CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46743 – of/irq: Prevent device address out-of-bounds read in interrupt map walk
https://notcve.org/view.php?id=CVE-2024-46743
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN detects the following out-of-bounds read when populating the initial match table (dyndbg="func of_irq_parse_* +p"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: in... • https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46742 – smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
https://notcve.org/view.php?id=CVE-2024-46742
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open() null-ptr-deref will occur when (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) and parse_lease_state() return NULL. Fix this by check if 'lease_ctx_info' is NULL. Additionally, remove the redundant parentheses in parse_durable_handle_context(). In the Linux kernel, the following vulnerability has been resolved: smb/server: fix potential null-ptr-deref of lease_ctx_info in s... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46740 – binder: fix UAF caused by offsets overwrite
https://notcve.org/view.php?id=CVE-2024-46740
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF caused by offsets overwrite Binder objects are processed and copied individually into the target buffer during transactions. Any raw data in-between these objects is copied as well. However, this raw data copy lacks an out-of-bounds check. If the raw data exceeds the data section size then the copy overwrites the offsets section. This eventually triggers an error that attempts to unwind the processed objects. • https://git.kernel.org/stable/c/c056a6ba35e00ae943e377eb09abd77a6915b31a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46739 – uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
https://notcve.org/view.php?id=CVE-2024-46739
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind callback is meant for primary channels only. Fix NULL pointer dereference by retrieving the device_obj from the parent for the primary channel. In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kern... • https://git.kernel.org/stable/c/ca3cda6fcf1e922213a0cc58e708ffb999151db3 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46738 – VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
https://notcve.org/view.php?id=CVE-2024-46738
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by comparing context and resource fields. It is possible though to create two resources with different types but same handle (same context and resource fields). When trying to remove one of the resources, vmci_resource_remove() may not remove ... • https://git.kernel.org/stable/c/bc63dedb7d46a7d690c6b6edf69136b88af06cc6 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46737 – nvmet-tcp: fix kernel crash if commands allocation fails
https://notcve.org/view.php?id=CVE-2024-46737
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Fix the bug by setting queue->nr_cmds to zero in case nvmet_tcp_alloc_cmd() fails. In the Linux kernel,... • https://git.kernel.org/stable/c/872d26a391da92ed8f0c0f5cb5fef428067b7f30 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46734 – btrfs: fix race between direct IO write and fsync when using same fd
https://notcve.org/view.php?id=CVE-2024-46734
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between direct IO write and fsync when using same fd If we have 2 threads that are using the same file descriptor and one of them is doing direct IO writes while the other is doing fsync, we have a race where we can end up either: 1) Attempt a fsync without holding the inode's lock, triggering an assertion failures when assertions are enabled; 2) Do an invalid memory access from the fsync task because the file private points... • https://git.kernel.org/stable/c/4e17707035a65f6e5b2a4d987a308cf8ed8c5ad1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46733 – btrfs: fix qgroup reserve leaks in cow_file_range
https://notcve.org/view.php?id=CVE-2024-46733
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cow_file_range In the buffered write path, the dirty page owns the qgroup reserve until it creates an ordered_extent. Therefore, any errors that occur before the ordered_extent is created must free that reservation, or else the space is leaked. The fstest generic/475 exercises various IO error paths, and is able to trigger errors in cow_file_range where we fail to get to allocating the ordered extent. Note... • https://git.kernel.org/stable/c/e42ef22bc10f0309c0c65d8d6ca8b4127a674b7f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46732 – drm/amd/display: Assign linear_pitch_alignment even for VM
https://notcve.org/view.php?id=CVE-2024-46732
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Ubuntu Security Notice 7144-1 - Supraja Sridhara, Benedi... • https://git.kernel.org/stable/c/4bd7710f2fecfc5fb2dda1ca2adc69db8a66b8b6 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46731 – drm/amd/pm: fix the Out-of-bounds read warning
https://notcve.org/view.php?id=CVE-2024-46731
18 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the devi... • https://git.kernel.org/stable/c/38e32a0d837443c91c4b615a067b976cfb925376 •