger any issue[2]. [1] https://syzkaller.appspot.com/bug?extid=8901c4560b7ab5c2f9df [2] https://syzkaller.appspot.com/x/log.txt?x=10242227980000 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: udf: ... • https://git.kernel.org/stable/c/5eb76fb98b3335aa5cca6a7db2e659561c79c32b • CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50112 – x86/lam: Disable ADDRESS_MASKING in most cases
https://notcve.org/view.php?id=CVE-2024-50112
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as described in the SLAM paper[1]. Unless Linear Address Space Separation (LASS) is enabled this weakness may be exploitable. Until kernel adds support for LASS[2], only allow LAM for COMPILE_TEST, or when speculation mitigations have been disabled at compile time, otherwise keep LAM disabled. There are no processors in ... • https://git.kernel.org/stable/c/60a5ba560f296ad8da153f6ad3f70030bfa3958f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50095 – RDMA/mad: Improve handling of timed out WRs of mad agent
https://notcve.org/view.php?id=CVE-2024-50095
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler. This leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes Trace: ----- BUG: soft lockup - CPU#4 stuck for 26s! [k... • https://git.kernel.org/stable/c/713adaf0ecfc49405f6e5d9e409d984f628de818 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52920 – bpf: support non-r10 register spill/fill to/from stack in precision tracking
https://notcve.org/view.php?id=CVE-2023-52920
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10 register, or any other register after copying r10 into it *and* potentially adjusting offset. To make this work reliably, we push extra per-instruction flags into instruction history, encoding stack slot index (sp... • https://git.kernel.org/stable/c/ecc2aeeaa08a355d84d3ca9c3d2512399a194f29 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50073 – tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
https://notcve.org/view.php?id=CVE-2024-50073
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 UID: 0 PID: 3379 Comm: poc Not tainted 6.11.0+ #56 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52918 – media: pci: cx23885: check cx23885_vdev_init() return
https://notcve.org/view.php?id=CVE-2023-52918
22 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL. In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line withou... • https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49033 – btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit()
https://notcve.org/view.php?id=CVE-2022-49033
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49007 – nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry()
https://notcve.org/view.php?id=CVE-2022-49007
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() Syzbot reported a null-ptr-deref bug: NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 3603 Comm: segctord Not tainted 6.1.0-rc2-syzk... • https://git.kernel.org/stable/c/2f2c59506ae39496588ceb8b88bdbdbaed895d63 •