CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44938 – jfs: Fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2024-44938
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift expo... • https://git.kernel.org/stable/c/b40c2e665cd552eae5fbdbb878bc29a34357668e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44931 – gpio: prevent potential speculation leaks in gpio_device_get_desc()
https://notcve.org/view.php?id=CVE-2024-44931
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to... • https://git.kernel.org/stable/c/18504710442671b02d00e6db9804a0ad26c5a479 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43914 – md/raid5: avoid BUG_ON() while continue reshape after reassembling
https://notcve.org/view.php?id=CVE-2024-43914
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: md/raid5: avoid BUG_ON() while continue reshape after reassembling Currently, mdadm support --revert-reshape to abort the reshape while reassembling, as the test 07revert-grow. However, following BUG_ON() can be triggerred by the test: kernel BUG at drivers/md/raid5.c:6278! invalid opcode: 0000 [#1] PREEMPT SMP PTI irq event stamp: 158985 CPU: 6 PID: 891 Comm: md0_reshape Not tainted 6.9.0-03335-g7592a0b0049a #94 RIP: 0010:reshape_request+0... • https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0 • CWE-617: Reachable Assertion •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43912 – wifi: nl80211: disallow setting special AP channel widths
https://notcve.org/view.php?id=CVE-2024-43912
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz channel width progression, and switching around in S1G or narrow channels isn't supported. Disallow that. In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/... MHz ch... • https://git.kernel.org/stable/c/3d42f2125f6c89e1e71c87b9f23412afddbba45e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43908 – drm/amdgpu: Fix the null pointer dereference to ras_manager
https://notcve.org/view.php?id=CVE-2024-43908
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, an... • https://git.kernel.org/stable/c/ff5c4eb71ee8951c789b079f6e948f86708b04ed •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43907 – drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules
https://notcve.org/view.php?id=CVE-2024-43907
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference It was discovered that the CIFS network file system implementation in the Linux kernel did n... • https://git.kernel.org/stable/c/c1749313f35b98e2e655479f037db37f19756622 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43905 – drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr
https://notcve.org/view.php?id=CVE-2024-43905
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference. It was discovered that the CIFS network file system implementation in the Linux kernel did not properly validate certain SMB messages, leading to an out-of-bounds read vulnerability. An attacker could use this to cause a denial of service or possibly expose sensitive information. Supraja Sridh... • https://git.kernel.org/stable/c/2ac9deb7e087f0b461c3559d9eaa6b9cf19d3fa8 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43900 – media: xc2028: avoid use-after-free in load_firmware_cb()
https://notcve.org/view.php?id=CVE-2024-43900
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the module initialization failed, the struct tuner was released. A worker which created during module initialization accesses this struct tuner later, it caused use-after-free. The process is as follows: task-6504 worker_thread tuner_probe ... • https://git.kernel.org/stable/c/ef517bdfc01818419f7bd426969a0c86b14f3e0e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43893 – serial: core: check uartclk for zero to avoid divide by zero
https://notcve.org/view.php?id=CVE-2024-43893
26 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor(). The check for uartclk being zero in uart_set_info() needs to be done before other settings are made as subsequent calls to ioctl TIOCSSERIAL for the same port would be impacted if the uartclk check was done where uartclk gets set.... • https://git.kernel.org/stable/c/3bbd90fca824e6fd61fb20f6dd2b0fa5f8b14bba •
CVSS: 6.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43883 – usb: vhci-hcd: Do not drop references before new references are gained
https://notcve.org/view.php?id=CVE-2024-43883
23 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speaking closes ZDI-CAN-22273, though there may be similar races in the driver. In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the ... • https://git.kernel.org/stable/c/5a3c473b28ae1c1f7c4dc129e30cb19ae6e96f89 •