CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46857 – net/mlx5: Fix bridge mode operations when there are no VFs
https://notcve.org/view.php?id=CVE-2024-46857
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix bridge mode operations when there are no VFs Currently, trying to set the bridge mode attribute when numvfs=0 leads to a crash: bridge link set dev eth2 hwmode vepa [ 168.967392] BUG: kernel NULL pointer dereference, address: 0000000000000030 [...] [ 168.969989] RIP: 0010:mlx5_add_flow_rules+0x1f/0x300 [mlx5_core] [...] [ 168.976037] Call Trace: [ 168.976188]
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46855 – netfilter: nft_socket: fix sk refcount leaks
https://notcve.org/view.php?id=CVE-2024-46855
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service or possibly execute arbitrary code. Andy Nguyen discovered that the Bluetooth A2MP implementation in the Linux kernel did not properly initialize memory i... • https://git.kernel.org/stable/c/039b1f4f24ecc8493b6bb9d70b4b78750d1b35c2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46854 – net: dpaa: Pad packets to ETH_ZLEN
https://notcve.org/view.php?id=CVE-2024-46854
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three bytes of the buffer following the data may be leaked. Avoid this by extending all packets to ETH_ZLEN, ensuring nothing is leaked in the padding. This bug can be reproduced by running $ ping -s 11 destination In the Linux kernel, the following vulnerability has been resolved: net: dpaa: Pad packets to ETH_ZLEN When sending packets under 60 bytes, up to three... • https://git.kernel.org/stable/c/9ad1a37493338cacf04e2c93acf44d151a7adda8 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46853 – spi: nxp-fspi: fix the KASAN report out-of-bounds bug
https://notcve.org/view.php?id=CVE-2024-46853
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: nxp-fspi: fix the KASAN report out-of-bounds bug Change the memcpy length to fix the out-of-bounds issue when writing the data that is not 4 byte aligned to TX FIFO. To reproduce the issue, write 3 bytes data to NOR chip. dd if=3b of=/dev/mtd0 [ 36.926103] ================================================================== [ 36.933409] BUG: KASAN: slab-out-of-bounds in nxp_fspi_exec_op+0x26ec/0x2838 [ 36.940514] Read of size 4 at addr f... • https://git.kernel.org/stable/c/a5356aef6a907c2e2aed0caaa2b88b6021394471 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46852 – dma-buf: heaps: Fix off-by-one in CMA heap fault handler
https://notcve.org/view.php?id=CVE-2024-46852
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix off-by-one in CMA heap fault handler Until VM_DONTEXPAND was added in commit 1c1914d6e8c6 ("dma-buf: heaps: Don't track CMA dma-buf pages under RssFile") it was possible to obtain a mapping larger than the buffer size via mremap and bypass the overflow check in dma_buf_mmap_internal. When using such a mapping to attempt to fault past the end of the buffer, the CMA heap fault handler also checks the fault offset against t... • https://git.kernel.org/stable/c/a5d2d29e24be8967ef78a1b1fb2292413e3b3df9 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46849 – ASoC: meson: axg-card: fix 'use-after-free'
https://notcve.org/view.php?id=CVE-2024-46849
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report: ================================================================== BUG: KASAN: slab-use-after-free in axg_card_add_link+0x76c/0x9bc Read of size 8 at addr ffff000000e8b260 by task modprobe/356 CPU: 0 PID: 356 Comm:... • https://git.kernel.org/stable/c/7864a79f37b55769b817d5e6c5ae0ca4bfdba93b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46848 – perf/x86/intel: Limit the period on Haswell
https://notcve.org/view.php?id=CVE-2024-46848
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: <NMI> ? __warn+0xa4/0x220 ? intel_pmu_handle_irq+0x285/0x370 ? __report_bug+0x123/0x130 ? • https://git.kernel.org/stable/c/3a632cb229bfb18b6d09822cc842451ea46c013e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46846 – spi: rockchip: Resolve unbalanced runtime PM / system PM handling
https://notcve.org/view.php?id=CVE-2024-46846
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: rockchip: Resolve unbalanced runtime PM / system PM handling Commit e882575efc77 ("spi: rockchip: Suspend and resume the bus during NOIRQ_SYSTEM_SLEEP_PM ops") stopped respecting runtime PM status and simply disabled clocks unconditionally when suspending the system. This causes problems when the device is already runtime suspended when we go to sleep -- in which case we double-disable clocks and produce a WARNing. Switch back to pm_ru... • https://git.kernel.org/stable/c/e882575efc771f130a24322377dc1033551da11d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46844 – um: line: always fill *error_out in setup_one_line()
https://notcve.org/view.php?id=CVE-2024-46844
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line(). In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in al... • https://git.kernel.org/stable/c/3bedb7ce080690d0d6172db790790c1219bcbdd5 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46843 – scsi: ufs: core: Remove SCSI host only if added
https://notcve.org/view.php?id=CVE-2024-46843
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is remov... • https://git.kernel.org/stable/c/2f49e05d6b58d660f035a75ff96b77071b4bd5ed •