CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50217 – btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
https://notcve.org/view.php?id=CVE-2024-50217
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Mounting btrfs from two images (which have the same one fsid and two different dev_uuids) in certain executing order may trigger an UAF for variable 'device->bdev_file' in __btrfs_free_extra_devids(). And following are the details: 1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs devices by ioctl(BTRFS_IOC_SCAN_DEV): / btrfs_device_1 → loop0 fs_... • https://git.kernel.org/stable/c/142388194191a3edc9ba01cfcfd8b691e0971fb2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50216 – xfs: fix finding a last resort AG in xfs_filestream_pick_ag
https://notcve.org/view.php?id=CVE-2024-50216
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: xfs: fix finding a last resort AG in xfs_filestream_pick_ag When the main loop in xfs_filestream_pick_ag fails to find a suitable AG it tries to just pick the online AG. But the loop for that uses args->pag as loop iterator while the later code expects pag to be set. Fix this by reusing the max_pag case for this last resort, and also add a check for impossible case of no AG just to make sure that the uninitialized pag doesn't even escape in... • https://git.kernel.org/stable/c/f8f1ed1ab3babad46b25e2dbe8de43b33fe7aaa6 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50215 – nvmet-auth: assign dh_key to NULL after kfree_sensitive
https://notcve.org/view.php?id=CVE-2024-50215
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup() for the same controller. So it's better to nullify it after release on error path in order to avoid double free later in nvmet_destroy_auth(). Found by Linux Verification Center (linuxtesting.org) with Svace. In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL aft... • https://git.kernel.org/stable/c/7a277c37d3522e9b2777d762bbbcecafae2b1f8d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50214 – drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()
https://notcve.org/view.php?id=CVE-2024-50214
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic() modprobe drm_connector_test and then rmmod drm_connector_test, the following memory leak occurs. The `mode` allocated in drm_mode_duplicate() called by drm_display_mode_from_cea_vic() is not freed, which cause the memory leak: unreferenced object 0xffffff80cb0ee400 (size 128): comm "kunit_try_catch", pid 1948, jiffies 4294950339 hex dump (first 32 bytes): 14 44 02 00 80... • https://git.kernel.org/stable/c/abb6f74973e20956d42e8227dde6fb4e92502c14 •
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50213 – drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()
https://notcve.org/view.php?id=CVE-2024-50213
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test and then rmmod it, the following memory leak occurs. The `mode` allocated in drm_mode_duplicate() called by drm_display_mode_from_cea_vic() is not freed, which cause the memory leak: unreferenced object 0xffffff80ccd18100 (size 128): comm "kunit_try_catch", pid 1851, jiffies 4295059695 hex dump (first 32 bytes): 57 62 00 00 80 02 90 02 f... • https://git.kernel.org/stable/c/4af70f19e55904147c0515ff874204a5306ac807 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50212 – lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
https://notcve.org/view.php?id=CVE-2024-50212
09 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls Ben Greear reports following splat: ------------[ cut here ]------------ net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0 Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Hardware name: Default string D... • https://git.kernel.org/stable/c/a473573964e51dcb6efc182f773cd3924be4a184 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50211 – udf: refactor inode_bmap() to handle error
https://notcve.org/view.php?id=CVE-2024-50211
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now detect errors and bail out early without resorting to checking for particular offsets and assuming internal behavior of these functions. In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_... • https://git.kernel.org/stable/c/493447dd8336607fce426f7879e581095f6c606e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50210 – posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()
https://notcve.org/view.php?id=CVE-2024-50210
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and release the fd related resource. However the below commit left the error path locked behind resulting in unbalanced locking. Check timespec64_val... • https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50209 – RDMA/bnxt_re: Add a check for memory allocation
https://notcve.org/view.php?id=CVE-2024-50209
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances. In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails. Driver is not checking the status on one of the instances. • https://git.kernel.org/stable/c/0c4dcd602817502bb3dced7a834a13ef717d65a4 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50208 – RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages
https://notcve.org/view.php?id=CVE-2024-50208
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, leading to invalid memory access after 256K PBL entries in the PDE. In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re... • https://git.kernel.org/stable/c/0c4dcd602817502bb3dced7a834a13ef717d65a4 • CWE-125: Out-of-bounds Read •