CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50118 – btrfs: reject ro->rw reconfiguration if there are hard ro requirements
https://notcve.org/view.php?id=CVE-2024-50118
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) Oops: general protection fault, probably for non-canonical address 0xdff... • https://git.kernel.org/stable/c/f044b318675f0347ecfb88377542651ba4eb9e1f •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50117 – drm/amd: Guard against bad data for ATIF ACPI method
https://notcve.org/view.php?id=CVE-2024-50117
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2)) ? • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50116 – nilfs2: fix kernel bug due to missing clearing of buffer delay flag
https://notcve.org/view.php?id=CVE-2024-50116
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug. This is because the buffer delay flag is not cleared when clearing the buffer state flags to discard a page/folio or a buffer head. So, fix this. This became necessary when the use of n... • https://git.kernel.org/stable/c/8c26c4e2694a163d525976e804d81cd955bbb40c •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50115 – KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory
https://notcve.org/view.php?id=CVE-2024-50115
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforce 32-byte alignment of nCR3. In the absolute worst case scenario, failure to ignore bits 4:0 can result in an out-of-bounds read, e.g. if the target page is at the end of a memslot, and the VMM isn't using guard pages. Per the APM: Th... • https://git.kernel.org/stable/c/e4e517b4be019787ada4cbbce2f04570c21b0cbd • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50114 – KVM: arm64: Unregister redistributor for failed vCPU creation
https://notcve.org/view.php?id=CVE-2024-50114
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 Read of size 8 at addr ffffff801c6890d0 by task syz.3.2219/10758 CPU: 3 UID: 0 PID: 10758 Comm: syz.3.2219 Not tainted 6.11.0-rc6-dirty #64 Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0x... • https://git.kernel.org/stable/c/f616506754d34bcfdbfbc7508b562e5c98461e9a • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50113 – firewire: core: fix invalid port index for parent device
https://notcve.org/view.php?id=CVE-2024-50113
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self ID sequence"), the enumeration over self ID sequence was refactored with some helper functions with KUnit tests. These helper functions are guaranteed to work expectedly by the KUnit tests, however their application includes a mistake to assign invalid value to the index of port connected to parent device. This b... • https://git.kernel.org/stable/c/24b7f8e5cd656196a13077e160aec45ad89b58d9 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50112 – x86/lam: Disable ADDRESS_MASKING in most cases
https://notcve.org/view.php?id=CVE-2024-50112
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as described in the SLAM paper[1]. Unless Linear Address Space Separation (LASS) is enabled this weakness may be exploitable. Until kernel adds support for LASS[2], only allow LAM for COMPILE_TEST, or when speculation mitigations have been disabled at compile time, otherwise keep LAM disabled. There are no processors in ... • https://git.kernel.org/stable/c/60a5ba560f296ad8da153f6ad3f70030bfa3958f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50111 – LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context
https://notcve.org/view.php?id=CVE-2024-50111
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause sleep. Then we will get: BUG: sleeping function called from invalid context at arch/loongarch/kernel/access-helper.h:7 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, name: modprobe preempt_count: 0, expected: 0 RCU nest ... • https://git.kernel.org/stable/c/fa96b57c149061f71a70bd6582d995f6424fbbf4 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50110 – xfrm: fix one more kernel-infoleak in algo dumping
https://notcve.org/view.php?id=CVE-2024-50110
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_aft... • https://git.kernel.org/stable/c/c7a5899eb26e2a4d516d53f65b6dd67be2228041 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50109 – md/raid10: fix null ptr dereference in raid10_size()
https://notcve.org/view.php?id=CVE-2024-50109
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while mddev->private is still NULL, causing null ptr dereference in raid10_size(). Fix the problem by only overwrite the return value if raid10_set_queue_limits() failed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: m... • https://git.kernel.org/stable/c/3d8466ba68d444f5528dcbff106e8bf5c7d51aa0 •