CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43819 – kvm: s390: Reject memory region operations for ucontrol VMs
https://notcve.org/view.php?id=CVE-2024-43819
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and would thus result in a null pointer dereference further in. Memory management needs to be performed in userspace and using the ioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP. Also improve s390... • https://git.kernel.org/stable/c/27e0393f15fc8bc855c6a888387ff5ffd2181089 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-43817 – net: missing check virtio
https://notcve.org/view.php?id=CVE-2024-43817
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere the __skb_linearize function will not be executed, then the buffer will remain non-linear. Then the condition (offset >= skb_headlen(skb)) becomes true, which causes WARN_ON_ONCE in skb_checksum... • https://git.kernel.org/stable/c/0f6925b3e8da0dbbb52447ca8a8b42b371aac7db • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42322 – ipvs: properly dereference pe in ip_vs_add_service
https://notcve.org/view.php?id=CVE-2024-42322
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. Several security issues were discovered in the Linux ... • https://git.kernel.org/stable/c/39b9722315364121c6e2524515a6e95d52287549 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42321 – net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE
https://notcve.org/view.php?id=CVE-2024-42321
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net") but this complementary fix has been also suggested by Willem de Bruijn and it can be easily backported to -stable kernel which consists in using DEBUG_NET_WARN_ON_ONCE instead to silence the following spl... • https://git.kernel.org/stable/c/9b52e3f267a6835efd50ed9002d530666d16a411 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42319 – mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable()
https://notcve.org/view.php?id=CVE-2024-42319
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_unregister ... The root cause can be deduced to be calling pm_runtime_get_sync() after calling pm_runtime_disable() as observed below: 1. CMDQ d... • https://git.kernel.org/stable/c/623a6143a845bd485b00ba684f0ccef11835edab •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42315 – exfat: fix potential deadlock on __exfat_get_dentry_set
https://notcve.org/view.php?id=CVE-2024-42315
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is allocated with GFP_KERNEL. It does not make sense. In the following cases, a deadlock for sbi->s_lock between the two processes may occur. CPU0 CPU1 ---- ---- kswapd balance_pgdat lock(fs_reclaim) exfat_iterate lock(&sbi->s_lock) exfat_r... • https://git.kernel.org/stable/c/bd3bdb9e0d656f760b11d0c638d35d7f7068144d •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42313 – media: venus: fix use after free in vdec_close
https://notcve.org/view.php?id=CVE-2024-42313
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part of decoding. Randomly closing the decoder device from userspace during normal decoding can incur a read after free for inst. Fix it by cancelling the work in vdec_close. In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/af2c3834c8ca7cc65d15592ac671933df8848115 •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-42312 – sysctl: always initialize i_uid/i_gid
https://notcve.org/view.php?id=CVE-2024-42312
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was not implemented. It also missed adjusting net_ctl_set_ownership() to use the same default values in case the computation of a better value fail... • https://git.kernel.org/stable/c/5ec27ec735ba0477d48c80561cc5e856f0c5dfaf •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42311 – hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
https://notcve.org/view.php?id=CVE-2024-42311
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ===================================================== BUG: KMSAN: uninit-value in hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 hfs_revalidate_dentry+0x307/0x3f0 fs/hfs/sysdep.c:30 d_revalidate fs/namei.c:862 [inline] lookup_fast+0x89e/0x8e0 fs/namei.c:1649 walk... • https://git.kernel.org/stable/c/f7316b2b2f11cf0c6de917beee8d3de728be24db •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42310 – drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes
https://notcve.org/view.php?id=CVE-2024-42310
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the re... • https://git.kernel.org/stable/c/6a227d5fd6c4abe6a9226a40f6981825e9da5fbe •