CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50126 – net: sched: use RCU read-side critical section in taprio_dump()
https://notcve.org/view.php?id=CVE-2024-50126
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. Never seen on x86 but found on a KASAN-enabled arm64 system when investigating https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa: [T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0 [T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862 [T15862... • https://git.kernel.org/stable/c/18cdd2f0998a4967b1fff4c43ed9aef049e42c39 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2024-50125 – Bluetooth: SCO: Fix UAF on sco_sock_timeout
https://notcve.org/view.php?id=CVE-2024-50125
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: SCO: Se corrige que UAF en sco_sock_timeout conn->sk pueda haberse desvinculado/liberado mientras se esperaba sco_conn_lock, por lo que esto verifica si conn->... • https://git.kernel.org/stable/c/ba316be1b6a00db7126ed9a39f9bee434a508043 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50124 – Bluetooth: ISO: Fix UAF on iso_sock_timeout
https://notcve.org/view.php?id=CVE-2024-50124
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Se corrigió que UAF en iso_sock_timeout conn->sk pudiera haberse desvinculado/liberado mientras se esperaba a iso_conn_lock, por lo que esto verifica si conn... • https://git.kernel.org/stable/c/ccf74f2390d60a2f9a75ef496d2564abb478f46a • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50123 – bpf: Add the missing BPF_LINK_TYPE invocation for sockmap
https://notcve.org/view.php?id=CVE-2024-50123
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link Also add comments for bpf_link_type to prevent missing updates in the future. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Agregue la invocación BPF_LINK_TYPE faltante para sockmap Hay una lectura fuera de ... • https://git.kernel.org/stable/c/699c23f02c65cbfc3e638f14ce0d70c23a2e1f02 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50122 – PCI: Hold rescan lock while adding devices during host probe
https://notcve.org/view.php?id=CVE-2024-50122
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe functions. The latter need to take the rescan lock when adding devices or we may end up in an undefined state having two incompletely added devices and hit the following crash when trying to remove the device over sysfs: Unable to handl... • https://git.kernel.org/stable/c/4565d2652a37e438e4cd729e2a8dfeffe34c958c •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50121 – nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net
https://notcve.org/view.php?id=CVE-2024-50121
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will release all resources related to the hashed `nfs4_client`. If the `nfsd_client_shrinker` is running concurrently, the `expire_client` function will first unhash this client and then destroy it. This can lead to the following war... • https://git.kernel.org/stable/c/2bbf10861d51dae76c6da7113516d0071c782653 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50120 – smb: client: Handle kstrdup failures for passwords
https://notcve.org/view.php?id=CVE-2024-50120
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocation fails, return -ENOMEM. If ses->password2 allocation fails, free ses->password, set it to NULL, and return -ENOMEM. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Manejar errores de kstrdup para contr... • https://git.kernel.org/stable/c/7e8cffa4f85e6839335d75e6b47f918d90c1d194 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50119 – cifs: fix warning when destroy 'cifs_io_request_pool'
https://notcve.org/view.php?id=CVE-2024-50119
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifs_io_request_pool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50118 – btrfs: reject ro->rw reconfiguration if there are hard ro requirements
https://notcve.org/view.php?id=CVE-2024-50118
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) Oops: general protection fault, probably for non-canonical address 0xdff... • https://git.kernel.org/stable/c/f044b318675f0347ecfb88377542651ba4eb9e1f •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50117 – drm/amd: Guard against bad data for ATIF ACPI method
https://notcve.org/view.php?id=CVE-2024-50117
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •