CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47737 – nfsd: call cache_put if xdr_reserve_space returns NULL
https://notcve.org/view.php?id=CVE-2024-47737
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL If not enough buffer space available, but idmap_lookup has triggered lookup_fn which calls cache_get and returns successfully. Then we missed to call cache_put here which pairs with cache_get. Reviwed-by: Jeff Layton
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47736 – erofs: handle overlapped pclusters out of crafted images properly
https://notcve.org/view.php?id=CVE-2024-47736
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: handle overlapped pclusters out of crafted images properly syzbot reported a task hang issue due to a deadlock case where it is waiting for the folio lock of a cached folio that will be used for cache I/Os. After looking into the crafted fuzzed image, I found it's formed with several overlapped big pclusters as below: Ext: logical offset | length : physical offset | length 0: 0.. 16384 | 16384 : 151552.. 167936 | 16384 1: 16384.. 327... • https://git.kernel.org/stable/c/8e6c8fa9f2e95c88a642521a5da19a8e31748846 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47735 – RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
https://notcve.org/view.php?id=CVE-2024-47735
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold. This was discovered through the lock debugging, and the corresponding log is as follows: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Call trace: warn_bogus_irq_restore... • https://git.kernel.org/stable/c/9a4435375cd151e07c0c38fa601b00115986091b •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47734 – bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
https://notcve.org/view.php?id=CVE-2024-47734
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() syzbot reported a WARNING in bond_xdp_get_xmit_slave. To reproduce this[1], one bond device (bond1) has xdpdrv, which increases bpf_master_redirect_enabled_key. Another bond device (bond0) which is unsupported by XDP but its slave (veth3) has xdpgeneric that returns XDP_TX. This triggers WARN_ON_ONCE() from the xdp_master_redirect(). To reduce unnecessary warnings and... • https://git.kernel.org/stable/c/9e2ee5c7e7c35d195e2aa0692a7241d47a433d1e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47731 – drivers/perf: Fix ali_drw_pmu driver interrupt status clearing
https://notcve.org/view.php?id=CVE-2024-47731
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing The alibaba_uncore_pmu driver forgot to clear all interrupt status in the interrupt processing function. After the PMU counter overflow interrupt occurred, an interrupt storm occurred, causing the system to hang. Therefore, clear the correct interrupt status in the interrupt handling function to fix it. In the Linux kernel, the following vulnerability has been resolved: drivers/... • https://git.kernel.org/stable/c/cf7b61073e4526caa247616f6fbb174cbd2a5366 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47730 – crypto: hisilicon/qm - inject error before stopping queue
https://notcve.org/view.php?id=CVE-2024-47730
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - inject error before stopping queue The master ooo cannot be completely closed when the accelerator core reports memory error. Therefore, the driver needs to inject the qm error to close the master ooo. Currently, the qm error is injected after stopping queue, memory may be released immediately after stopping queue, causing the device to access the released memory. Therefore, error is injected to close master ooo befor... • https://git.kernel.org/stable/c/6c6dd5802c2d6769fa589c0e8de54299def199a7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47728 – bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error
https://notcve.org/view.php?id=CVE-2024-47728
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error For all non-tracing helpers which formerly had ARG_PTR_TO_{LONG,INT} as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, it is not needed given CAP_PERFMON can already read all kernel memory anyway hence bpf_get_func_arg() and bpf_get_func_ret() is skipped in here. Also, the MTU helpers mtu_len pointer value is being written ... • https://git.kernel.org/stable/c/d7a4cb9b6705a89937d12c8158a35a3145dc967a •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47727 – x86/tdx: Fix "in-kernel MMIO" check
https://notcve.org/view.php?id=CVE-2024-47727
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #... • https://git.kernel.org/stable/c/31d58c4e557d46fa7f8557714250fb6f89c941ae •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47726 – f2fs: fix to wait dio completion
https://notcve.org/view.php?id=CVE-2024-47726
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may ... • https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47723 – jfs: fix out-of-bounds in dbNextAG() and diAlloc()
https://notcve.org/view.php?id=CVE-2024-47723
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount(). And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented. Additionally, a check for the cas... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •