CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50140 – sched/core: Disable page allocation in task_tick_mm_cid()
https://notcve.org/view.php?id=CVE-2024-50140
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 63.696416] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 610, name: modprobe [ 63.696416] preempt_count: 10001, expected: 0 [ 63.696416] RCU nest depth: 1, expected... • https://git.kernel.org/stable/c/223baf9d17f25e2608dbdff7232c095c1e612268 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50139 – KVM: arm64: Fix shift-out-of-bounds bug
https://notcve.org/view.php?id=CVE-2024-50139
07 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14 shift exponent 33 is too large for 32-bit type 'int' CPU: 26 UID: 0 PID: 7629 Comm: qemu-kvm Not tainted 6.12.0-rc2 #34 Hardware name: IEI NF5280R7/Mitchell MB, BIOS 00.00. 2024-10-12 09:28:54 10/14/2024 Call trace: dump_backtrace+0xa0/0x128 show... • https://git.kernel.org/stable/c/7af0c2534f4c57b16e92dfca8c5f40fa90fbb3f3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50138 – bpf: Use raw_spinlock_t in ringbuf
https://notcve.org/view.php?id=CVE-2024-50138
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT variant. This issue is illustrated in the example below: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_cou... • https://git.kernel.org/stable/c/457f44363a8894135c85b7a9afd2bd8196db24ab •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50137 – reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC
https://notcve.org/view.php?id=CVE-2024-50137
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver") was added. Add the judgment condition to avoid errors when calling reset_control_status on JH7110 SoC. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: reset: starfive: jh71x0: Se ha corregido el acceso al miembro vacío en el SoC JH71... • https://git.kernel.org/stable/c/82327b127d4117e5b867cca945f97a5074aef786 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50136 – net/mlx5: Unregister notifier on eswitch init failure
https://notcve.org/view.php?id=CVE-2024-50136
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]------------ [ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered [ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90 [...snipped] [ 682.610052] Call Trace: [ 682... • https://git.kernel.org/stable/c/0aa1e83a20f12e9eaad32f72212ebc7fe0c29c95 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50135 – nvme-pci: fix race condition between reset and nvme_dev_disable()
https://notcve.org/view.php?id=CVE-2024-50135
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvme_dev_disable() nvme_dev_disable() modifies the dev->online_queues field, therefore nvme_pci_update_nr_queues() should avoid racing against it, otherwise we could end up passing invalid values to blk_mq_update_nr_hw_queues(). WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347 pci_irq_get_affinity+0x187/0x210 Workqueue: nvme-reset-wq nvme_reset_work [nvme] RIP: 0010:pci_irq_get_affinity... • https://git.kernel.org/stable/c/949928c1c731417cc0f070912c63878b62b544f4 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50134 – drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA
https://notcve.org/view.php?id=CVE-2024-50134
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single field "p->data" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4) [ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsm... • https://git.kernel.org/stable/c/dd55d44f408419278c00887bfcb2261d0caae350 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50133 – LoongArch: Don't crash in stack_top() for tasks without vDSO
https://notcve.org/view.php?id=CVE-2024-50133
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stack_top() for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL vdso pointer and crash. This can for example happen when using kunit: [<9000000000203874>] stack_top+0x58/0xa8 [<90000000002956cc>] arch_pick_mmap_layout+0x164/0x220 [<90000000003c284c>] kunit_vm_mmap_init+0x108/0x12c [<90000000003c1fbc>] __k... • https://git.kernel.org/stable/c/803b0fc5c3f2baa6e54978cd576407896f789b08 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50132 – tracing/probes: Fix MAX_TRACE_ARGS limit handling
https://notcve.org/view.php?id=CVE-2024-50132
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. However, we would only initialize arguments up to the limit. This caused invalid memory access when attempting to set up probes with more than 128 fetchargs. BUG: kernel NULL pointer dereference, address: 0000000000000020 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - n... • https://git.kernel.org/stable/c/035ba76014c096316fa809a46ce0a1b9af1cde0d •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50131 – tracing: Consider the NULL character when validating the event length
https://notcve.org/view.php?id=CVE-2024-50131
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no space for the NULL terminating character. This commit checks this condition and returns failure for it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: considerar el carácter NULL al validar la longitud del... • https://git.kernel.org/stable/c/dec65d79fd269d05427c8167090bfc9c3d0b56c4 •