CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50072 – x86/bugs: Use code segment selector for VERW operand
https://notcve.org/view.php?id=CVE-2024-50072
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerEdge 1950/0H723K, BIOS 2.7.0 10/30/2010 EIP: restore_all_switch_stack+0xbe/0xcf EAX: 00000000 EBX: 00000000 ECX: 00000000 EDX: 00000000 ESI: 0000... • https://git.kernel.org/stable/c/50f021f0b985629accf10481a6e89af8b9700583 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50070 – pinctrl: stm32: check devm_kasprintf() returned value
https://notcve.org/view.php?id=CVE-2024-50070
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack ... • https://git.kernel.org/stable/c/32c170ff15b044579b1f8b8cdabf543406dde9da •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50069 – pinctrl: apple: check devm_kasprintf() returned value
https://notcve.org/view.php?id=CVE-2024-50069
29 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack ... • https://git.kernel.org/stable/c/a0f160ffcb83de6a04fa75f9e7bdfe969f2863f7 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50067 – uprobe: avoid out-of-bounds memory access of fetching args
https://notcve.org/view.php?id=CVE-2024-50067
28 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large, but the size of percpu buffer is only page size. And store_trace_args() won't check whether these data exceeds a single page or not, caused out-of-bounds memory access. It could be reproduced by following steps: 1.... • https://git.kernel.org/stable/c/dcad1a204f72624796ae83359403898d10393b9c • CWE-416: Use After Free •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50066 – mm/mremap: fix move_normal_pmd/retract_page_tables race
https://notcve.org/view.php?id=CVE-2024-50066
23 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. At that point, the mmap_lock is held in write mode, but no rmap locks are held yet. For PMD entries that point to page tables and are fully covered by the source address range, move_pgt_entry(NORMAL_PMD, .... • https://git.kernel.org/stable/c/1d65b771bc08cd054cf6d3766a72e113dc46d62f • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52919 – nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
https://notcve.org/view.php?id=CVE-2023-52919
22 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference. In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereferen... • https://git.kernel.org/stable/c/391d8a2da787257aeaf952c974405b53926e3fb3 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52918 – media: pci: cx23885: check cx23885_vdev_init() return
https://notcve.org/view.php?id=CVE-2023-52918
22 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL. In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line withou... • https://git.kernel.org/stable/c/8e31b096e2e1949bc8f0be019c9ae70d414404c6 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50065 – ntfs3: Change to non-blocking allocation in ntfs_d_hash
https://notcve.org/view.php?id=CVE-2024-50065
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibility to sleep when under memory pressure. Change the allocation to GFP_NOWAIT. In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_... • https://git.kernel.org/stable/c/58ebd50d22529f79d2497abbb006137a7c7f5336 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50064 – zram: free secondary algorithms names
https://notcve.org/view.php?id=CVE-2024-50064
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky@chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree() secondary algorithms names when ... • https://git.kernel.org/stable/c/001d9273570115b2eb360d5452bbc46f6cc063a1 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50063 – bpf: Prevent tail call between progs attached to different hooks
https://notcve.org/view.php?id=CVE-2024-50063
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is... • https://git.kernel.org/stable/c/f1b9509c2fb0ef4db8d22dac9aef8e856a5d81f6 •