CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50106 – nfsd: fix race between laundromat and free_stateid
https://notcve.org/view.php?id=CVE-2024-50106
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has expired and needs to be revoked so it marks the delegation stid revoked and it puts it on a reaper list but then it unlock the state lock and the actual delegation revocation happens without the lock. Once the stid is marked revoked a ra... • https://git.kernel.org/stable/c/83e733161fde43e2f99cefa68e369944460fce39 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50105 – ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc
https://notcve.org/view.php?id=CVE-2024-50105
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") moved the allocation of Soundwire stream runtime from the Qualcomm Soundwire driver to each individual machine sound card driver, except that it forgot to update SC7280 card. Just like for other Qualcomm sound cards using Soundwire, the card driver should allocate and release the runtime. Other... • https://git.kernel.org/stable/c/15c7fab0e0477d7d7185eac574ca43c15b59b015 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50104 – ASoC: qcom: sdm845: add missing soundwire runtime stream alloc
https://notcve.org/view.php?id=CVE-2024-50104
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sdm845: add missing soundwire runtime stream alloc During the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845 soundcard was forgotten. At this point any playback attempt or audio daemon startup, for instance on sdm845-db845c (Qualcomm RB3 board), will result in stream pointer NULL dereference: Unable to handle kernel NULL pointer dereference at virtual... • https://git.kernel.org/stable/c/15c7fab0e0477d7d7185eac574ca43c15b59b015 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-50103 – ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()
https://notcve.org/view.php?id=CVE-2024-50103
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred without addtional check. Add a NULL check for the returned pointer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: Se ha corregido la desreferencia NULL en asoc_qcom_lpass_cpu_platform_probe(). Una devm_... • https://git.kernel.org/stable/c/b5022a36d28f6a99c1a57f54246e8b566cf094d5 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50102 – x86: fix user address masking non-canonical speculation issue
https://notcve.org/view.php?id=CVE-2024-50102
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether an access is in user space or kernel space ends up with the good old "leak speculative data" if you have the right gadget using the result: CVE-2020-12965 “Transient Execution of Non-Canonical Accesses“ Now, the kernel surrounds the a... • https://git.kernel.org/stable/c/6014bc27561f2cc63e0acc18adbc4ed810834e32 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50101 – iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices
https://notcve.org/view.php?id=CVE-2024-50101
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices. This could lead to kernel hangs or other unexpected behavior. Add a check to only call pci_for_each_dma_alias() for PCI devices. For non-PCI devices, domain_context_clear_one() is called directly. En el kernel de Linux, se ha resuelto... • https://git.kernel.org/stable/c/9807860f6ad446459d0446550cf4a2dc23bbee6c •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-50100 – USB: gadget: dummy-hcd: Fix "task hung" problem
https://notcve.org/view.php?id=CVE-2024-50100
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out that the problems are caused by a subtle difference between the timer_pending() and hrtimer_active() APIs. The changeover blindly replaced the first by the second. However, timer_pending() returns True when the timer is queued but not ... • https://git.kernel.org/stable/c/a7f3813e589fd8e2834720829a47b5eb914a9afe •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-50099 – arm64: probes: Remove broken LDR (literal) uprobe support
https://notcve.org/view.php?id=CVE-2024-50099
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes. Both functions were originally written for use with kprobes, and access memory with plain C accesses. When uprobes was added, these were reused unmodified even though they cannot safely access user memory. There are three key problems: 1) The plain C accesses do not have corresponding ext... • https://git.kernel.org/stable/c/9842ceae9fa8deae141533d52a6ead7666962c09 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50098 – scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down
https://notcve.org/view.php?id=CVE-2024-50098
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS shutdown, and at that time the audio driver was waiting on blk_mq_submit_bio() holding a mutex_lock while reading the fw binary. After that, a deadlock issue occurred while audio driver shutdown was waiting for mutex_unlock of blk_mq_submit_bio(). To ... • https://git.kernel.org/stable/c/b294ff3e34490f36233230e9ca70503d3924a6f3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50097 – net: fec: don't save PTP state if PTP is unsupported
https://notcve.org/view.php?id=CVE-2024-50097
05 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fec: don't save PTP state if PTP is unsupported Some platforms (such as i.MX25 and i.MX27) do not support PTP, so on these platforms fec_ptp_init() is not called and the related members in fep are not initialized. However, fec_ptp_save_state() is called unconditionally, which causes the kernel to panic. Therefore, add a condition so that fec_ptp_save_state() is not called if PTP is not supported. En el kernel de Linux, se ha resuelto l... • https://git.kernel.org/stable/c/dc5fb264168c3aa8842b2db547c2b5c7df346454 •