CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46752 – btrfs: replace BUG_ON() with error handling at update_ref_for_cow()
https://notcve.org/view.php?id=CVE-2024-46752
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the relocation tree that doesn't have the full backref flag set. This is unexpected and should never happen (save for bugs or a potential bad memory). In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_O... • https://git.kernel.org/stable/c/b50857b96429a09fd3beed9f7f21b7bb7c433688 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46751 – btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
https://notcve.org/view.php?id=CVE-2024-46751
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message. In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and loggin... • https://git.kernel.org/stable/c/9c309d2434abbe880712af7e60da9ead8b6703fe •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46750 – PCI: Add missing bridge lock to pci_bus_lock()
https://notcve.org/view.php?id=CVE-2024-46750
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_secondary_bus_reset+0x5d/0x70 RIP: 0010:pci_bridge_secondary_bus_reset+0x5d/0x70 Call Trace: <TASK> ? __warn+0x8c/0x190 ? pci_bridge_secondary_bus_reset+0x5d/0x70 ? report_bug+0x1f8/0x200 ? handle_bug+0x3c/0x70 ? • https://git.kernel.org/stable/c/0790b89c7e911003b8c50ae50e3ac7645de1fae9 • CWE-667: Improper Locking •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46747 – HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
https://notcve.org/view.php?id=CVE-2024-46747
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it In the Linux kernel, the following vulnerability has been resolved: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before... • https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46745 – Input: uinput - reject requests with unreasonable number of slots
https://notcve.org/view.php?id=CVE-2024-46745
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memor... • https://git.kernel.org/stable/c/9c6d189f0c1c59ba9a32326ec82a0b367a3cd47b • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46744 – Squashfs: sanity check symbolic link size
https://notcve.org/view.php?id=CVE-2024-46744
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read from disk. The reason why the corrupted symlink size causes an uninitialised page is due to the following sequence of events: 1. squashfs_read_inode() is called to read the symbolic link from disk. This assigns the corrupted value 3875... • https://git.kernel.org/stable/c/f82cb7f24032ed023fc67d26ea9bf322d8431a90 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46743 – of/irq: Prevent device address out-of-bounds read in interrupt map walk
https://notcve.org/view.php?id=CVE-2024-46743
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: in... • https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46733 – btrfs: fix qgroup reserve leaks in cow_file_range
https://notcve.org/view.php?id=CVE-2024-46733
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note... • https://git.kernel.org/stable/c/159f0f61b283ea71e827dd0c18c5dce197de1fa2 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46731 – drm/amd/pm: fix the Out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46731
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. Chenyuan Yang discovered that the CEC driver driver in the Linux kernel contained a use-after-free vulnerability. A local attacker could use t... • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46725 – drm/amdgpu: Fix out-of-bounds write warning
https://notcve.org/view.php?id=CVE-2024-46725
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bo... • https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2 • CWE-787: Out-of-bounds Write •