CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50096 – nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error
https://notcve.org/view.php?id=CVE-2024-50096
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The `nouveau_dmem_copy_one` function ensures that the copy push command is sent to the device firmware but does not track whether it was executed successfully. In the case of a copy error (e.g., firmware or hardware failure), the copy push command will be sent via the firmware channel, and `nouveau_dmem_copy_one` will likely report success, leading to the `migrate_to_ram` fun... • https://git.kernel.org/stable/c/5be73b690875f7eb2d2defb54ccd7f2f12074984 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50095 – RDMA/mad: Improve handling of timed out WRs of mad agent
https://notcve.org/view.php?id=CVE-2024-50095
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler. This leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes Trace: ----- BUG: soft lockup - CPU#4 stuck for 26s! [k... • https://git.kernel.org/stable/c/713adaf0ecfc49405f6e5d9e409d984f628de818 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50093 – thermal: intel: int340x: processor: Fix warning during module unload
https://notcve.org/view.php?id=CVE-2024-50093
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is no need to call pci_disable_device() again on it. With recent PCI device resource management improvements, e.g. commit f748a07a0b64 ("PCI: Remove legacy pcim_release()"), this problem is exposed and triggers th... • https://git.kernel.org/stable/c/acd65d5d1cf4a3324c8970ba74632abe069fe23e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50091 – dm vdo: don't refer to dedupe_context after releasing it
https://notcve.org/view.php?id=CVE-2024-50091
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupe_context after releasing it Clear the dedupe_context pointer in a data_vio whenever ownership of the context is lost, so that vdo can't examine it accidentally. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm vdo: no hacer referencia a dedupe_context después de liberarlo. Borre el puntero dedupe_context en un data_vio siempre que se pierda la propiedad del contexto, de modo que vdo no pueda... • https://git.kernel.org/stable/c/63ef073084c67878d7a92e15ad055172da3f05a3 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52920 – bpf: support non-r10 register spill/fill to/from stack in precision tracking
https://notcve.org/view.php?id=CVE-2023-52920
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instructions that performed register spill/fill to/from stack, regardless if this was done through read-only r10 register, or any other register after copying r10 into it *and* potentially adjusting offset. To make this work reliably, we push extra per-instruction flags into instruction history, encoding stack slot index (sp... • https://git.kernel.org/stable/c/ecc2aeeaa08a355d84d3ca9c3d2512399a194f29 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50088 – btrfs: fix uninitialized pointer free in add_inode_ref()
https://notcve.org/view.php?id=CVE-2024-50088
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL, dir = read_one_inode(root, parent_objectid); if (!dir) { ret = -ENOENT; goto out; } inode = read_one_inode(root, inode_objectid); if (!inode) { ret = -EIO; goto out; } then "name.name" would be freed on "out" before being initialized.... • https://git.kernel.org/stable/c/1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50087 – btrfs: fix uninitialized pointer free on read_alloc_one_name() error
https://notcve.org/view.php?id=CVE-2024-50087
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when freeing it. This is a follow-up to the linked patch that fixes the remaining instances of the bug introduced by commit e43eec81c516 ("btrfs: use str... • https://git.kernel.org/stable/c/1cf474cd474bc5d3ef63086ffd009a87a5b7bb2e •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50086 – ksmbd: fix user-after-free from session log off
https://notcve.org/view.php?id=CVE-2024-50086
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting SMB2_SESSION_EXPIRED and referece count to session struct not to free session while it is being used. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issu... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50085 – mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
https://notcve.org/view.php?id=CVE-2024-50085
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm_addr_or_subflow+0xb44/0xcc0 net/mptcp/pm_netlink.c:881 Read of size 4 at addr ffff8880569ac858 by task syz.1.2799/14662 CPU: 0 UID: 0 PID: 14662 Comm: syz.1.2799 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 Hardware name: QEMU ... • https://git.kernel.org/stable/c/35b31f5549ede4070566b949781e83495906b43d • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50084 – net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
https://notcve.org/view.php?id=CVE-2024-50084
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced below memory leaks by removing necessary vcap_free_rule(), add it to fix it. unreferenced object 0xffffff80ca58b700 (size 192): comm "kunit_try_catch", pid 1215, jiffies 4294898264 hex dump (first 32 bytes): 00 12 7a 00 05 00 00 00 0a 00 ... • https://git.kernel.org/stable/c/b0804c286ccfcf5f5c004d5bf8a54c0508b5e86b • CWE-416: Use After Free •