CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47667 – PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
https://notcve.org/view.php?id=CVE-2024-47667
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an inbound PCIe TLP spans more than two internal AXI 128-byte bursts, the bus may corrupt the packet payload and the corrupt data may cause associated applications or the processor to hang. The workaround for Errata #i2037 is to limit the maximum read reque... • https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47666 – scsi: pm80xx: Set phy->enable_completion only when we wait for it
https://notcve.org/view.php?id=CVE-2024-47666
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_phy_control() function returns and the passed enable_completion stack address is no longer valid. Late phy control response invokes complete() o... • https://git.kernel.org/stable/c/7b1d779647afaea9185fa2f150b1721e7c1aae89 •
CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47662 – drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
https://notcve.org/view.php?id=CVE-2024-47662
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers should not be read from driver and triggering the security violation when DMCUB work times out and diagnostics are collected blocks Z8 entry. [How] Remove the register read from DCN35. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection [Why] These registers sho... • https://git.kernel.org/stable/c/eba4b2a38ccdf074a053834509545703d6df1d57 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47661 – drm/amd/display: Avoid overflow from uint32_t to uint8_t
https://notcve.org/view.php?id=CVE-2024-47661
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uint8_t and it is assigned 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF. This fixes 2 INTEGER_OVERFLOW issues reported by Coverity. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid overflow from uint32_t to uint8_t [WHAT & HOW] dmub_rb_cmd's ramping_boundary has size of uin... • https://git.kernel.org/stable/c/30d1b783b6eeaf49d311a072c70d618d993d01ec •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47660 – fsnotify: clear PARENT_WATCHED flags lazily
https://notcve.org/view.php?id=CVE-2024-47660
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races... • https://git.kernel.org/stable/c/3f3ef1d9f66b93913ce2171120d9226b55acd41d • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47659 – smack: tcp: ipv4, fix incorrect labeling
https://notcve.org/view.php?id=CVE-2024-47659
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: smack: tcp: ipv4, fix incorrect labeling Currently, Smack mirrors the label of incoming tcp/ipv4 connections: when a label 'foo' connects to a label 'bar' with tcp/ipv4, 'foo' always gets 'foo' in returned ipv4 packets. So, 1) returned packets are incorrectly labeled ('foo' instead of 'bar') 2) 'bar' can write to 'foo' without being authorized to write. Here is a scenario how to see this: * Take two machines, let's call them C and S, with a... • https://git.kernel.org/stable/c/d3f56c653c65f170b172d3c23120bc64ada645d8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47658 – crypto: stm32/cryp - call finalize with bh disabled
https://notcve.org/view.php?id=CVE-2024-47658
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact that BH must be disabled during this process. In the Linux kernel, the following vulnerability has been resolved: crypto: stm32/cryp - call finalize with bh disabled The finalize operation in interrupt mode produce a produces a spinlock recursion warning. The reason is the fact ... • https://git.kernel.org/stable/c/d93a2f86b0a998aa1f0870c85a2a60a0771ef89a •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46871 – drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX
https://notcve.org/view.php?id=CVE-2024-46871
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX [Why & How] It actually exposes '6' types in enum dmub_notification_type. Not 5. Using smaller number to create array dmub_callback & dmub_thread_offload has potential to access item out of array bound. Fix it. A flaw was found in the AMD Radeon graphics card driver in the Linux kernel. • https://git.kernel.org/stable/c/e1896f381d27466c26cb44b4450eae05cd59dfd0 • CWE-129: Improper Validation of Array Index •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46870 – drm/amd/display: Disable DMCUB timeout for DCN35
https://notcve.org/view.php?id=CVE-2024-46870
09 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable DMCUB timeout for DCN35 [Why] DMCUB can intermittently take longer than expected to process commands. Old ASIC policy was to continue while logging a diagnostic error - which works fine for ASIC without IPS, but with IPS this could lead to a race condition where we attempt to access DCN state while it's inaccessible, leading to a system hang when the NIU port is not disabled or register accesses that timeout and the... • https://git.kernel.org/stable/c/31c254c9cd4b122a10db297124f867107a696d83 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46844 – um: line: always fill *error_out in setup_one_line()
https://notcve.org/view.php?id=CVE-2024-46844
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line(). In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in al... • https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5 •