CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50169 – vsock: Update rx_bytes on read_skb()
https://notcve.org/view.php?id=CVE-2024-50169
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt() calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) after vsock_transport::read_skb(). While here, also inform the peer that we've freed up space and it has more credit. Failing to update rx_bytes after packet is dequeued leads to a warning on SOCK_STREAM recv(): [ 233.396654] rx_queue is empty, but rx_bytes is non-ze... • https://git.kernel.org/stable/c/634f1a7110b439c65fd8a809171c1d2d28bcea6f •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50168 – net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()
https://notcve.org/view.php?id=CVE-2024-50168
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb in case of skb->len being too long, add dev_kfree_skb() to fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sun3_82586: corrige una posible pérdida de memoria en sun3_82586_send_packet(). sun3_82586_send_packet() devuelve NETDEV_TX_OK sin liberar skb en caso de que skb->... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50167 – be2net: fix potential memory leak in be_xmit()
https://notcve.org/view.php?id=CVE-2024-50167
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: be2net: corrige una posible pérdida de memoria en be_xmit(). Be_xmit() devuelve NETDEV_TX_OK sin liberar skb en caso de que be_xmit_enqueue() falle, agregue dev_kfree_skb_any() para solucionarlo. In the L... • https://git.kernel.org/stable/c/760c295e0e8d982917d004c9095cff61c0cbd803 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50166 – fsl/fman: Fix refcount handling of fman-related devices
https://notcve.org/view.php?id=CVE-2024-50166
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In mac_probe() there are multiple calls to of_find_device_by_node(), fman_bind() and fman_port_bind() which takes references to of_dev->dev. Not all references taken by these calls are released later on error path in mac_probe() and in mac_remove() which lead to reference leaks. Add references release. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fsl/fman: se ha c... • https://git.kernel.org/stable/c/3933961682a30ae7d405cda344c040a129fea422 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50165 – bpf: Preserve param->string when parsing mount options
https://notcve.org/view.php?id=CVE-2024-50165
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param->string when parsing mount options In bpf_parse_param(), keep the value of param->string intact so it can be freed later. Otherwise, the kmalloc area pointed to by param->string will be leaked as shown below: unreferenced object 0xffff888118c46d20 (size 8): comm "new_name", pid 12109, jiffies 4295580214 hex dump (first 8 bytes): 61 6e 79 00 38 c9 5c 7e any.8.\~ backtrace (crc e1b7f876): [<00000000c6848ac7>] kmemleak_allo... • https://git.kernel.org/stable/c/6c1752e0b6ca8c7021d6da3926738d8d88f601a9 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50164 – bpf: Fix overloading of MEM_UNINIT's meaning
https://notcve.org/view.php?id=CVE-2024-50164
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEM_UNINIT's meaning Lonial reported an issue in the BPF verifier where check_mem_size_reg() has the following code: if (!tnum_is_const(reg->var_off)) /* For unprivileged variable accesses, disable raw * mode so that the program is required to * initialize all the memory that the helper could * just partially fill up. */ meta = NULL; This means that writes are not checked when the register containing the size of the ... • https://git.kernel.org/stable/c/7b3552d3f9f6897851fc453b5131a967167e43c2 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50163 – bpf: Make sure internal and UAPI bpf_redirect flags don't overlap
https://notcve.org/view.php?id=CVE-2024-50163
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap The bpf_redirect_info is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri->flags field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that if skb bpf_redirect_neigh() is used with a non-NULL params argument and, subsequently, an XDP redirect is performed using the same bpf_redirect_info struct, the XDP p... • https://git.kernel.org/stable/c/e624d4ed4aa8cc3c69d1359b0aaea539203ed266 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50162 – bpf: devmap: provide rxq after redirect
https://notcve.org/view.php?id=CVE-2024-50162
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: devmap: provide rxq after redirect rxq contains a pointer to the device from where the redirect happened. Currently, the BPF program that was executed after a redirect via BPF_MAP_TYPE_DEVMAP* does not have it set. This is particularly bad since accessing ingress_ifindex, e.g. SEC("xdp") int prog(struct xdp_md *pkt) { return bpf_redirect_map(&dev_redirect_map, 0, 0); } SEC("xdp/devmap") int prog_after_redirect(struct xdp_md *pkt) { bpf... • https://git.kernel.org/stable/c/cb261b594b4108668e00f565184c7c221efe0359 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50161 – bpf: Check the remaining info_cnt before repeating btf fields
https://notcve.org/view.php?id=CVE-2024-50161
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Check the remaining info_cnt before repeating btf fields When trying to repeat the btf fields for array of nested struct, it doesn't check the remaining info_cnt. The following splat will be reported when the value of ret * nelems is greater than BTF_FIELDS_MAX: ------------[ cut here ]------------ UBSAN: array-index-out-of-bounds in ../kernel/bpf/btf.c:3951:49 index 11 is out of range for type 'btf_field_info [11]' CPU: 6 UID: 0 PID: ... • https://git.kernel.org/stable/c/64e8ee814819f21beeeda00d4119221443d77992 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50160 – ALSA: hda/cs8409: Fix possible NULL dereference
https://notcve.org/view.php?id=CVE-2024-50160
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dereference, ignore the fail. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente v... • https://git.kernel.org/stable/c/20e507724113300794f16884e7e7507d9b4dec68 •