CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38538 – net: bridge: xmit: make sure we have at least eth header len bytes
https://notcve.org/view.php?id=CVE-2024-38538
19 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN bytes) skb. To fix it check if we can actually pull that amount instead of assuming. Tested with dropwatch: drop at: br_dev_xmit+0xb93/0x12d0 [bridge] (0xffffffffc06739b3) origin: software timestamp: Mon May 13 11:31:53 2024 778214037 nsec protocol: 0x88a8 length: 2 ... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36969 – drm/amd/display: Fix division by zero in setup_dsc_config
https://notcve.org/view.php?id=CVE-2024-36969
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a state that requires a reboot. This patch adds a check to avoid the division by zero. The stack trace below is for the 6.8.4 Kernel. I reproduced the issue on a Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display moni... • https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445 • CWE-369: Divide By Zero •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36968 – Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
https://notcve.org/view.php?id=CVE-2024-36968
08 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() l2cap_le_flowctl_init() can cause both div-by-zero and an integer overflow since hdev->le_mtu may not fall in the valid range. Move MTU from hci_dev to hci_conn to validate MTU and stop the connection process earlier if MTU is invalid. Also, add a missing validation in read_buffer_size() and make it return an error value if the validation fails. Now hci_conn_add() returns ERR_PTR(... • https://git.kernel.org/stable/c/6ed58ec520ad2b2fe3f955c8a5fd0eecafccebdf • CWE-190: Integer Overflow or Wraparound CWE-369: Divide By Zero •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36964 – fs/9p: only translate RWX permissions for plain 9P2000
https://notcve.org/view.php?id=CVE-2024-36964
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent since the unix extended bits are handled explicitly and conditionally on .u. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/9p: solo traduce permisos RWX para 9P2000 simple. Se permite el paso de basura en bits p... • https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36960 – drm/vmwgfx: Fix invalid reads in fence signaled events
https://notcve.org/view.php?id=CVE-2024-36960
03 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix invalid reads in fence signaled events Correctly set the length of the drm_event to the size of the structure that's actually used. The length of the drm_event was set to the parent structure instead of to the drm_vmw_event_fence which is supposed to be read. drm_read uses the length parameter to copy the event to the user space thus resuling in oob reads. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dr... • https://git.kernel.org/stable/c/8b7de6aa84682a3396544fd88cd457f95484573a • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36952 – scsi: lpfc: Move NPIV's transport unregistration to after resource clean up
https://notcve.org/view.php?id=CVE-2024-36952
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered before the Remove All DA_ID CT and LOGO ELS are sent to the fabric. Currently fc_remove_host(), which calls dev_loss_tmo for all D_IDs including the fabric D_ID, removes the last ndlp reference and frees the ndlp rpo... • https://git.kernel.org/stable/c/f2c7f029051edc4b394bb48edbe2297575abefe0 • CWE-459: Incomplete Cleanup •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36951 – drm/amdkfd: range check cp bad op exception interrupts
https://notcve.org/view.php?id=CVE-2024-36951
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: range check cp bad op exception interrupts Due to a CP interrupt bug, bad packet garbage exception codes are raised. Do a range check so that the debugger and runtime do not receive garbage codes. Update the user api to guard exception code type checking as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdkfd: interrupciones de excepción de operación incorrecta de cp de verificación de rango debido... • https://git.kernel.org/stable/c/41dc6791596656dd41100b85647ed489e1d5c2f2 •
CVSS: 4.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36950 – firewire: ohci: mask bus reset interrupts between ISR and bottom half
https://notcve.org/view.php?id=CVE-2024-36950
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked. We infer the bus reset from the self-ID interrupt that happens shortly thereafter. A scenario where we unmask bus reset interrupts was introduced in 2008... • https://git.kernel.org/stable/c/b3948c69d60279fce5b2eeda92a07d66296c8130 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36949 – amd/amdkfd: sync all devices to wait all processes being evicted
https://notcve.org/view.php?id=CVE-2024-36949
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault. En el kernel de Linux, se resolv... • https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36946 – phonet: fix rtm_phonet_notify() skb allocation
https://notcve.org/view.php?id=CVE-2024-36946
30 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phonet: corrige la asignación de skb de rtm_phonet_notify() fill_route() almacena tres componentes en el skb: - struct ... • https://git.kernel.org/stable/c/f062f41d06575744b9eaf725eef8a5d3b5f5b7ca •