CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45018 – netfilter: flowtable: initialise extack before use
https://notcve.org/view.php?id=CVE-2024-45018
11 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin B... • https://git.kernel.org/stable/c/c29f74e0df7a02b8303bcdce93a7c0132d62577a • CWE-457: Use of Uninitialized Variable •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2024-45016 – netem: fix return value if duplicate enqueue fails
https://notcve.org/view.php?id=CVE-2024-45016
11 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. This commit made netem_enqueue() always return NET_XMIT_SUCCESS when a packet is duplicated, which can cause the parent qdisc's q.qlen to be mistakenly incremented. When this happens qlen_notify() may be skipped on the parent during d... • https://git.kernel.org/stable/c/5845f706388a4cde0f6b80f9e5d33527e942b7d9 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-45015 – drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()
https://notcve.org/view.php?id=CVE-2024-45015
11 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by an atomic_disable() but without an atomic_mode_set(). This results in a NULL ptr access for the dpu_encoder_get_drm_fmt() call in the atomic_enable() as the dpu_encoder's connector was cleared in the atomic_disable() but not re-assig... • https://git.kernel.org/stable/c/25fdd5933e4c0f5fe2ea5cd59994f8ac5fbe90ef •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45009 – mptcp: pm: only decrement add_addr_accepted for MPJ req
https://notcve.org/view.php?id=CVE-2024-45009
11 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the "remove single subflow" subtest from the mptcp_join.sh selftest. Removing a 'subflow' endpoint will first trigger a RM_ADDR, then the subflow closure. Before this patch, and upon the reception of the RM_ADDR, the other... • https://git.kernel.org/stable/c/d0876b2284cf8b34dd214b2d0aa21071c345da59 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-52916 – media: aspeed: Fix memory overwrite if timing is 1600x900
https://notcve.org/view.php?id=CVE-2023-52916
06 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: media: aspeed: Fix memory overwrite if timing is 1600x900 When capturing 1600x900, system could crash when system memory usage is tight. The way to reproduce this issue: 1. Use 1600x900 to display on host 2. Mount ISO through 'Virtual media' on OpenBMC's web 3. Run script as below on host to do sha continuously #! • https://git.kernel.org/stable/c/d2b4387f3bdf016e266d23cf657465f557721488 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52915 – media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
https://notcve.org/view.php?id=CVE-2023-52915
06 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing msg[i].buf[0] without sanity check, null ptr deref would happen. We add check on msg[i].len to prevent crash. Similar commit: commit 0ed554fd769a ("media: dvb-... • https://git.kernel.org/stable/c/b2f54ed7739dfdf42c4df0a11131aad7c8635464 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45008 – Input: MT - limit max slots
https://notcve.org/view.php?id=CVE-2024-45008
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI... • https://git.kernel.org/stable/c/2829c80614890624456337e47320289112785f3e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-45007 – char: xillybus: Don't destroy workqueue from work item running on it
https://notcve.org/view.php?id=CVE-2024-45007
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending work item. Other work items continue to be queued on per-device workqueues to ensure performance. In the Linux kernel, the following vulnerability ... • https://git.kernel.org/stable/c/409b495f8e3300d5fba08bc817fa8825dae48cc9 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-45006 – xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
https://notcve.org/view.php?id=CVE-2024-45006
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size value during enumeration. Usb core calls usb_ep0_reinit() in this case, which ends up calling xhci_configure_endpoint(). On Panther point xHC the xhci_configure_endpoint() function will ... • https://git.kernel.org/stable/c/651aaf36a7d7b36a58980e70133f9437d4f6d312 •
CVSS: 4.7EPSS: 0%CPEs: 7EXPL: 0CVE-2024-45003 – vfs: Don't evict inode under the inode lru traversing context
https://notcve.org/view.php?id=CVE-2024-45003
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects all reclaimable inodes and mark them with I_FREEING flag at first, at that time, other processes will be stuck if they try getting these inodes (See function find_inode_fast), then the reclaiming process destroy the inodes by function dispose_list(). Some filesystems(eg. ext4 with ea_inode feature, ubifs with xat... • https://git.kernel.org/stable/c/e50e5129f384ae282adebfb561189cdb19b81cee •