CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46711 – mptcp: pm: fix ID 0 endp usage after multiple re-creations
https://notcve.org/view.php?id=CVE-2024-46711
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initial subflows are known from the beginning: they don't count as "additional local address being used" or "ADD_ADDR being accepted". It is then required not to increment them when the entrypoint used by the initial su... • https://git.kernel.org/stable/c/3ad14f54bd7448384458e69f0183843f683ecce8 •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46710 – drm/vmwgfx: Prevent unmapping active read buffers
https://notcve.org/view.php?id=CVE-2024-46710
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compare e) update the cursor f) unmap "a" for update At step "e" the buffer has been unmapped and the read contents is bogus. Prevent unmapping of act... • https://git.kernel.org/stable/c/485d98d472d53f9617ffdfba5e677ac29ad4fe20 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46707 – KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
https://notcve.org/view.php?id=CVE-2024-46707
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 registers is trapped to EL2. We therefore try to emulate the SGI access, only to hit a NULL pointer as no private interrupt is allocated (no GIC, remember?). The obvious fix is to give the guest what it deserves, in the ... • https://git.kernel.org/stable/c/15818af2f7aa55eff375333cb7689df15d3f24ef •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46702 – thunderbolt: Mark XDomain as unplugged when router is removed
https://notcve.org/view.php?id=CVE-2024-46702
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is due to fact that the Thunderbolt networking driver also tries to cleanup the paths and ends up blocking in tb_disconnect_xdomain_paths() waiting... • https://git.kernel.org/stable/c/747bc154577de6e6af4bc99abfa859b8419bb4d8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46698 – video/aperture: optionally match the device in sysfb_disable()
https://notcve.org/view.php?id=CVE-2024-46698
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: video/aperture: optionally match the device in sysfb_disable() In aperture_remove_conflicting_pci_devices(), we currently only call sysfb_disable() on vga class devices. This leads to the following problem when the pimary device is not VGA compatible: 1. A PCI device with a non-VGA class is the boot display 2. That device is probed first and it is not a VGA device so sysfb_disable() is not called, but the device resources are freed by apert... • https://git.kernel.org/stable/c/5ae3716cfdcd286268133867f67d0803847acefc •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46695 – selinux,smack: don't bypass permissions check in inode_setsecctx hook
https://notcve.org/view.php?id=CVE-2024-46695
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm() states: * This function requires the caller to lock the inode's i_mutex before it * is executed. It also assumes that the caller will make the... • https://git.kernel.org/stable/c/2dbc4b7bac60b02cc6e70d05bf6a7dfd551f9dda • CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-46694 – drm/amd/display: avoid using null object of framebuffer
https://notcve.org/view.php?id=CVE-2024-46694
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. (cherry picked from commit 73dd0ad9e5dad53766ea3e631303430116f834b3) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid using null object of framebuffer Inste... • https://git.kernel.org/stable/c/5d945cbcd4b16a29d6470a80dfb19738f9a4319f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-46689 – soc: qcom: cmd-db: Map shared memory as WC, not WB
https://notcve.org/view.php?id=CVE-2024-46689
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone. The only reason it is working right now is because Qualcomm Hypervisor maps the same region as Non-Cacheable memory in Stage ... • https://git.kernel.org/stable/c/312416d9171a1460b7ed8d182b5b540c910ce80d •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46686 – smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
https://notcve.org/view.php?id=CVE-2024-46686
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. Ubuntu Security Notice 7156-1 - Chenyuan... • https://git.kernel.org/stable/c/edf38e9f4269591d26b3783c0b348c9345580c3c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46685 – pinctrl: single: fix potential NULL dereference in pcs_get_function()
https://notcve.org/view.php?id=CVE-2024-46685
13 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can r... • https://git.kernel.org/stable/c/571aec4df5b72a80f80d1e524da8fbd7ff525c98 •