CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46869 – Bluetooth: btintel_pcie: Allocate memory for driver private data
https://notcve.org/view.php?id=CVE-2024-46869
30 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel_pcie: Allocate memory for driver private data Fix driver not allocating memory for struct btintel_data which is used to store internal data. • https://git.kernel.org/stable/c/6e65a09f927566f257322358d429b267548473eb •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46868 – firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire()
https://notcve.org/view.php?id=CVE-2024-46868
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix deadlock in qcuefi_acquire() If the __qcuefi pointer is not set, then in the original code, we would hold onto the lock. That means that if we tried to set it later, then it would cause a deadlock. Drop the lock on the error path. That's what all the callers are expecting. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/759e7a2b62eb3ef3c93ffeb5cca788a09627d7d9 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46867 – drm/xe/client: fix deadlock in show_meminfo()
https://notcve.org/view.php?id=CVE-2024-46867
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: fix deadlock in show_meminfo() There is a real deadlock as well as sleeping in atomic() bug in here, if the bo put happens to be the last ref, since bo destruction wants to grab the same spinlock and sleeping locks. Fix that by dropping the ref using xe_bo_put_deferred(), and moving the final commit outside of the lock. Dropping the lock around the put is tricky since the bo can go out of scope and delete itself from the l... • https://git.kernel.org/stable/c/0845233388f8a26d00acf9bf230cfd4f36aa4c30 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46866 – drm/xe/client: add missing bo locking in show_meminfo()
https://notcve.org/view.php?id=CVE-2024-46866
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/client: add missing bo locking in show_meminfo() bo_meminfo() wants to inspect bo state like tt and the ttm resource, however this state can change at any point leading to stuff like NPD and UAF, if the bo lock is not held. Grab the bo lock when calling bo_meminfo(), ensuring we drop any spinlocks first. In the case of object_idr we now also need to hold a ref. v2 (MattB) - Also add xe_bo_assert_held() (cherry picked from commi... • https://git.kernel.org/stable/c/0845233388f8a26d00acf9bf230cfd4f36aa4c30 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46864 – x86/hyperv: fix kexec crash due to VP assist page corruption
https://notcve.org/view.php?id=CVE-2024-46864
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b ("x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline") introduces a new cpuhp state for hyperv initialization. cpuhp_setup_state() returns the state number if state is CPUHP_AP_ONLINE_DYN or CPUHP_BP_PREPARE_DYN and 0 for all other states. For the hyperv case, since a new cpuhp state was introduced it would return 0. However, in hv_ma... • https://git.kernel.org/stable/c/9636be85cc5bdd8b7a7f6a53405cbcc52161c93c •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46863 – ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item
https://notcve.org/view.php?id=CVE-2024-46863
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required. • https://git.kernel.org/stable/c/dd3bd9dc47084195fcb3c1b371cb03046abb13ab •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46862 – ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item
https://notcve.org/view.php?id=CVE-2024-46862
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-mtl-match: add missing empty item There is no links_num in struct snd_soc_acpi_mach {}, and we test !link->num_adr as a condition to end the loop in hda_sdw_machine_select(). So an empty item in struct snd_soc_acpi_link_adr array is required. • https://git.kernel.org/stable/c/f77ae7fcdc47630eb7653983f3c57ac44103aebc •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46861 – usbnet: ipheth: do not stop RX on failing RX callback
https://notcve.org/view.php?id=CVE-2024-46861
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: do not stop RX on failing RX callback RX callbacks can fail for multiple reasons: * Payload too short * Payload formatted incorrecly (e.g. bad NCM framing) * Lack of memory None of these should cause the driver to seize up. Make such failures non-critical and continue processing further incoming URBs. Ubuntu Security Notice 7154-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly ... • https://git.kernel.org/stable/c/4d1cfa3afb8627435744ecdc6d8b58bc72ee0f4c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46860 – wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
https://notcve.org/view.php?id=CVE-2024-46860
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here. Ubuntu Security Notice 7156-1 - Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial ... • https://git.kernel.org/stable/c/4bfee9346d8c17d928ef6da2b8bffab88fa2a553 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-46859 – platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
https://notcve.org/view.php?id=CVE-2024-46859
27 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINF_CUR_BRIGHT(0x0d) without checking that the SINF array is big enough. Not all panasonic laptops have this many SINF array entries, for example the Toughbook CF-18 model only has 10 SINF array entries. So it only supports the AC+DC brightness entries and mute. Check that the SI... • https://git.kernel.org/stable/c/e424fb8cc4e6634c10f8159b1ff5618cf7bab9c6 •