CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47726 – f2fs: fix to wait dio completion
https://notcve.org/view.php?id=CVE-2024-47726
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may ... • https://git.kernel.org/stable/c/c2a7fc514637f640ff55c3f3e3ed879970814a3f •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47723 – jfs: fix out-of-bounds in dbNextAG() and diAlloc()
https://notcve.org/view.php?id=CVE-2024-47723
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount(). And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented. Additionally, a check for the cas... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2023-52917 – ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
https://notcve.org/view.php?id=CVE-2023-52917
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. • https://git.kernel.org/stable/c/e26a5843f7f5014ae4460030ca4de029a3ac35d3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47720 – drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func
https://notcve.org/view.php?id=CVE-2024-47720
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn30_set_output_transfer_func function. Previously, set_output_gamma was being checked for nullity at line 386, but then it was being dereferenced without any nullity check at line 401. This could potentially lead to a null pointer dereference error if set_output_gamma is inde... • https://git.kernel.org/stable/c/d99f13878d6f9c286b13860d8bf0b4db9ffb189a •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47719 – iommufd: Protect against overflow of ALIGN() during iova allocation
https://notcve.org/view.php?id=CVE-2024-47719
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: iommufd: Protect against overflow of ALIGN() during iova allocation Userspace can supply an iova and uptr such that the target iova alignment becomes really big and ALIGN() overflows which corrupts the selected area range during allocation. CONFIG_IOMMUFD_TEST can detect this: WARNING: CPU: 1 PID: 5092 at drivers/iommu/iommufd/io_pagetable.c:268 iopt_alloc_area_pages drivers/iommu/iommufd/io_pagetable.c:268 [inline] WARNING: CPU: 1 PID: 509... • https://git.kernel.org/stable/c/51fe6141f0f64ae0bbc096a41a07572273e8c0ef •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-47718 – wifi: rtw88: always wait for both firmware loading attempts
https://notcve.org/view.php?id=CVE-2024-47718
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: always wait for both firmware loading attempts In 'rtw_wait_firmware_completion()', always wait for both (regular and wowlan) firmware loading attempts. Otherwise if 'rtw_usb_intf_init()' has failed in 'rtw_usb_probe()', 'rtw_usb_disconnect()' may issue 'ieee80211_free_hw()' when one of 'rtw_load_firmware_cb()' (usually the wowlan one) is still in progress, causing UAF detected by KASAN. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/c8e5695eae9959fc5774c0f490f2450be8bad3de •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47716 – ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros
https://notcve.org/view.php?id=CVE-2024-47716
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ARM: 9410/1: vfp: Use asm volatile in fmrx/fmxr macros Floating point instructions in userspace can crash some arm kernels built with clang/LLD 17.0.6: BUG: unsupported FP instruction in kernel mode FPEXC == 0xc0000780 Internal error: Oops - undefined instruction: 0 [#1] ARM CPU: 0 PID: 196 Comm: vfp-reproducer Not tainted 6.10.0 #1 Hardware name: BCM2835 PC is at vfp_support_entry+0xc8/0x2cc LR is at do_undefinstr+0xa8/0x250 pc : [
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47714 – wifi: mt76: mt7996: use hweight16 to get correct tx antenna
https://notcve.org/view.php?id=CVE-2024-47714
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so using hweight8 cannot get correct tx_ant. Without this patch, the tx_ant of band 2 would be -1 and lead to the following issue: BUG: KASAN: stack-out-of-bounds in mt7996_mcu_add_sta+0x12e0/0x16e0 [mt7996e] In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: use hweight16 to get correct tx antenna The chainmask is u16 so us... • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47713 – wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
https://notcve.org/view.php?id=CVE-2024-47713
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() ieee80211_report_ack_skb() cfg80211_mgmt_tx_status_ext() nl80211_frame_tx_status() genlmsg_multicast_netns() genlmsg_multicast_netns_filtered() n... • https://git.kernel.org/stable/c/5061b0c2b9066de426fbc63f1278d2210e789412 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-47712 – wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
https://notcve.org/view.php?id=CVE-2024-47712
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param In the `wilc_parse_join_bss_param` function, the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. According to RCU usage rules, this is illegal. Reusing this pointer can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. This possible bug was identi... • https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 •