CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50272 – filemap: Fix bounds checking in filemap_read()
https://notcve.org/view.php?id=CVE-2024-50272
In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop. This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts. • https://git.kernel.org/stable/c/c2a9737f45e27d8263ff9643f994bda9bac0b944 https://git.kernel.org/stable/c/272830350bb1bb5bb39395966ea63b9864b135d1 https://git.kernel.org/stable/c/fbc7b803831e5c8a42c1f3427a17e55a814d6b3c https://git.kernel.org/stable/c/3d549dcfbbb0ecdaa571431a27ee5da9f2466716 https://git.kernel.org/stable/c/26530b757c81f1389fb33ae0357500150933161b https://git.kernel.org/stable/c/a2746ab3bbc9c6408da5cd072653ec8c24749235 https://git.kernel.org/stable/c/6450e73f4c86d481ac2e22e1bc848d346e140826 https://git.kernel.org/stable/c/ace149e0830c380ddfce7e466fe860ca5 •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2024-50269 – usb: musb: sunxi: Fix accessing an released usb phy
https://notcve.org/view.php?id=CVE-2024-50269
In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy(). 2) register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is released here musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy() 3) register @musb_driver again musb_probe() -> sunxi_musb_init() use the phy here but the phy has been released at 2). ... Fixed by reverting the commit, namely, removing devm_usb_put_phy() from sunxi_musb_exit(). • https://git.kernel.org/stable/c/6ed05c68cbcae42cd52b8e53b66952bfa9c002ce https://git.kernel.org/stable/c/583a4219841d00e96b5de55be160aa7eb7721a4d https://git.kernel.org/stable/c/b4ecc15d6f5a13c0bbe2777438e87e321f83faaa https://git.kernel.org/stable/c/a2259ebaa933331c53904caf792b619ec42f0da5 https://git.kernel.org/stable/c/721ddad945596220c123eb6f7126729fe277ee4f https://git.kernel.org/stable/c/4aa77d5ea9944468e16c3eed15e858fd5de44de1 https://git.kernel.org/stable/c/6e2848d1c8c0139161e69ac0a94133e90e9988e8 https://git.kernel.org/stable/c/63559ba8077cbadae1c92a65b73ea522b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50267 – USB: serial: io_edgeport: fix use after free in debug printk
https://notcve.org/view.php?id=CVE-2024-50267
In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue. • https://git.kernel.org/stable/c/984f68683298ba53af32f909de1f9452fbb37ccb https://git.kernel.org/stable/c/e6ceb04eeb6115d872d4c4078d12f1170ed755ce https://git.kernel.org/stable/c/39709ce93f5c3f9eb535efe2afea088805d1128f https://git.kernel.org/stable/c/e567fc8f7a4460e486e52c9261b1e8b9f5dc42aa https://git.kernel.org/stable/c/44fff2c16c5aafbdb70c7183dae0a415ae74705e https://git.kernel.org/stable/c/275258c30bbda29467216e96fb655b16bcc9992b https://git.kernel.org/stable/c/13d6ff3ca76056d06a9d88300be2a293442ff595 https://git.kernel.org/stable/c/314bdf446053e123f37543aa535197ee7 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50265 – ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()
https://notcve.org/view.php?id=CVE-2024-50265
In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Call Trace: [ 57.331477] <TASK> [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? • https://git.kernel.org/stable/c/399ff3a748cf4c8c853e96dd477153202636527b https://git.kernel.org/stable/c/38cbf13b2e7a31362babe411f7c2c3c52cd2734b https://git.kernel.org/stable/c/168a9b8303fcb0317db4c06b23ce1c0ce2af4e10 https://git.kernel.org/stable/c/6a7e6dcf90fe7721d0863067b6ca9a9442134692 https://git.kernel.org/stable/c/dcc8fe8c83145041cb6c80cac21f6173a3ff0204 https://git.kernel.org/stable/c/86dd0e8d42828923c68ad506933336bcd6f2317d https://git.kernel.org/stable/c/dd73c942eed76a014c7a5597e6926435274d2c4c https://git.kernel.org/stable/c/2b5369528ee63c88371816178a05b5e66 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52921 – drm/amdgpu: fix possible UAF in amdgpu_cs_pass1()
https://notcve.org/view.php?id=CVE-2023-52921
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security. • https://git.kernel.org/stable/c/9a2393af1f35d1975204fc00035c64a1c792b278 https://git.kernel.org/stable/c/e08e9dd09809b16f8f8cee8c466841b33d24ed96 https://git.kernel.org/stable/c/90e065677e0362a777b9db97ea21d43a39211399 •