CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 2CVE-2024-41020 – filelock: Fix fcntl/close race recovery compat path
https://notcve.org/view.php?id=CVE-2024-41020
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote comm... • https://packetstorm.news/files/id/180403 • CWE-667: Improper Locking •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-41019 – fs/ntfs3: Validate ff offset
https://notcve.org/view.php?id=CVE-2024-41019
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. ... In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate ff offset This adds sanity checks for ff offset. ... It was discovered that the CIFS network file system implementation in the <... • https://git.kernel.org/stable/c/4534a70b7056fd4b9a1c6db5a4ce3c98546b291e •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41018 – fs/ntfs3: Add a check for attr_names and oatbl
https://notcve.org/view.php?id=CVE-2024-41018
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add a check for attr_names and oatbl Added out-of-bound checking for *ane (ATTR_NAME_ENTRY). Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/e0b64e4ad2eb013fd3299e34e7fe5e19f321e140 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41017 – jfs: don't walk off the end of ealist
https://notcve.org/view.php?id=CVE-2024-41017
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist. In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist. • https://git.kernel.org/stable/c/7f91bd0f2941fa36449ce1a15faaa64f840d9746 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41016 – ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()
https://notcve.org/view.php?id=CVE-2024-41016
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. ... • https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090 •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41015 – ocfs2: add bounds checking to ocfs2_check_dir_entry()
https://notcve.org/view.php?id=CVE-2024-41015
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region... • https://git.kernel.org/stable/c/13d38c00df97289e6fba2e54193959293fd910d2 •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41014 – xfs: add bounds checking to xlog_recover_process_data
https://notcve.org/view.php?id=CVE-2024-41014
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. In the Linux kernel, the following vulnerability has been resolved: xfs: add bounds checking to xlog_recover_process_data There is a lack of verification of the space occupied by fixed members of xlog_op_header in the xlog_recover_process_data. ... A vu... • https://git.kernel.org/stable/c/d1e3efe783365db59da88f08a2e0bfe1cc95b143 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-41013 – xfs: don't walk off the end of a directory data block
https://notcve.org/view.php?id=CVE-2024-41013
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. • https://git.kernel.org/stable/c/b0932e4f9da85349d1c8f2a77d2a7a7163b8511d • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41091 – tun: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41091
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could cause a corrupted skb to be sent downstack. In the Linux kernel, the following vulnerability has been resolved: tun: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tun_xdp_one() path, which could ... • https://git.kernel.org/stable/c/043d222f93ab8c76b56a3b315cd8692e35affb6c • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41090 – tap: add missing verification for short frame
https://notcve.org/view.php?id=CVE-2024-41090
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, wh... • https://git.kernel.org/stable/c/0efac27791ee068075d80f07c55a229b1335ce12 • CWE-20: Improper Input Validation •