CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42297 – f2fs: fix to don't dirty inode for readonly filesystem
https://notcve.org/view.php?id=CVE-2024-42297
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't dirty inode for readonly filesystem syzbot reports f2fs bug as below: kernel BUG at fs/f2fs/inode.c:933! RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 Call Trace: evict+0x2a4/0x620 fs/inode.c:664 dispose_list fs/inode.c:697 [inline] evict_inodes+0x5f8/0x690 fs/inode.c:747 generic_shutdown_super+0x9d/0x2c0 fs/super.c:675 kill_block_super+0x44/0x90 fs/super.c:1667 kill_f2fs_super+0x303/0x3b0 fs/f2fs/super.c:4... • https://git.kernel.org/stable/c/2d2916516577f2239b3377d9e8d12da5e6ccdfcf •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42296 – f2fs: fix return value of f2fs_convert_inline_inode()
https://notcve.org/view.php?id=CVE-2024-42296
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix return value of f2fs_convert_inline_inode() If device is readonly, make f2fs_convert_inline_inode() return EROFS instead of zero, otherwise it may trigger panic during writeback of inline inode's dirty page as below: f2fs_write_single_data_page+0xbb6/0x1e90 fs/f2fs/data.c:2888 f2fs_write_cache_pages fs/f2fs/data.c:3187 [inline] __f2fs_write_data_pages fs/f2fs/data.c:3342 [inline] f2fs_write_data_pages+0x1efe/0x3a90 fs/f2fs/data.c:... • https://git.kernel.org/stable/c/70f5ef5f33c333cfb286116fa3af74ac9bc84f1b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42295 – nilfs2: handle inconsistent state in nilfs_btnode_create_block()
https://notcve.org/view.php?id=CVE-2024-42295
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to treat this inconsistency as a bug; it can occur if the argument block address (the buffer index of the newly created block) is a virtual block number and has been reallocated due to corruption of the bitmap used to manage its allocati... • https://git.kernel.org/stable/c/a60be987d45dd510aeb54389526f9957cfab106c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42289 – scsi: qla2xxx: During vport delete send async logout explicitly
https://notcve.org/view.php?id=CVE-2024-42289
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale I/O entries, eh_abort was issued and aborted (fast_fail_io = 2009h) but I/Os could not complete while vport delete is in process of deleting. BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access i... • https://git.kernel.org/stable/c/086489256696eb774654a5410e86381c346356fe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-42288 – scsi: qla2xxx: Fix for possible memory corruption
https://notcve.org/view.php?id=CVE-2024-42288
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to cause a denial of service or possib... • https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42286 – scsi: qla2xxx: validate nvme_local_port correctly
https://notcve.org/view.php?id=CVE-2024-42286
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 00000000000000... • https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42285 – RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
https://notcve.org/view.php?id=CVE-2024-42285
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct r... • https://git.kernel.org/stable/c/59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42284 – tipc: Return non-zero value from tipc_udp_addr2str() on error
https://notcve.org/view.php?id=CVE-2024-42284
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return ... • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 • CWE-393: Return of Wrong Status Code •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42280 – mISDN: Fix a use after free in hfcmulti_tx()
https://notcve.org/view.php?id=CVE-2024-42280
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mISDN: Fix a use after free in hfcmulti_tx() Don't dereference *sp after calling dev_kfree_skb(*sp). It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Berts... • https://git.kernel.org/stable/c/af69fb3a8ffa37e986db00ed93099dc44babeef4 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42271 – net/iucv: fix use after free in iucv_sock_close()
https://notcve.org/view.php?id=CVE-2024-42271
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path (or it is already removed / never existed). This needs to be done with atomic compare and swap, otherwise there is a small window where iucv_sock_close() will try to work with a path that has already been severed and freed by iucv_cal... • https://git.kernel.org/stable/c/7d316b9453523498246e9e19a659c423d4c5081e • CWE-416: Use After Free •