CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40982 – ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
https://notcve.org/view.php?id=CVE-2024-40982
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attemptin... • https://git.kernel.org/stable/c/c5dc2d8eb3981bae261ea7d1060a80868e886813 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40981 – batman-adv: bypass empty buckets in batadv_purge_orig_ref()
https://notcve.org/view.php?id=CVE-2024-40981
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-40980 – drop_monitor: replace spin_lock by raw_spin_lock
https://notcve.org/view.php?id=CVE-2024-40980
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 449, name: rcuc/47 preempt_count: 1, ex... • https://git.kernel.org/stable/c/594e47957f3fe034645e6885393ce96c12286334 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40978 – scsi: qedi: Fix crash while reading debugfs attribute
https://notcve.org/view.php?id=CVE-2024-40978
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df... • https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0 • CWE-822: Untrusted Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40977 – wifi: mt76: mt7921s: fix potential hung tasks during chip recovery
https://notcve.org/view.php?id=CVE-2024-40977
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. chip reset), there is a possible situation that kernel worker reset_work is holding the lock and waiting for kernel thread stat_worker to be parked, while stat_worker is waiting for the release of the same lock. It causes a deadlock resulting in the dumping of hung tasks messages and possible rebooting of the device. This patch prevents the executi... • https://git.kernel.org/stable/c/0b81faa05b0b9feb3ae2d69be1d21f0d126ecb08 • CWE-833: Deadlock •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40976 – drm/lima: mask irqs in timeout path before hard reset
https://notcve.org/view.php?id=CVE-2024-40976
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump such as: ... • https://git.kernel.org/stable/c/03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40975 – platform/x86: x86-android-tablets: Unregister devices in reverse order
https://notcve.org/view.php?id=CVE-2024-40975
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Unregister devices in reverse order Not all subsystems support a device getting removed while there are still consumers of the device with a reference to the device. One example of this is the regulator subsystem. If a regulator gets unregistered while there are still drivers holding a reference a WARN() at drivers/regulator/core.c:5829 triggers, e.g.: WARNING: CPU: 1 PID: 1587 at drivers/regulator/core.c:... • https://git.kernel.org/stable/c/36ff963c133a25ed1166a25c3ba8b357ea010fda •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40974 – powerpc/pseries: Enforce hcall result buffer validity and size
https://notcve.org/view.php?id=CVE-2024-40974
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through comments in the code and the compiler has no idea. For example, if I write a bug like this: long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...); Th... • https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40973 – media: mtk-vcodec: potential null pointer deference in SCP
https://notcve.org/view.php?id=CVE-2024-40973
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Andy Nguyen di... • https://git.kernel.org/stable/c/f066882293b5ad359e44c4ed24ab1811ffb0b354 •
CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40972 – ext4: do not create EA inode under buffer lock
https://notcve.org/view.php?id=CVE-2024-40972
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (which acquires locks on other buffers) under the buffer lock. This can even deadlock when the filesystem is corrupted and e.g. quota file is setup to contain xattr block as data block. Move the allocation of EA inode out of ext4_xattr_se... • https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd • CWE-833: Deadlock •