CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49875 – nfsd: map the EBADMSG to nfserr_io to avoid warning
https://notcve.org/view.php?id=CVE-2024-49875
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs, resulting in the following WARNING. Fix it by mapping EBADMSG to nfserr_io. nfsd_buffered_readdir iterate_dir // -EBADMSG -74 ext4_readdir // .iterate_shared ext4_dx_readdir ext4_htree_fill_tree htree_dirblock_to_tree ext4_read_dirblock __ext4_read_dirblock ext4_dirblock_csum_verify warn_no_space_for_csum __warn_no... • https://git.kernel.org/stable/c/0ea4333c679f333e23956de743ad17387819d3f2 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49874 – i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2024-49874
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition In the svc_i3c_master_probe function, &master->hj_work is bound with svc_i3c_master_hj_work, &master->ibi_work is bound with svc_i3c_master_ibi_work. And svc_i3c_master_ibi_work can start the hj_work, svc_i3c_master_irq_handler can start the ibi_work. If we remove the module which will call svc_i3c_master_remove to make cleanup, it will free ma... • https://git.kernel.org/stable/c/0f74f8b6675cc36d689abb4d9b3d75ab4049b7d7 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49871 – Input: adp5589-keys - fix NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-49871
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: adp5589-keys - fix NULL pointer dereference We register a devm action to call adp5589_clear_config() and then pass the i2c client as argument so that we can call i2c_get_clientdata() in order to get our device object. However, i2c_set_clientdata() is only being set at the end of the probe function which means that we'll get a NULL pointer dereference in case the probe function fails early. In the Linux kernel, the following vulnerabi... • https://git.kernel.org/stable/c/30df385e35a48f773b85117fc490152c2395e45b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49870 – cachefiles: fix dentry leak in cachefiles_open_file()
https://notcve.org/view.php?id=CVE-2024-49870
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefiles_open_file() A dentry leak may be caused when a lookup cookie and a cull are concurrent: P1 | P2 ----------------------------------------------------------- cachefiles_lookup_cookie cachefiles_look_up_object lookup_one_positive_unlocked // get dentry cachefiles_cull inode->i_flags |= S_KERNEL_FILE; cachefiles_open_file cachefiles_mark_inode_in_use __cachefiles_mark_inode_in_use can_use = false if (!(... • https://git.kernel.org/stable/c/1f08c925e7a38002bde509e66f6f891468848511 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-49868 – btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
https://notcve.org/view.php?id=CVE-2024-49868
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion [BUG] Syzbot reported a NULL pointer dereference with the following crash: FAULT_INJECTION: forcing a failure. start_transaction+0x830/0x1670 fs/btrfs/transaction.c:676 prepare_to_relocate+0x31f/0x4c0 fs/btrfs/relocation.c:3642 relocate_block_group+0x169/0xd20 fs/btrfs/relocation.c:3678 ... BTRFS info (device loop0): balance: ended with status: -12 Oops: general pr... • https://git.kernel.org/stable/c/1282f001cbf56e5dd6e90a18e205a566793f4be0 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49867 – btrfs: wait for fixup workers before stopping cleaner kthread during umount
https://notcve.org/view.php?id=CVE-2024-49867
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the kthread, it basically halts its execution (wake ups against it work but do nothing); 2) We stop the cleaner kthread - this results in freeing the respective struct task_struct; 3) We call btrfs_stop_all_workers() which waits for any job... • https://git.kernel.org/stable/c/cd686dfff63f27d712877aef5b962fbf6b8bc264 •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49866 – tracing/timerlat: Fix a race during cpuhp processing
https://notcve.org/view.php?id=CVE-2024-49866
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Fix a race during cpuhp processing There is another found exception that the "timerlat/1" thread was scheduled on CPU0, and lead to timer corruption finally: ``` ODEBUG: init active (active state 0) object: ffff888237c2e108 object type: hrtimer hint: timerlat_irq+0x0/0x220 WARNING: CPU: 0 PID: 426 at lib/debugobjects.c:518 debug_print_object+0x7d/0xb0 Modules linked in: CPU: 0 UID: 0 PID: 426 Comm: timerlat/1 Not tainted 6... • https://git.kernel.org/stable/c/c8895e271f7994a3ecb13b8a280e39aa53879545 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49864 – rxrpc: Fix a race between socket set up and I/O thread creation
https://notcve.org/view.php?id=CVE-2024-49864
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in which a packet may come into rxrpc_encap_rcv() from the UDP packet but we oops when trying to wake the not-yet created I/O thread. As a quick fix, just make rxrpc_encap_rcv() discard the packet if there's no I/... • https://git.kernel.org/stable/c/a275da62e8c111b897b9cb73eb91df2f4e475ca5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-49863 – vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
https://notcve.org/view.php?id=CVE-2024-49863
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug can be triggered when guest sends an SCSI AN request. In vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with `&v_req.tmf.lun[1]` within a switch-case block and is then passed to vhost_scsi_get_req() which extracts `vc->req` and `tpg`. However, for a `VI... • https://git.kernel.org/stable/c/3f8ca2e115e55af4c15d97dda635e948d2e380be •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49862 – powercap: intel_rapl: Fix off by one in get_rpi()
https://notcve.org/view.php?id=CVE-2024-49862
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi() The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the > needs to be >= to prevent an off by one access. In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: Fix off by one in get_rpi() The rp->priv->rpi array is either rpi_msr or rpi_tpmi which have NR_RAPL_PRIMITIVES number of elements. Thus the ... • https://git.kernel.org/stable/c/98ff639a7289067247b3ef9dd5d1e922361e7365 •