CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2024-50010 – exec: don't WARN for racy path_noexec check
https://notcve.org/view.php?id=CVE-2024-50010
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: exec: don't WARN for racy path_noexec check Both i_mode and noexec checks wrapped in WARN_ON stem from an artifact of the previous implementation. They used to legitimately check for the condition, but that got moved up in two commits: 633fb6ac3980 ("exec: move S_ISREG() check earlier") 0fd338b2d2cd ("exec: move path_noexec() check earlier") Instead of being removed said checks are WARN_ON'ed instead, which has some debug value. However, th... • https://git.kernel.org/stable/c/c9b77438077d5a20c79ead95bcdaf9bd4797baaf •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50008 – wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
https://notcve.org/view.php?id=CVE-2024-50008
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`. With this, fix the following warning: elo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------ elo 16 17:51:58 surfacebook kernel: memcpy: detected field-spanning write (size 243) of single field "ext_scan->tlv_buffer" at drivers/net/wireless... • https://git.kernel.org/stable/c/b55c8848fdc81514ec047b2a0ec782ffe9ab5323 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50007 – ALSA: asihpi: Fix potential OOB array access
https://notcve.org/view.php?id=CVE-2024-50007
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity check of the array index to fit in the array size. In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array u... • https://git.kernel.org/stable/c/a6bdb691cf7b66dcd929de1a253c5c42edd2e522 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-50006 – ext4: fix i_data_sem unlock order in ext4_ind_migrate()
https://notcve.org/view.php?id=CVE-2024-50006
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates because the file descriptor is opened with O_SYNC. This can lead to the jbd2_journal_stop() function calling jbd2_might_wait_for_commit(), potentially causing a deadlock if the EXT4_IOC_MIGRATE call races with a write(2) system call. ... • https://git.kernel.org/stable/c/4192adefc9c570698821c5eb9873320eac2fcbf1 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49997 – net: ethernet: lantiq_etop: fix memory disclosure
https://notcve.org/view.php?id=CVE-2024-49997
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. • https://git.kernel.org/stable/c/504d4721ee8e432af4b5f196a08af38bc4dac5fe •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-49992 – drm/stm: Avoid use-after-free issues with crtc and plane
https://notcve.org/view.php?id=CVE-2024-49992
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with parameters allocated with devm_kzalloc() to avoid use-after-free issues [1]. Use allocations managed by the DRM framework. Found by Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2... • https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49975 – uprobes: fix kernel info leak via "[uprobes]" vma
https://notcve.org/view.php?id=CVE-2024-49975
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really matter, debugger can read this memory anyway. In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak... • https://git.kernel.org/stable/c/d4b3b6384f98f8692ad0209891ccdbc7e78bbefe •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-49968 – ext4: filesystems without casefold feature cannot be mounted with siphash
https://notcve.org/view.php?id=CVE-2024-49968
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the mounting. In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SI... • https://git.kernel.org/stable/c/e1373903db6c4ac994de0d18076280ad88e12dee • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49966 – ocfs2: cancel dqi_sync_work before freeing oinfo
https://notcve.org/view.php?id=CVE-2024-49966
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the following warning with CONFIG_DEBUG_OBJECTS_* enabled: ODEBUG: free active (active state 0) object: 00000000d8b0ce28 object type: timer_list hint: qsync_work_fn+0x0/0x16c This reports that there is an active delayed work when freeing oinf... • https://git.kernel.org/stable/c/171bf93ce11f4c9929fdce6ce63df8da2f3c4475 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-49959 – jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
https://notcve.org/view.php?id=CVE-2024-49959
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while executing jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free space right away, we try other branches, and if j_committing_transaction is NULL (i.e., the tid is 0), we will get the following complain: ==========... • https://git.kernel.org/stable/c/8c3f25d8950c3e9fe6c9849f88679b3f2a071550 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •