CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50207 – ring-buffer: Fix reader locking when changing the sub buffer order
https://notcve.org/view.php?id=CVE-2024-50207
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix reader locking when changing the sub buffer order The function ring_buffer_subbuf_order_set() updates each ring_buffer_per_cpu and installs new sub buffers that match the requested page order. This operation may be invoked concurrently with readers that rely on some of the modified data, such as the head bit (RB_PAGE_HEAD), or the ring_buffer_per_cpu.pages and reader_page pointers. However, no exclusive access is acquired b... • https://git.kernel.org/stable/c/8e7b58c27b3c567316a51079b375b846f9223bba •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50206 – net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init
https://notcve.org/view.php?id=CVE-2024-50206
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up to MTK_FQ_DMA_LENGTH buffers must only touch as many descriptors, otherwise it ends up corrupting unrelated memory. Fix the loop iteration count accordingly. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: fix memory corruption during fq dma init The loop responsible for allocating up to... • https://git.kernel.org/stable/c/c57e558194430d10d5e5f4acd8a8655b68dade13 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50205 – ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()
https://notcve.org/view.php?id=CVE-2024-50205
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check before the division. The observed behavior was introduced by commit 826b5de90c0b ("ALSA: firewire-lib: fix insufficient PCM rule for period/buffer size"), and it is difficult to show that any of the interval parameters will satisfy the ... • https://git.kernel.org/stable/c/826b5de90c0bca4e9de6231da9e1730480621588 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50204 – fs: don't try and remove empty rbtree node
https://notcve.org/view.php?id=CVE-2024-50204
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added the new copy into the namespace rbtree until after the copy succeeded. Calling free_mnt_ns() will try to remove the copy from the rbtree which is invalid. Simply free the namespace skeleton directly. In the Linux kernel, the following vulnerability has been resolved: fs: don't try and remove empty rbtree node When copying a namespace we won't have added ... • https://git.kernel.org/stable/c/1901c92497bd90caf608a474f1bf4d8795b372a2 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50203 – bpf, arm64: Fix address emission with tag-based KASAN enabled
https://notcve.org/view.php?id=CVE-2024-50203
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_image struct on the stack is passed during the size calculation pass and an address on the heap is passed during code generation. This may cause a heap buffer overflow if the heap address is tagged because emit_a64_mov_i64() will emit longer code than it did during the size calculation pass. The same problem could ... • https://git.kernel.org/stable/c/19d3c179a37730caf600a97fed3794feac2b197b •
CVSS: 2.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50202 – nilfs2: propagate directory read errors from nilfs_find_entry()
https://notcve.org/view.php?id=CVE-2024-50202
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/fo... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50201 – drm/radeon: Fix encoder->possible_clones
https://notcve.org/view.php?id=CVE-2024-50201
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Fix encoder->possible_clones Include the encoder itself in its possible_clones bitmask. In the past nothing validated that drivers were populating possible_clones correctly, but that changed in commit 74d2aacbe840 ("drm: Validate encoder->possible_clones"). Looks like radeon never got the memo and is still not following the rules 100% correctly. This results in some warnings during driver initialization: Bogus possible_clones: [... • https://git.kernel.org/stable/c/74d2aacbe84042d89f572a3112a146fca05bfcb1 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50200 – maple_tree: correct tree corruption on spanning store
https://notcve.org/view.php?id=CVE-2024-50200
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: maple_tree: correct tree corruption on spanning store Patch series "maple_tree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence since the inception of the algorithm. This bug seems far more likely to happen since commit f8d112a4e657 ("mm/mmap: avoid zeroing vma tree in mmap_region()"), which is the point at which reports started to be submitte... • https://git.kernel.org/stable/c/54a611b605901c7d5d05b6b8f5d04a6ceb0962aa •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50199 – mm/swapfile: skip HugeTLB pages for unuse_vma
https://notcve.org/view.php?id=CVE-2024-50199
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message: mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7) We can tell that pud_clear_bad is ... • https://git.kernel.org/stable/c/0fe6e20b9c4c53b3e97096ee73a0857f60aad43f •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50198 – iio: light: veml6030: fix IIO device retrieval from embedded device
https://notcve.org/view.php?id=CVE-2024-50198
08 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indio_dev gets a NULL assignment. This bug ... • https://git.kernel.org/stable/c/7b779f573c48e1ad6da1d6ea5f181f3ecd666bf6 •