CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47710 – sock_map: Add a cond_resched() in sock_hash_free()
https://notcve.org/view.php?id=CVE-2024-47710
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets is destroyed, we need to yield the cpu when needed. In the Linux kernel, the following vulnerability has been resolved: sock_map: Add a cond_resched() in sock_hash_free() Several syzbot soft lockup reports all have in common sock_hash_free() If a map with a large number of buckets ... • https://git.kernel.org/stable/c/5bed77b0a2a0e6b6bc0ae8e851cafb38ef0374df •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47709 – can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().
https://notcve.org/view.php?id=CVE-2024-47709
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: can: bcm: Clear bo->bcm_proc_read after remove_proc_entry(). syzbot reported a warning in bcm_release(). [0] The blamed change fixed another warning that is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo->bcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release(). Let's clear bo->bcm_proc_re... • https://git.kernel.org/stable/c/5c680022c4e28ba18ea500f3e29f0428271afa92 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47707 – ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
https://notcve.org/view.php?id=CVE-2024-47707
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() Blamed commit accidentally removed a check for rt->rt6i_idev being NULL, as spotted by syzbot: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 10998 Comm: syz-executor Not tainted 6.11.0-rc6-syzkaller-00208-g6254031777... • https://git.kernel.org/stable/c/e332bc67cf5e5e5b71a1aec9750d0791aac65183 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47706 – block, bfq: fix possible UAF for bfqq->bic with merge chain
https://notcve.org/view.php?id=CVE-2024-47706
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | Λ | Λ | Λ | | | | | | V | V | V | bfqq1 bfqq2 bfqq3 process ref: 1 1 1 2) bfqq1 merged to bfqq2: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | | | Λ \--------------\| | | V V | bfqq1--------->bfqq2 bfqq3 process ref: 0 2 1 3) bfqq2 merged to bfqq3: Process 1 Process 2 Process 3 (BIC1) (BIC2) ... • https://git.kernel.org/stable/c/36eca894832351feed9072d0f97eb06fc9482ca4 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47705 – block: fix potential invalid pointer dereference in blk_add_partition
https://notcve.org/view.php?id=CVE-2024-47705
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix potential invalid pointer dereference in blk_add_partition The blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without conf... • https://git.kernel.org/stable/c/b72053072c0bbe9f1cdfe2ffa3c201c185da2201 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47704 – drm/amd/display: Check link_res->hpo_dp_link_enc before using it
https://notcve.org/view.php?id=CVE-2024-47704
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_res->hpo_dp_link_enc before using it [WHAT & HOW] Functions dp_enable_link_phy and dp_disable_link_phy can pass link_res without initializing hpo_dp_link_enc and it is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check link_res->hpo_dp_link_enc before using it [WHAT & HO... • https://git.kernel.org/stable/c/be2ca7a2c1561390d28bf2f92654d819659ba510 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47703 – bpf, lsm: Add check for BPF LSM return value
https://notcve.org/view.php?id=CVE-2024-47703
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, lsm: Add check for BPF LSM return value A bpf prog returning a positive number attached to file_alloc_security hook makes kernel panic. This happens because file system can not filter out the positive number returned by the LSM prog using IS_ERR, and misinterprets this positive number as a file pointer. Given that hook file_alloc_security never returned positive number before the introduction of BPF LSM, and other BPF LSM hooks may enc... • https://git.kernel.org/stable/c/520b7aa00d8cd8e411ecc09f63a2acd90feb6d29 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47701 – ext4: avoid OOB when system.data xattr changes underneath the filesystem
https://notcve.org/view.php?id=CVE-2024-47701
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem When looking up for an entry in an inlined directory, if e_value_offs is changed underneath the filesystem by some change in the block device, it will lead to an out-of-bounds access that KASAN detects as an UAF. EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. loop0: detected capacity change from 2048 to 2... • https://git.kernel.org/stable/c/e8e948e7802a2ab05c146d3e72a39b93b5718236 •
CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47699 – nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
https://notcve.org/view.php?id=CVE-2024-47699
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Patch series "nilfs2: fix potential issues with empty b-tree nodes". This series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot. This patch (of 3): If a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if ... • https://git.kernel.org/stable/c/17c76b0104e4a6513983777e1a17e0297a12b0c4 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47698 – drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error
https://notcve.org/view.php?id=CVE-2024-47698
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error Ensure index in rtl2832_pid_filter does not exceed 31 to prevent out-of-bounds access. dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this ... • https://git.kernel.org/stable/c/4b01e01a81b6629878344430531ced347cc2ed5b •