CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38599 – jffs2: prevent xattr node from overflowing the eraseblock
https://notcve.org/view.php?id=CVE-2024-38599
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't split into parts and spread across multiple eraseblocks, which means that a xattr node must not occupy more than one eraseblock. If the requested xattr value is too large, the xattr node can spill onto the next eraseb... • https://git.kernel.org/stable/c/aa98d7cf59b5b0764d3502662053489585faf2fe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38597 – eth: sungem: remove .ndo_poll_controller to avoid deadlocks
https://notcve.org/view.php?id=CVE-2024-38597
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: eth: sungem: remove .ndo_poll_controller to avoid deadlocks Erhard reports netpoll warnings from sungem: netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398) WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() disables interrupts, which may sleep. We can't sleep in netpoll, it has interrupts disabled completely. Strangely, gem_poll_controller() doesn't even pol... • https://git.kernel.org/stable/c/fe09bb619096a0aa139210748ddc668c2dbe2308 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38596 – af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
https://notcve.org/view.php?id=CVE-2024-38596
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONCE. However, on the reader side, unix_stream_sendmsg() does not read it atomically. Consequently, this issue is causing the following KCSAN splat to occur: BUG: KCSAN: data-race in unix_release_sock / unix_stream_send... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38589 – netrom: fix possible dead-lock in nr_rt_ioctl()
https://notcve.org/view.php?id=CVE-2024-38589
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: possible circular locking dependency detected 6.9.0-rc7-syzkaller-02147-g654de42f3fc6 #0 Not tainted ------------------------------------------------------ syz-executor350/5129 is trying to acquire lock: ffff8880186e2070 (&nr_node->node_l... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38588 – ftrace: Fix possible use-after-free issue in ftrace_location()
https://notcve.org/view.php?id=CVE-2024-38588
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38583 – nilfs2: fix use-after-free of timer for log writer thread
https://notcve.org/view.php?id=CVE-2024-38583
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and potential deadlock issue on unmount, and a potential freeze issue in event synchronization found during their analysis. Details are described in each commit log. This patch (of 3): A use-after-free issue has been reported ... • https://git.kernel.org/stable/c/fdce895ea5dd4e24edf1f4d693827349a4e5b3b4 •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38582 – nilfs2: fix potential hang in nilfs_detach_log_writer()
https://notcve.org/view.php?id=CVE-2024-38582
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which synchronizes with the log writer thread, can be called after nilfs_segctor_destroy() terminates that thread, as shown in the call trace below: nilfs_detach_log_writer nilfs_segctor_destroy nilfs_segctor_kill_thread --> Shut d... • https://git.kernel.org/stable/c/911d38be151921a5d152bb55e81fd752384c6830 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38581 – drm/amdgpu/mes: fix use-after-free issue
https://notcve.org/view.php?id=CVE-2024-38581
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu/mes: soluciona el problema de use-after-free. Elimina el temporizador de reserva de valla para solucionar el problema de use-after-free. v2: pasar a amdgpu_mes.c A flaw was found in the Linux kernel. This issue is due to a possible use... • https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38580 – epoll: be better about file lifetimes
https://notcve.org/view.php?id=CVE-2024-38580
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless. Make sure we have a vali... • https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38578 – ecryptfs: Fix buffer size for tag 66 packet
https://notcve.org/view.php?id=CVE-2024-38578
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer. This fixes the below ka... • https://git.kernel.org/stable/c/dddfa461fc8951f9b5f951c13565b6cac678635a •