CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43900 – media: xc2028: avoid use-after-free in load_firmware_cb()
https://notcve.org/view.php?id=CVE-2024-43900
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free. The process is as follows: task-6504 worker_thread tuner_probe ... • https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43899 – drm/amd/display: Fix null pointer deref in dcn20_resource.c
https://notcve.org/view.php?id=CVE-2024-43899
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (double click on the video) The following calltrace will be seen: [ 181.843989] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 181.843997] #PF: supervisor instruction fetch in kernel mode [ 181.844003] #PF: error_code(... • https://git.kernel.org/stable/c/974fccd61758599a9716c4b909d9226749efe37e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43895 – drm/amd/display: Skip Recompute DSC Params if no Stream on Link
https://notcve.org/view.php?id=CVE-2024-43895
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55df4f5272ccb409f39ef4872fc2b3376a2 Hardware name: LENOVO 20NKS01Y00/20NKS01Y00, BIOS R12ET61W(1.31 ) 07/28/2022 RIP: 0010:drm_dp_atomic_find_time... • https://git.kernel.org/stable/c/282f0a482ee61d5e863512f3c4fcec90216c20d9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43893 – serial: core: check uartclk for zero to avoid divide by zero
https://notcve.org/view.php?id=CVE-2024-43893
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set.... • https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43892 – memcg: protect concurrent access to mem_cgroup_idr
https://notcve.org/view.php?id=CVE-2024-43892
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on external synchronization mechanisms for modifications. For the mem_cgroup_idr, the idr_alloc() and idr_replace() happen within css callback and thus ar... • https://git.kernel.org/stable/c/73f576c04b9410ed19660f74f97521bee6e1c546 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43886 – drm/amd/display: Add null check in resource_log_pipe_topology_update
https://notcve.org/view.php?id=CVE-2024-43886
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null c... • https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43884 – Bluetooth: MGMT: Add error handling to pair_device()
https://notcve.org/view.php?id=CVE-2024-43884
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a c... • https://git.kernel.org/stable/c/5157b8a503fa834e8569c7fed06981e3d3d53db0 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43883 – usb: vhci-hcd: Do not drop references before new references are gained
https://notcve.org/view.php?id=CVE-2024-43883
23 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the ... • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48938 – CDC-NCM: avoid overflow in sanity checking
https://notcve.org/view.php?id=CVE-2022-48938
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48931 – configfs: fix a race in configfs_{,un}register_subsystem()
https://notcve.org/view.php?id=CVE-2022-48931
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|--------... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •