CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48949 – igb: Initialize mailbox message for VF reset
https://notcve.org/view.php?id=CVE-2022-48949
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that information may be leaked to the VM. Initialize the message buffer to 0 so that no information is passed to the VM in this case. In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF ... • https://git.kernel.org/stable/c/6ddbc4cf1f4d5a3a58b4223c80881f299dae3774 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48948 – usb: gadget: uvc: Prevent buffer overflow in setup handler
https://notcve.org/view.php?id=CVE-2022-48948
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer overflow in setup handler Setup function uvc_function_setup permits control transfer requests with up to 64 bytes of payload (UVC_MAX_REQUEST_SIZE), data stage handler for OUT transfer uses memcpy to copy req->actual bytes to uvc_event->data.data array of size 60. This may result in an overflow of 4 bytes. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Prevent buffer ov... • https://git.kernel.org/stable/c/cdda479f15cd13fa50a913ca85129c0437cc7b91 •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48947 – Bluetooth: L2CAP: Fix u8 overflow
https://notcve.org/view.php?id=CVE-2022-48947
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this by adding a boundary check with L2CAP_MAX_CONF_RSP Btmon log: Bluetooth monitor ver 5.64 = Note: Linux version 6.1.0-rc2 (x86_64) 0.264594 = Note: Bluetooth subsystem version 2.22 0.264636 @ MGMT Open: btmon (privileged) version 1.22 ... • https://git.kernel.org/stable/c/49d5867819ab7c744852b45509e8469839c07e0e • CWE-190: Integer Overflow or Wraparound •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48946 – udf: Fix preallocation discarding at indirect extent boundary
https://notcve.org/view.php?id=CVE-2022-48946
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree header instead. Fix the problem and use udf_delete_aext() for deleting extent to avoid some code duplication. In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one ... • https://git.kernel.org/stable/c/c8b6fa4511a7900db9fb0353b630d4d2ed1ba99c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50065 – ntfs3: Change to non-blocking allocation in ntfs_d_hash
https://notcve.org/view.php?id=CVE-2024-50065
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_name() allocates using GFP_KERNEL, having the possibility to sleep when under memory pressure. Change the allocation to GFP_NOWAIT. In the Linux kernel, the following vulnerability has been resolved: ntfs3: Change to non-blocking allocation in ntfs_d_hash d_hash is done while under "rcu-walk" and should not sleep. __get_... • https://git.kernel.org/stable/c/58ebd50d22529f79d2497abbb006137a7c7f5336 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50064 – zram: free secondary algorithms names
https://notcve.org/view.php?id=CVE-2024-50064
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree() secondary algorithms names when reset zram device that had multi-streams, otherwise we leak memory. [senozhatsky@chromium.org: kfree(NULL) is legal] Link: https://lkml.kernel.org/r/20240917013021.868769-1-senozhatsky@chromium.org In the Linux kernel, the following vulnerability has been resolved: zram: free secondary algorithms names We need to kfree() secondary algorithms names when ... • https://git.kernel.org/stable/c/001d9273570115b2eb360d5452bbc46f6cc063a1 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50063 – bpf: Prevent tail call between progs attached to different hooks
https://notcve.org/view.php?id=CVE-2024-50063
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tail call between progs attached to different hooks bpf progs can be attached to kernel functions, and the attached functions can take different parameters or return different return values. If prog attached to one kernel function tail calls prog attached to another kernel function, the ctx access or return value verification could be bypassed. For example, if prog1 is attached to func1 which takes only 1 parameter and prog2 is... • https://git.kernel.org/stable/c/f1b9509c2fb0ef4db8d22dac9aef8e856a5d81f6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50062 – RDMA/rtrs-srv: Avoid null pointer deref during path establishment
https://notcve.org/view.php?id=CVE-2024-50062
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-srv: Avoid null pointer deref during path establishment For RTRS path establishment, RTRS client initiates and completes con_num of connections. After establishing all its connections, the information is exchanged between the client and server through the info_req message. During this exchange, it is essential that all connections have been established, and the state of the RTRS srv path is CONNECTED. So add these sanity checks, t... • https://git.kernel.org/stable/c/394b2f4d5e014820455af3eb5859eb328eaafcfd •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-50061 – i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
https://notcve.org/view.php?id=CVE-2024-50061
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition In the cdns_i3c_master_probe function, &master->hj_work is bound with cdns_i3c_master_hj. And cdns_i3c_master_interrupt can call cnds_i3c_master_demux_ibis function to start the work. If we remove the module which will call cdns_i3c_master_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned... • https://git.kernel.org/stable/c/ea0256e393e0072e8c80fd941547807f0c28108b •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-50060 – io_uring: check if we need to reschedule during overflow flush
https://notcve.org/view.php?id=CVE-2024-50060
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously prevents syzbot from running a test case that generates a ton of overflow entries, and then flushing them can take quite a while. Check for needing to reschedule while flushing, and drop our locks and do so if neces... • https://git.kernel.org/stable/c/a2493904e95ce94bbec819d8f7f03b99976eb25c •