CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50223 – sched/numa: Fix the potential null pointer dereference in task_numa_work()
https://notcve.org/view.php?id=CVE-2024-50223
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereference error in task_numa_work(). Here is the backtrace: [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ...... [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se ...... [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BT... • https://git.kernel.org/stable/c/214dbc4281374cbbd833edd502d0ed1fd1b0e243 • CWE-476: NULL Pointer Dereference •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50222 – iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP
https://notcve.org/view.php?id=CVE-2024-50222
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP generic/077 on x86_32 CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP=y with highmem, on huge=always tmpfs, issues a warning and then hangs (interruptibly): WARNING: CPU: 5 PID: 3517 at mm/highmem.c:622 kunmap_local_indexed+0x62/0xc9 CPU: 5 UID: 0 PID: 3517 Comm: cp Not tainted 6.12.0-rc4 #2 ... copy_page_from_iter_atomic+0xa6/0x5ec generic_perform_write+0xf6/0x1b4 shmem_file_write_iter+0... • https://git.kernel.org/stable/c/908a1ad89466c1febf20bfe0037b84fc66f8a3f8 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50221 – drm/amd/pm: Vangogh: Fix kernel memory out of bounds write
https://notcve.org/view.php?id=CVE-2024-50221
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated in vangogh_tables_init() is not large enough for the memset done in smu_cmn_init_soft_gpu_metrics(). Condensed report follows: [ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu] [ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067 ... [ 33.861808] CPU: 6 UID: 100... • https://git.kernel.org/stable/c/41cec40bc9baba83d36a0718ea94bfe63189274a • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 1CVE-2024-50220 – fork: do not invoke uffd on fork if error occurs
https://notcve.org/view.php?id=CVE-2024-50220
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete. In addition, we may encounter an error during the fork operation that indicates that the virtual memory address space is invalidated. As a result, we should not be exposing it in any way to external machinery that... • https://packetstorm.news/files/id/183019 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50218 – ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow
https://notcve.org/view.php?id=CVE-2024-50218
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsigned int". So, we need to add a sanity check for byte_start and byte_len right before ocfs2_truncate_inline() in ocfs2_remove_inode_range(), if th... • https://git.kernel.org/stable/c/1afc32b952335f665327a1a9001ba1b44bb76fd9 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50217 – btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
https://notcve.org/view.php?id=CVE-2024-50217
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Mounting btrfs from two images (which have the same one fsid and two different dev_uuids) in certain executing order may trigger an UAF for variable 'device->bdev_file' in __btrfs_free_extra_devids(). And following are the details: 1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs devices by ioctl(BTRFS_IOC_SCAN_DEV): / btrfs_device_1 → loop0 fs_... • https://git.kernel.org/stable/c/142388194191a3edc9ba01cfcfd8b691e0971fb2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50216 – xfs: fix finding a last resort AG in xfs_filestream_pick_ag
https://notcve.org/view.php?id=CVE-2024-50216
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: xfs: fix finding a last resort AG in xfs_filestream_pick_ag When the main loop in xfs_filestream_pick_ag fails to find a suitable AG it tries to just pick the online AG. But the loop for that uses args->pag as loop iterator while the later code expects pag to be set. Fix this by reusing the max_pag case for this last resort, and also add a check for impossible case of no AG just to make sure that the uninitialized pag doesn't even escape in... • https://git.kernel.org/stable/c/f8f1ed1ab3babad46b25e2dbe8de43b33fe7aaa6 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50215 – nvmet-auth: assign dh_key to NULL after kfree_sensitive
https://notcve.org/view.php?id=CVE-2024-50215
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmet_destroy_auth(). Found by Linux Verification Center (linuxtesting.org) with Svace. In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL aft... • https://git.kernel.org/stable/c/7a277c37d3522e9b2777d762bbbcecafae2b1f8d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50214 – drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()
https://notcve.org/view.php?id=CVE-2024-50214
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() modprobe drm_connector_test and then rmmod drm_connector_test, the following memory leak occurs. The `mode` allocated in drm_mode_duplicate() called by drm_display_mode_from_cea_vic() is not freed, which cause the memory leak: unreferenced object 0xffffff80cb0ee400 (size 128): comm "kunit_try_catch", pid 1948, jiffies 4294950339 hex dump (first 32 bytes): 14 44 02 00 80... • https://git.kernel.org/stable/c/abb6f74973e20956d42e8227dde6fb4e92502c14 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50213 – drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
https://notcve.org/view.php?id=CVE-2024-50213
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test and then rmmod it, the following memory leak occurs. The `mode` allocated in drm_mode_duplicate() called by drm_display_mode_from_cea_vic() is not freed, which cause the memory leak: unreferenced object 0xffffff80ccd18100 (size 128): comm "kunit_try_catch", pid 1851, jiffies 4295059695 hex dump (first 32 bytes): 57 62 00 00 80 02 90 02 f... • https://git.kernel.org/stable/c/4af70f19e55904147c0515ff874204a5306ac807 •