CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49890 – drm/amd/pm: ensure the fw_info is not null before using it
https://notcve.org/view.php?id=CVE-2024-49890
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity. Ubuntu Security Notice 7166-3 - Several security issues were discovered in the Linux kernel. An attack... • https://git.kernel.org/stable/c/29f388945770bd0a6c82711436b2bc98b0dfac92 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49889 – ext4: avoid use-after-free in ext4_ext_show_leaf()
https://notcve.org/view.php?id=CVE-2024-49889
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4_ext_show_leaf() In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been freed and thus may trigger use-after-free, as follows: ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent fails to free path // but zeroout succeeds ext4_ext_show_leaf(inode, path) eh = ... • https://git.kernel.org/stable/c/b0cb4561fc4284d04e69c8a66c8504928ab2484e •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49884 – ext4: fix slab-use-after-free in ext4_split_extent_at()
https://notcve.org/view.php?id=CVE-2024-49884
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_extent_at+0xba8/0xcc0 Read of size 2 at addr ffff88810548ed08 by task kworker/u20:0/40 CPU: 0 PID: 40 Comm: kworker/u20:0 Not tainted 6.9.0-dirty #724 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49883 – ext4: aovid use-after-free in ext4_ext_insert_extent()
https://notcve.org/view.php?id=CVE-2024-49883
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF. Below is a sample trace with dummy values: ext4_ext_insert_extent path = *ppath = 2000 ext4_ext_create_new_leaf(ppath) ext4_find_extent(ppath) path = *ppath = 2000 if (depth > path[0].p_maxdepth) kfree(path = 2000); *ppath = path = ... • https://git.kernel.org/stable/c/10809df84a4d868db61af621bae3658494165279 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49882 – ext4: fix double brelse() the buffer of the extents path
https://notcve.org/view.php?id=CVE-2024-49882
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been released, otherwise it may be released twice. An example of what triggers this is as follows: split2 map split1 |--------|-------|--------| ext4_ext_map_blocks ext4_ext_handle_unwritten_extents ext4_split_convert_extents // path->p_depth == 0 ext4_split_extent // 1. do split1 ext4_split_extent_at |ext4_ext_inser... • https://git.kernel.org/stable/c/ecb94f5fdf4b72547fca022421a9dca1672bddd4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49881 – ext4: update orig_path in ext4_find_extent()
https://notcve.org/view.php?id=CVE-2024-49881
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent() In ext4_find_extent(), if the path is not big enough, we free it and set *orig_path to NULL. But after reallocating and successfully initializing the path, we don't update *orig_path, in which case the caller gets a valid path but a NULL ppath, and this may cause a NULL pointer dereference or a path memory leak. For example: ext4_split_extent path = *ppath = 2000 ext4_find_extent if (depth > path... • https://git.kernel.org/stable/c/10809df84a4d868db61af621bae3658494165279 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49879 – drm: omapdrm: Add missing check for alloc_ordered_workqueue
https://notcve.org/view.php?id=CVE-2024-49879
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: omapdrm: Add missing check for alloc_ordered_workqueue As it may return NULL pointer and cause NULL pointer dereference. Add check for the return value of alloc_ordered_workqueue. In the Linux kernel, the following vulnerability has been resolved: drm: omapdrm: Add missing check for alloc_ordered_workqueue As it may return NULL pointer and cause NULL pointer dereference. Add check for the return value of alloc_ordered_workqueue. • https://git.kernel.org/stable/c/2f95bc6d324a93b2411bcc5defe4d4414c45f325 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49878 – resource: fix region_intersects() vs add_memory_driver_managed()
https://notcve.org/view.php?id=CVE-2024-49878
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: resource: fix region_intersects() vs add_memory_driver_managed() On a system with CXL memory, the resource tree (/proc/iomem) related to CXL memory may look like something as follows. 490000000-50fffffff : CXL Window 0 490000000-50fffffff : region0 490000000-50fffffff : dax0.0 490000000-50fffffff : System RAM (kmem) Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a des... • https://git.kernel.org/stable/c/c221c0b0308fd01d9fb33a16f64d2fd95f8830a4 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-49877 – ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
https://notcve.org/view.php?id=CVE-2024-49877
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL. In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate When doing cleanup, if flags without OCFS2_BH_READAHEAD, it may trigger NULL pointer derefe... • https://git.kernel.org/stable/c/6c150df9c2e80b5cf86f5a0d98beb7390ad63bfc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49875 – nfsd: map the EBADMSG to nfserr_io to avoid warning
https://notcve.org/view.php?id=CVE-2024-49875
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs, resulting in the following WARNING. Fix it by mapping EBADMSG to nfserr_io. nfsd_buffered_readdir iterate_dir // -EBADMSG -74 ext4_readdir // .iterate_shared ext4_dx_readdir ext4_htree_fill_tree htree_dirblock_to_tree ext4_read_dirblock __ext4_read_dirblock ext4_dirblock_csum_verify warn_no_space_for_csum __warn_no... • https://git.kernel.org/stable/c/0ea4333c679f333e23956de743ad17387819d3f2 •