CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43890 – tracing: Fix overflow in get_free_elt()
https://notcve.org/view.php?id=CVE-2024-43890
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the overflow could result in the tracing_map containing "tracing_map->max_size" elements, leaving no empty entries. If any attempt is made to insert a... • https://git.kernel.org/stable/c/08d43a5fa063e03c860f2f391a30c388bcbc948e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43886 – drm/amd/display: Add null check in resource_log_pipe_topology_update
https://notcve.org/view.php?id=CVE-2024-43886
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check in resource_log_pipe_topology_update [WHY] When switching from "Extend" to "Second Display Only" we sometimes call resource_get_otg_master_for_stream on a stream for the eDP, which is disconnected. This leads to a null pointer dereference. [HOW] Added a null check in dc_resource.c/resource_log_pipe_topology_update. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null c... • https://git.kernel.org/stable/c/c36e922a36bdf69765c340a0857ca74092003bee •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43884 – Bluetooth: MGMT: Add error handling to pair_device()
https://notcve.org/view.php?id=CVE-2024-43884
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a c... • https://git.kernel.org/stable/c/5157b8a503fa834e8569c7fed06981e3d3d53db0 •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43883 – usb: vhci-hcd: Do not drop references before new references are gained
https://notcve.org/view.php?id=CVE-2024-43883
23 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the ... • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48938 – CDC-NCM: avoid overflow in sanity checking
https://notcve.org/view.php?id=CVE-2022-48938
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48931 – configfs: fix a race in configfs_{,un}register_subsystem()
https://notcve.org/view.php?id=CVE-2022-48931
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|--------... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48930 – RDMA/ib_srp: Fix a deadlock
https://notcve.org/view.php?id=CVE-2022-48930
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_wo... • https://git.kernel.org/stable/c/ef6c49d87c3418c442a22e55e3ce2f91b163d69e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48928 – iio: adc: men_z188_adc: Fix a resource leak in an error handling path
https://notcve.org/view.php?id=CVE-2022-48928
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, as already done in the remove function. In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is ... • https://git.kernel.org/stable/c/74aeac4da66fbfa246edbfc849002eac9b5af9ca •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48926 – usb: gadget: rndis: add spinlock for rndis response list
https://notcve.org/view.php?id=CVE-2022-48926
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to add in rndis_add_response / rndis_free_response / rndis_get_next_response to prevent any race condition on response list. [ 361.894299] [1: irq/191-dwc3:16979] list_add corruption. next->prev should be prev (ffffff80651764d0), but was f... • https://git.kernel.org/stable/c/f6281af9d62e128aa6efad29cf7265062af114f2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48943 – KVM: x86/mmu: make apf token non-zero to fix bug
https://notcve.org/view.php?id=CVE-2022-48943
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to the Guest. This function test token value of struct kvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a READY event is finished by Guest. If value is zero meaning that a READY event is done, so the KVM can deliver... • https://git.kernel.org/stable/c/72fdfc75d4217b32363cc80def3de2cb3fef3f02 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •