CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35874 – aio: Fix null ptr deref in aio_complete() wakeup
https://notcve.org/view.php?id=CVE-2024-35874
In the Linux kernel, the following vulnerability has been resolved: aio: Fix null ptr deref in aio_complete() wakeup list_del_init_careful() needs to be the last access to the wait queue entry - it effectively unlocks access. Previously, finish_wait() would see the empty list head and skip taking the lock, and then we'd return - but the completion path would still attempt to do the wakeup after the task_struct pointer had been overwritten. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aio: corrige el ptr deref null en aio_complete() wakeup list_del_init_careful() debe ser el último acceso a la entrada de la cola de espera; efectivamente desbloquea el acceso. • https://git.kernel.org/stable/c/71eb6b6b0ba93b1467bccff57b5de746b09113d2 https://git.kernel.org/stable/c/9678bcc6234d83759fe091c197f5017a32b468da https://git.kernel.org/stable/c/caeb4b0a11b3393e43f7fa8e0a5a18462acc66bd •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35873 – riscv: Fix vector state restore in rt_sigreturn()
https://notcve.org/view.php?id=CVE-2024-35873
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix vector state restore in rt_sigreturn() The RISC-V Vector specification states in "Appendix D: Calling Convention for Vector State" [1] that "Executing a system call causes all caller-saved vector registers (v0-v31, vl, vtype) and vstart to become unspecified.". ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: riscv: corrige la restauración del estado del vector en rt_sigreturn() La especificación del vector RISC-V indica en el "Apéndice D: Llamando convención por el estado del vector" [1] que "La ejecución de una llamada al sistema causa todos los registros vectoriales guardados por la persona que llama (v0-v31, vl, vtype) y vstart quedarán sin especificar". • https://git.kernel.org/stable/c/c2a658d419246108c9bf065ec347355de5ba8a05 https://git.kernel.org/stable/c/5b16d904e910183181b9d90efa957c787a8ac91b https://git.kernel.org/stable/c/c27fa53b858b4ee6552a719aa599c250cf98a586 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35872 – mm/secretmem: fix GUP-fast succeeding on secretmem folios
https://notcve.org/view.php?id=CVE-2024-35872
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix GUP-fast succeeding on secretmem folios folio_is_secretmem() currently relies on secretmem folios being LRU folios, to save some cycles. However, folios might reside in a folio batch without the LRU flag set, or temporarily have their LRU flag cleared. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mm/secretmem: corrige el éxito rápido de GUP en folios secretmem folio_is_secretmem() actualmente depende de que los folios secretmem sean folios LRU, para guardar algunos ciclos. • https://git.kernel.org/stable/c/1507f51255c9ff07d75909a84e7c0d7f3c4b2f49 https://git.kernel.org/stable/c/6564b014af92b677c1f07c44d7f5b595d589cf6e https://git.kernel.org/stable/c/9c2b4b657739ecda38e3b383354a29566955ac48 https://git.kernel.org/stable/c/43fad1d0284de30159661d0badfc3cbaf7e6f8f8 https://git.kernel.org/stable/c/201e4aaf405dfd1308da54448654053004c579b5 https://git.kernel.org/stable/c/65291dcfcf8936e1b23cfd7718fdfde7cfaf7706 https://access.redhat.com/security/cve/CVE-2024-35872 https://bugzilla.redhat.com/show_bug.cgi?id=2281736 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35871 – riscv: process: Fix kernel gp leakage
https://notcve.org/view.php?id=CVE-2024-35871
In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: riscv: proceso: corregir la fuga de gp del kernel. • https://git.kernel.org/stable/c/7db91e57a0acde126a162ababfb1e0ab190130cb https://git.kernel.org/stable/c/9abc3e6f1116adb7a2d4fbb8ce20c37916976bf5 https://git.kernel.org/stable/c/dff6072124f6df77bfd36951fbd88565746980ef https://git.kernel.org/stable/c/f6583444d7e78dae750798552b65a2519ff3ca84 https://git.kernel.org/stable/c/00effef72c98294edb1efa87ffa0f6cfb61b36a4 https://git.kernel.org/stable/c/d8dcba0691b8e42bddb61aab201e4d918a08e5d9 https://git.kernel.org/stable/c/d14fa1fcf69db9d070e75f1c4425211fa619dfc8 https://lists.debian.org/debian-lts-announce/2024/06/ •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35870 – smb: client: fix UAF in smb2_reconnect_server()
https://notcve.org/view.php?id=CVE-2024-35870
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). ... __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF en smb2_reconnect_server() El error de UAF se debe a que smb2_reconnect_server() accede a una sesión que ya está siendo cancelada por otro hilo que está ejecutando __cifs_put_smb_ses(). ... __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 A flaw was found in the smb client in the Linux kernel. • https://git.kernel.org/stable/c/6202996a1c1887e83d0b3b0fcd86d0e5e6910ea0 https://git.kernel.org/stable/c/45f2beda1f1bc3d962ec07db1ccc3197c25499a5 https://git.kernel.org/stable/c/24a9799aa8efecd0eb55a75e35f9d8e6400063aa https://access.redhat.com/security/cve/CVE-2024-35870 https://bugzilla.redhat.com/show_bug.cgi?id=2281740 • CWE-416: Use After Free •