CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50211 – udf: refactor inode_bmap() to handle error
https://notcve.org/view.php?id=CVE-2024-50211
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now detect errors and bail out early without resorting to checking for particular offsets and assuming internal behavior of these functions. In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inod... • https://git.kernel.org/stable/c/493447dd8336607fce426f7879e581095f6c606e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50210 – posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
https://notcve.org/view.php?id=CVE-2024-50210
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_... • https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50209 – RDMA/bnxt_re: Add a check for memory allocation
https://notcve.org/view.php?id=CVE-2024-50209
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances. In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances. • https://git.kernel.org/stable/c/0c4dcd602817502bb3dced7a834a13ef717d65a4 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50208 – RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
https://notcve.org/view.php?id=CVE-2024-50208
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid memory access after 256K PBL entries in the PDE. In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt... • https://git.kernel.org/stable/c/0c4dcd602817502bb3dced7a834a13ef717d65a4 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50207 – ring-buffer: Fix reader locking when changing the sub buffer order
https://notcve.org/view.php?id=CVE-2024-50207
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_buffer_per_cpu and installs new sub buffers that match the requested page order. This operation may be invoked concurrently with readers that rely on some of the modified data, such as the head bit (RB_PAGE_HEAD), or the ring_buffer_per_cpu.pages and reader_page pointers. However, no exclusive access is acquired... • https://git.kernel.org/stable/c/8e7b58c27b3c567316a51079b375b846f9223bba •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50206 – net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
https://notcve.org/view.php?id=CVE-2024-50206
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers must only touch as many descriptors, otherwise it ends up corrupting unrelated memory. Fix the loop iteration count accordingly. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up ... • https://git.kernel.org/stable/c/c57e558194430d10d5e5f4acd8a8655b68dade13 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50205 – ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
https://notcve.org/view.php?id=CVE-2024-50205
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The observed behavior was introduced by commit 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), and it is difficult to show that any of the interval parameters will satisfy t... • https://git.kernel.org/stable/c/826b5de90c0bca4e9de6231da9e1730480621588 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50204 – fs: don't try and remove empty rbtree node
https://notcve.org/view.php?id=CVE-2024-50204
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling free_mnt_ns() will try to remove the copy from the rbtree which is invalid. Simply free the namespace skeleton directly. In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have adde... • https://git.kernel.org/stable/c/1901c92497bd90caf608a474f1bf4d8795b372a2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50203 – bpf, arm64: Fix address emission with tag-based KASAN enabled
https://notcve.org/view.php?id=CVE-2024-50203
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem coul... • https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50202 – nilfs2: propagate directory read errors from nilfs_find_entry()
https://notcve.org/view.php?id=CVE-2024-50202
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory pag... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •