CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41065 – powerpc/pseries: Whitelist dtl slub object for copying to userspace
https://notcve.org/view.php?id=CVE-2024-41065
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Whitelist dtl slub object for copying to userspace Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG() when the config CONFIG_HARDENED_USERCOPY is enabled as shown below. kernel BUG at mm/usercopy.c:102! Oops: Exception in kernel mode, sig: 5 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: xfs libcrc32c dm_service_time sd_mod t10_pi sg ibmvfc scsi_trans... • https://git.kernel.org/stable/c/a7b952941ce07e1e7a2cafd08c64a98e14f553e6 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-41064 – powerpc/eeh: avoid possible crash when edev->pdev changes
https://notcve.org/view.php?id=CVE-2024-41064
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus. In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can... • https://git.kernel.org/stable/c/8836e1bf5838ac6c08760e0a2dd7cf6410aa7ff3 • CWE-413: Improper Resource Locking •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41063 – Bluetooth: hci_core: cancel all works upon hci_unregister_dev()
https://notcve.org/view.php?id=CVE-2024-41063
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_workqueue() needs to flush. We need to make sure that hdev->{rx_work,cmd_work,tx_work} which are queued into hdev->workqueue and hdev->{power_on,err... • https://git.kernel.org/stable/c/48542881997e17b49dc16b93fe910e0cfcf7a9f9 • CWE-833: Deadlock •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-41062 – bluetooth/l2cap: sync sock recv cb and release
https://notcve.org/view.php?id=CVE-2024-41062
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_sock_kill l2cap_recv_frame sk_free l2cap_conless_channel l2cap_sock_recv_cb If hci_rx_work processes the data that needs to be received before th... • https://git.kernel.org/stable/c/605572e64cd9cebb05ed609d96cff05b50d18cdf •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-41061 – drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport
https://notcve.org/view.php?id=CVE-2024-41061
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowest_state_idx used as an index for FCLKChangeSupport array can be greater than 1. [How] Currently dml2 core specifies identical values for all FCLKChangeSupport elements. Always use index 0 in the condition to avoid out of bounds access. In the Linux kernel, the follo... • https://git.kernel.org/stable/c/94166fe12543fbef122ca2d093e794ea41073a85 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-41060 – drm/radeon: check bo_va->bo is non-NULL before using it
https://notcve.org/view.php?id=CVE-2024-41060
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. Ubuntu Security Notice 7144-1 - Supraja Sridhara, Bene... • https://git.kernel.org/stable/c/a2b201f83971df03c8e81a480b2f2846ae8ce1a3 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41059 – hfsplus: fix uninit-value in copy_name
https://notcve.org/view.php?id=CVE-2024-41059
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x1a50 fs/hfsplus/xattr.c:750 vfs_listxattr fs/xattr.c:493 [inline] listxattr+0x1f3/0x6b0 fs/xattr.c:840 path_listxattr fs/xattr.c:864 [inline] __do_sys_listxattr fs/xattr.c:876 [inline] __se_sys_listxattr fs/xattr.c:873 [inline] __x64_sys... • https://git.kernel.org/stable/c/72805debec8f7aa342da194fe0ed7bc8febea335 •
CVSS: 6.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41044 – ppp: reject claimed-as-LCP but actually malformed packets
https://notcve.org/view.php?id=CVE-2024-41044
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise. In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'p... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-41034 – nilfs2: fix kernel bug on rename operation of broken directory
https://notcve.org/view.php?id=CVE-2024-41034
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, __block_write_begin_int() called to prepare block write may fail BUG_ON check for access exceeding the folio/page size. This is because nilfs_dotdot(), which gets parent directory reference entry ("..") of the directory to be moved or renamed, does not check consistency enough, and may return locat... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-41020 – filelock: Fix fcntl/close race recovery compat path
https://notcve.org/view.php?id=CVE-2024-41020
29 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was patching: The normal version, and the version for 64-bit offsets on 32-bit kernels. Thanks to Greg KH for stumbling over this while doing the stable backport... Apply exactly the same fix to the compat path for 32-bit kernels. In the L... • https://git.kernel.org/stable/c/c293621bbf678a3d85e3ed721c3921c8a670610d • CWE-667: Improper Locking •