CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42145 – IB/core: Implement a limit on UMAD receive List
https://notcve.org/view.php?id=CVE-2024-42145
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extract packets from this list, the rate of extraction may not match the rate of incoming packets, leading to potential list overflow. To address this, we introduce a limit to the size of the list. After considering typical scenarios, such as OpenSM processing, which can handle approximately 100k packets per second, and the 1-second retry timeout for most packets, we set the list size limit to 200k. Packets received beyond this limit are dropped, assuming they are likely timed out by the time they are handled by user-space. Notably, packets queued on the receive list due to reasons like timed-out sends are preserved even when the list is full. • https://git.kernel.org/stable/c/1288cf1cceb0e6df276e182f5412370fb4169bcb https://git.kernel.org/stable/c/b4913702419d064ec4c4bbf7270643c95cc89a1b https://git.kernel.org/stable/c/62349fbf86b5e13b02721bdadf98c29afd1e7b5f https://git.kernel.org/stable/c/d73cb8862e4d6760ccc94d3b57b9ef6271400607 https://git.kernel.org/stable/c/63d202d948bb6d3a28cd8e8b96b160fa53e18baa https://git.kernel.org/stable/c/b8c5f635997f49c625178d1a0cb32a80ed33abe6 https://git.kernel.org/stable/c/a6627fba793cc75b7365d9504a0095fb2902dda4 https://git.kernel.org/stable/c/ca0b44e20a6f3032224599f02e7c8fb49 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42144 – thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data
https://notcve.org/view.php?id=CVE-2024-42144
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data Verify that lvts_data is not NULL before using it. • https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9 https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886 https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42142 – net/mlx5: E-switch, Create ingress ACL when needed
https://notcve.org/view.php?id=CVE-2024-42142
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can be disabled using the following devlink command: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \ value false cmode runtime If ingress acl is not created, will hit panic when creating drop rule for active-backup lag mode. • https://git.kernel.org/stable/c/1749c4c51c16e3e078faae0a876d01bafb187a74 https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595 https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324 https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320 https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42141 – Bluetooth: ISO: Check socket flag instead of hcon
https://notcve.org/view.php?id=CVE-2024-42141
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC, • https://git.kernel.org/stable/c/fbdc4bc47268953c80853489f696e02d61f9a2c6 https://git.kernel.org/stable/c/c03a10bd5b6ccb22921e04bcddc987410df7e7a9 https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11 https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8 https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-42140 – riscv: kexec: Avoid deadlock in kexec crash path
https://notcve.org/view.php?id=CVE-2024-42140
In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use. So we simply remove it. • https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd https://git.kernel.org/stable/c/b17d19a5314a37f7197afd1a0200affd21a7227d https://git.kernel.org/stable/c/7594956fec8902dfc18150bf1dca0940cd4ad025 https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155 https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692 https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea24491 •