CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47730 – crypto: hisilicon/qm - inject error before stopping queue
https://notcve.org/view.php?id=CVE-2024-47730
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo befor... • https://git.kernel.org/stable/c/6c6dd5802c2d6769fa589c0e8de54299def199a7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47728 – bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
https://notcve.org/view.php?id=CVE-2024-47728
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here. Also, the MTU helpers mtu_len pointer value is being written ... • https://git.kernel.org/stable/c/d7a4cb9b6705a89937d12c8158a35a3145dc967a •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47726 – f2fs: fix to wait dio completion
https://notcve.org/view.php?id=CVE-2024-47726
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may ... • https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47723 – jfs: fix out-of-bounds in dbNextAG() and diAlloc()
https://notcve.org/view.php?id=CVE-2024-47723
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount(). And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented. Additionally, a check for the cas... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52917 – ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
https://notcve.org/view.php?id=CVE-2023-52917
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. • https://git.kernel.org/stable/c/e26a5843f7f5014ae4460030ca4de029a3ac35d3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47720 – drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
https://notcve.org/view.php?id=CVE-2024-47720
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn30_set_output_transfer_func function. Previously, set_output_gamma was being checked for nullity at line 386, but then it was being dereferenced without any nullity check at line 401. This could potentially lead to a null pointer dereference error if set_output_gamma is inde... • https://git.kernel.org/stable/c/d99f13878d6f9c286b13860d8bf0b4db9ffb189a •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47718 – wifi: rtw88: always wait for both firmware loading attempts
https://notcve.org/view.php?id=CVE-2024-47718
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()' has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue 'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/c8e5695eae9959fc5774c0f490f2450be8bad3de •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47713 – wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
https://notcve.org/view.php?id=CVE-2024-47713
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() n... • https://git.kernel.org/stable/c/5061b0c2b9066de426fbc63f1278d2210e789412 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-47712 – wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
https://notcve.org/view.php?id=CVE-2024-47712
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. This possible bug was identi... • https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47710 – sock_map: Add a cond_resched() in sock_hash_free()
https://notcve.org/view.php?id=CVE-2024-47710
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets is destroyed, we need to yield the cpu when needed. In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets ... • https://git.kernel.org/stable/c/5bed77b0a2a0e6b6bc0ae8e851cafb38ef0374df •