CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36919 – scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
https://notcve.org/view.php?id=CVE-2024-36919
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as these fields won't be used any longer. The offload and upload calls are sequential, hence lock is not required. This will suppress following BUG_ON(): [ 449.843143] ------------[ cut here ]------------ [ 449.84830... • https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3 • CWE-667: Improper Locking •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36915 – nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
https://notcve.org/view.php?id=CVE-2024-36915
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Read of size 4 at addr... • https://git.kernel.org/stable/c/298609e7069ce74542a2253a39ccc9717f1d877a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36914 – drm/amd/display: Skip on writeback when it's not applicable
https://notcve.org/view.php?id=CVE-2024-36914
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it's not applicable [WHY] dynamic memory safety error detector (KASAN) catches and generates error messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not support certain features which are not initialized. [HOW] Skip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: omitir la reescritura cuando ... • https://git.kernel.org/stable/c/87de0a741ef6d93fcb99983138a0d89a546a043c •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36913 – Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
https://notcve.org/view.php?id=CVE-2024-36913
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. VMBus code could free decrypte... • https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6 • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36912 – Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
https://notcve.org/view.php?id=CVE-2024-36912
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. In order to make sure callers of vm... • https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81 • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36911 – hv_netvsc: Don't free decrypted memory
https://notcve.org/view.php?id=CVE-2024-36911
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The netvsc driver could free decrypted/shared pages if... • https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4 •
CVSS: 6.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36910 – uio_hv_generic: Don't free decrypted memory
https://notcve.org/view.php?id=CVE-2024-36910
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus device UIO driver could free decrypted/... • https://git.kernel.org/stable/c/dabf12bf994318d939f70d47cfda30e47abb2c54 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36909 – Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted
https://notcve.org/view.php?id=CVE-2024-36909
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. The VMBus ring buff... • https://git.kernel.org/stable/c/2f622008bf784a9f5dd17baa19223cc2ac30a039 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36905 – tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets
https://notcve.org/view.php?id=CVE-2024-36905
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by zero in tcp_rcv_space_adjust() A socket makes the following state transitions, without ever calling tcp_init_transfer(), meaning tcp_init_buffer_space() is also not called. TCP_CLOSE connect() TCP_SYN_SENT TCP_SYN_... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36897 – drm/amd/display: Atom Integrated System Info v2_2 for DCN35
https://notcve.org/view.php?id=CVE-2024-36897
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Atom Integrated System Info v2_2 for DCN35 New request from KMD/VBIOS in order to support new UMA carveout model. This fixes a null dereference from accessing Ctx->dc_bios->integrated_info while it was NULL. DAL parses through the BIOS and extracts the necessary integrated_info but was missing a case for the new BIOS version 2.3. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Atom Integr... • https://git.kernel.org/stable/c/3c7013a87124bab54216d9b99f77e8b6de6fbc1a • CWE-476: NULL Pointer Dereference •