CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40976 – drm/lima: mask irqs in timeout path before hard reset
https://notcve.org/view.php?id=CVE-2024-40976
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump such as... • https://git.kernel.org/stable/c/03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40975 – platform/x86: x86-android-tablets: Unregister devices in reverse order
https://notcve.org/view.php?id=CVE-2024-40975
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the regulator subsystem. If a regulator gets unregistered while there are still drivers holding a reference a WARN() at drivers/regulator/core.c:5829 triggers, e.g.: WARNING: CPU: 1 PID: 1587 at drivers/regulator/co... • https://git.kernel.org/stable/c/36ff963c133a25ed1166a25c3ba8b357ea010fda •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40974 – powerpc/pseries: Enforce hcall result buffer validity and size
https://notcve.org/view.php?id=CVE-2024-40974
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through comments in the code and the compiler has no idea. For example, if I write a bug like this: long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ... • https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40973 – media: mtk-vcodec: potential null pointer deference in SCP
https://notcve.org/view.php?id=CVE-2024-40973
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. • https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354 •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40972 – ext4: do not create EA inode under buffer lock
https://notcve.org/view.php?id=CVE-2024-40972
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (which acquires locks on other buffers) under the buffer lock. This can even deadlock when the filesystem is corrupted and e.g. quota file is setup to contain xattr block as data block. Move the allocation of EA inode out of ext4_xattr_... • https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd • CWE-833: Deadlock •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40971 – f2fs: remove clear SB_INLINECRYPT flag in default_options
https://notcve.org/view.php?id=CVE-2024-40971
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -f2fs_remount -f2fs_file_open or f2fs_new_inode -default_options <- clear SB_INLINECRYPT flag ... • https://git.kernel.org/stable/c/38a82c8d00638bb642bef787eb1d5e0e4d3b7d71 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40970 – Avoid hw_desc array overrun in dw-axi-dmac
https://notcve.org/view.php?id=CVE-2024-40970
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Avoid hw_desc array overrun in dw-axi-dmac I have a use case where nr_buffers = 3 and in which each descriptor is composed by 3 segments, resulting in the DMA channel descs_allocated to be 9. Since axi_desc_put() handles the hw_desc considering the descs_allocated, this scenario would result in a kernel panic (hw_desc array will be overrun). To fix this, the proposal is to add a new member to the axi_dma_desc structure, where we keep the... • https://git.kernel.org/stable/c/7c3bb96a20cd8db3b8824b2ff08b6cde4505c7e5 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40969 – f2fs: don't set RO when shutting down f2fs
https://notcve.org/view.php?id=CVE-2024-40969
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: don't set RO when shutting down f2fs Shutdown does not check the error of thaw_super due to readonly, which causes a deadlock like below. f2fs_ioc_shutdown(F2FS_GOING_DOWN_FULLSYNC) issue_discard_thread - bdev_freeze - freeze_super - f2fs_stop_checkpoint() - f2fs_handle_critical_error - sb_start_write - set RO - waiting - bdev_thaw - thaw_super_locked ... • https://git.kernel.org/stable/c/1036d3ea7a32cb7cee00885c73a1f2ba7fbc499a •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40968 – MIPS: Octeon: Add PCIe link status check
https://notcve.org/view.php?id=CVE-2024-40968
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by "Data bus error". So it is necessary to add PCIe link status check for system protection. When the PCIe link is down or in training, assigning a value of 0 to the configuration ad... • https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419 •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40967 – serial: imx: Introduce timeout when waiting on transmitter empty
https://notcve.org/view.php?id=CVE-2024-40967
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue. • https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7 • CWE-833: Deadlock •