CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40981 – batman-adv: bypass empty buckets in batadv_purge_orig_ref()
https://notcve.org/view.php?id=CVE-2024-40981
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: bypass empty buckets in batadv_purge_orig_ref() Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40978 – scsi: qedi: Fix crash while reading debugfs attribute
https://notcve.org/view.php?id=CVE-2024-40978
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a small local stack buffer for sprintf() and then call simple_read_from_buffer(), which in turns make the copy_to_user() call. BUG: unable to handle page fault for address: 00007f4801111000 PGD 8000000864df6067 P4D 8000000864df6067 PUD 864df... • https://git.kernel.org/stable/c/56bec63a7fc87ad50b3373a87517dc9770eef9e0 • CWE-822: Untrusted Pointer Dereference •
CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-40976 – drm/lima: mask irqs in timeout path before hard reset
https://notcve.org/view.php?id=CVE-2024-40976
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump such as: ... • https://git.kernel.org/stable/c/03e7b2f7ae4c0ae5fb8e4e2454ba4008877f196a •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40974 – powerpc/pseries: Enforce hcall result buffer validity and size
https://notcve.org/view.php?id=CVE-2024-40974
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Enforce hcall result buffer validity and size plpar_hcall(), plpar_hcall9(), and related functions expect callers to provide valid result buffers of certain minimum size. Currently this is communicated only through comments in the code and the compiler has no idea. For example, if I write a bug like this: long retbuf[PLPAR_HCALL_BUFSIZE]; // should be PLPAR_HCALL9_BUFSIZE plpar_hcall9(H_ALLOCATE_VAS_WINDOW, retbuf, ...); Th... • https://git.kernel.org/stable/c/acf2b80c31c37acab040baa3cf5f19fbd5140b18 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40972 – ext4: do not create EA inode under buffer lock
https://notcve.org/view.php?id=CVE-2024-40972
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: do not create EA inode under buffer lock ext4_xattr_set_entry() creates new EA inodes while holding buffer lock on the external xattr block. This is problematic as it nests all the allocation locking (which acquires locks on other buffers) under the buffer lock. This can even deadlock when the filesystem is corrupted and e.g. quota file is setup to contain xattr block as data block. Move the allocation of EA inode out of ext4_xattr_se... • https://git.kernel.org/stable/c/0752e7fb549d90c33b4d4186f11cfd25a556d1dd • CWE-833: Deadlock •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40970 – Avoid hw_desc array overrun in dw-axi-dmac
https://notcve.org/view.php?id=CVE-2024-40970
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: Avoid hw_desc array overrun in dw-axi-dmac I have a use case where nr_buffers = 3 and in which each descriptor is composed by 3 segments, resulting in the DMA channel descs_allocated to be 9. Since axi_desc_put() handles the hw_desc considering the descs_allocated, this scenario would result in a kernel panic (hw_desc array will be overrun). To fix this, the proposal is to add a new member to the axi_dma_desc structure, where we keep the nu... • https://git.kernel.org/stable/c/7c3bb96a20cd8db3b8824b2ff08b6cde4505c7e5 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-40968 – MIPS: Octeon: Add PCIe link status check
https://notcve.org/view.php?id=CVE-2024-40968
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: MIPS: Octeon: Add PCIe link status check The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by "Data bus error". So it is necessary to add PCIe link status check for system protection. When the PCIe link is down or in training, assigning a value of 0 to the configuration addr... • https://git.kernel.org/stable/c/6bff05aaa32c2f7e1f6e68e890876642159db419 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-40967 – serial: imx: Introduce timeout when waiting on transmitter empty
https://notcve.org/view.php?id=CVE-2024-40967
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue. In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for... • https://git.kernel.org/stable/c/7f2b9ab6d0b26f16cd38dd9fd91d51899635f7c7 • CWE-833: Deadlock •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-40966 – tty: add the option to have a tty reject a new ldisc
https://notcve.org/view.php?id=CVE-2024-40966
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: add the option to have a tty reject a new ldisc ... and use it to limit the virtual terminals to just N_TTY. They are kind of special, and in particular, the "con_write()" routine violates the "writes cannot sleep" rule that some ldiscs rely on. This avoids the BUG: sleeping function called from invalid context at kernel/printk/printk.c:2659 when N_GSM has been attached to a virtual console, and gsmld_write() calls con_write() while ho... • https://git.kernel.org/stable/c/3c6332f3bb1578b5b10ac2561247b1d6272ae937 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-40965 – i2c: lpi2c: Avoid calling clk_get_rate during transfer
https://notcve.org/view.php?id=CVE-2024-40965
12 Jul 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the system. When this clock provider adds its clock, the clk mutex is locked already, it needs to access i2c, which in return needs the mutex for clk_get_rate as well. A vulnerability was found in the lpi2c driver i... • https://git.kernel.org/stable/c/d038693e08adf9c162c6377800495e4f5a2df045 • CWE-833: Deadlock •