CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49850 – bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos
https://notcve.org/view.php?id=CVE-2024-49850
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cause a null pointer deference. Fix this by adding a proper check upper in call stack, as malformed relocation records could be passed from user space. Simplest reproducer is a program: r0 = 0 exit With a single relocation record: .insn_... • https://git.kernel.org/stable/c/74753e1462e77349525daf9eb60ea21ed92d3a97 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47757 – nilfs2: fix potential oob read in nilfs_btree_check_delete()
https://notcve.org/view.php?id=CVE-2024-47757
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential oob read in nilfs_btree_check_delete() The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries. This does not usually happen because b-tree mappings with 0 child nodes are never created by mkfs.nilfs2 or nilfs2 itself. However, it can h... • https://git.kernel.org/stable/c/17c76b0104e4a6513983777e1a17e0297a12b0c4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47756 – PCI: keystone: Fix if-statement expression in ks_pcie_quirk()
https://notcve.org/view.php?id=CVE-2024-47756
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It potentially results in a NULL dereference. Thus, fix the if-statement expression to use the correct condition. [kwilczynski: commit log] In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It p... • https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47754 – media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning
https://notcve.org/view.php?id=CVE-2024-47754
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL. • https://git.kernel.org/stable/c/397edc703a10f670a2692e492a245f6be1fe279a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47753 – media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning
https://notcve.org/view.php?id=CVE-2024-47753
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL. • https://git.kernel.org/stable/c/7a7ae26fd458397d04421756dd19e5b8cf29a08f •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47752 – media: mediatek: vcodec: Fix H264 stateless decoder smatch warning
https://notcve.org/view.php?id=CVE-2024-47752
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_if.c. Which leads to a kernel crash when fb is NULL. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_if.c. Which leads to a kernel crash when fb is NULL. • https://git.kernel.org/stable/c/06fa5f757dc5a5687e1cdd13097c3265735f60bf •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47751 – PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
https://notcve.org/view.php?id=CVE-2024-47751
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared to pcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead to an overflow. Thus, fix condition to pcie->num_slots + 1 >= MAX_PCI_SLOTS and move pcie->num_slots increment below the if-statement to avoid out-of-bounds array access. Found by Linux Verification Center (linuxtesting.org) with SVACE. [kwilczy... • https://git.kernel.org/stable/c/b22dbbb24571c052364f476381dbac110bdca4d5 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47750 – RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08
https://notcve.org/view.php?id=CVE-2024-47750
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Currently rsv_qp is freed before ib_unregister_device() is called on HIP08. During the time interval, users can still dereg MR and rsv_qp will be used in this process, leading to a UAF. Move the release of rsv_qp after calling ib_unregister_device() to fix it. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 Currently rsv_qp is... • https://git.kernel.org/stable/c/70f92521584f1d1e8268311ee84413307b0fdea8 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47749 – RDMA/cxgb4: Added NULL check for lookup_atid
https://notcve.org/view.php?id=CVE-2024-47749
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookup_atid The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the `act_establish()` and `act_open_rpl()` functions. Add a NULL check to prevent null pointer dereferencing. Found by Linux Verification Center (linuxtesting.org) with SVACE. In the Linux kernel, the following vulnerabili... • https://git.kernel.org/stable/c/cfdda9d764362ab77b11a410bb928400e6520d57 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47748 – vhost_vdpa: assign irq bypass producer token correctly
https://notcve.org/view.php?id=CVE-2024-47748
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: assign irq bypass producer token correctly We used to call irq_bypass_unregister_producer() in vhost_vdpa_setup_vq_irq() which is problematic as we don't know if the token pointer is still valid or not. Actually, we use the eventfd_ctx as the token so the life cycle of the token should be bound to the VHOST_SET_VRING_CALL instead of vhost_vdpa_setup_vq_irq() which could be called by set_status(). Fixing this by setting up irq by... • https://git.kernel.org/stable/c/2cf1ba9a4d15cb78b96ea97f727b93382c3f9a60 •