CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50191 – ext4: don't set SB_RDONLY after filesystem errors
https://notcve.org/view.php?id=CVE-2024-50191
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: don't set SB_RDONLY after filesystem errors When the filesystem is mounted with errors=remount-ro, we were setting SB_RDONLY flag to stop all filesystem modifications. We knew this misses proper locking (sb->s_umount) and does not go through proper filesystem remount procedure but it has been the way this worked since early ext2 days and it was good enough for catastrophic situation damage mitigation. Recently, syzbot has found a way ... • https://git.kernel.org/stable/c/fbb177bc1d6487cd3e9b50ae0be2781b7297980d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50190 – ice: fix memleak in ice_init_tx_topology()
https://notcve.org/view.php?id=CVE-2024-50190
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ice: fix memleak in ice_init_tx_topology() Fix leak of the FW blob (DDP pkg). Make ice_cfg_tx_topo() const-correct, so ice_init_tx_topology() can avoid copying whole FW blob. Copy just the topology section, and only when needed. Reuse the buffer allocated for the read of the current topology. This was found by kmemleak, with the following trace for each PF: [
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50189 – HID: amd_sfh: Switch to device-managed dmam_alloc_coherent()
https://notcve.org/view.php?id=CVE-2024-50189
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Using the device-managed version allows to simplify clean-up in probe() error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory errors, page faults, btrfs going read-only, and btrfs disk corruption. In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Using the d... • https://git.kernel.org/stable/c/4b2c53d93a4bc9d52cc0ec354629cfc9dc217f93 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50188 – net: phy: dp83869: fix memory corruption when enabling fiber
https://notcve.org/view.php?id=CVE-2024-50188
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure. Since the advertising flags are updated from supported at the end of the function the incorrect line isn't needed at all and can be ... • https://git.kernel.org/stable/c/a29de52ba2a156873505d8b8cef44e69925b8114 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50187 – drm/vc4: Stop the active perfmon before being destroyed
https://notcve.org/view.php?id=CVE-2024-50187
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Stop the active perfmon before being destroyed Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`, the active performance monitor's pointer (`vc4->active_perfmon`) is still retained. If we open a new file descriptor and submit a few jobs with performance monitors, the driver will attempt to stop the active performance monitor using the s... • https://git.kernel.org/stable/c/65101d8c9108201118efa7e08f4e2c57f438deb9 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50186 – net: explicitly clear the sk pointer, when pf->create fails
https://notcve.org/view.php?id=CVE-2024-50186
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf->create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails"). The problem is that commit did not fully address the problem, as some pf->create implementations do not use sk_common_release in their error paths. For example, we can use the same reproducer as in the above commit, but changing ping... • https://git.kernel.org/stable/c/78e4aa528a7b1204219d808310524344f627d069 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50185 – mptcp: handle consistently DSS corruption
https://notcve.org/view.php?id=CVE-2024-50185
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path. Use DEBUG_NET assertions, to avoid the splat on some builds and handle consistently the error, dumping related MIBs and performing fallback and/or reset according to the subflow type. In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corrupt... • https://git.kernel.org/stable/c/6771bfd9ee2460c13e38c0cd46a3afb5404ae716 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50184 – virtio_pmem: Check device status before requesting flush
https://notcve.org/view.php?id=CVE-2024-50184
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status check in the beginning of virtio_pmem_flush() to return early if the device is not activated. In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem devic... • https://git.kernel.org/stable/c/6e84200c0a2994b991259d19450eee561029bf70 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50183 – scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance
https://notcve.org/view.php?id=CVE-2024-50183
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID to complete synchronously with usage of wait_queue. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID han... • https://git.kernel.org/stable/c/0857b1c573c0b095aa778bb26d8b3378172471b6 •
CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50182 – secretmem: disable memfd_secret() if arch cannot set direct map
https://notcve.org/view.php?id=CVE-2024-50182
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not present can only be done if the direct map is set up at 4k granularity in the first place (as ARM's break-before-make semantics do not easily allow breaking apart large/gigantic pages). More precisely, on arm... • https://git.kernel.org/stable/c/1507f51255c9ff07d75909a84e7c0d7f3c4b2f49 •