CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48870 – tty: fix possible null-ptr-defer in spk_ttyio_release
https://notcve.org/view.php?id=CVE-2022-48870
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: tty: fix possible null-ptr-defer in spk_ttyio_release Run the following tests on the qemu platform: syzkaller:~# modprobe speakup_audptr input: Speakup as /devices/virtual/input/input4 initialized device: /dev/synth, node (MAJOR 10, MINOR 125) speakup 3.1.6: initialized synth name on entry is: (null) synth probe spk_ttyio_initialise_ldisc failed because tty_kopen_exclusive returned failed (errno -16), then remove the module, we will get a n... • https://git.kernel.org/stable/c/4f2a81f3a88217e7340b2cab5c0a5ebd0112514c •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48869 – USB: gadgetfs: Fix race between mounting and unmounting
https://notcve.org/view.php?id=CVE-2022-48869
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver, involving processes concurrently mounting and unmounting the gadgetfs filesystem. In particular, gadgetfs_fill_super() can race with gadgetfs_kill_sb(), causing the latter to deallocate the_device while the former is using it. The output from KASAN says, in part: BUG: KASAN: use-after-free in ... • https://git.kernel.org/stable/c/e5d82a7360d124ae1a38c2a5eac92ba49b125191 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48868 – dmaengine: idxd: Let probe fail when workqueue cannot be enabled
https://notcve.org/view.php?id=CVE-2022-48868
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Let probe fail when workqueue cannot be enabled The workqueue is enabled when the appropriate driver is loaded and disabled when the driver is removed. When the driver is removed it assumes that the workqueue was enabled successfully and proceeds to free allocations made during workqueue enabling. Failure during workqueue enabling does not prevent the driver from being loaded. This is because the error path within drv_enabl... • https://git.kernel.org/stable/c/1f2bb40337f0df1d9af80793e9fdacff7706e654 •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43882 – exec: Fix ToCToU between perm check and set-uid/gid usage
https://notcve.org/view.php?id=CVE-2024-43882
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back. Much later in the execve() code path, the file metadata (specifically mode, uid, and gid) is used to determine if/how to set the uid and gid. However, those values may have changed since the permissions check, meaning ... • https://git.kernel.org/stable/c/d5c3c7e26275a2d83b894d30f7582a42853a958f • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43880 – mlxsw: spectrum_acl_erp: Fix object nesting warning
https://notcve.org/view.php?id=CVE-2024-43880
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_erp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM (A-TCAM) or in the ordinary circuit TCAM (C-TCAM). The former can contain more ACLs (i.e., tc filters), but the number of masks in each region (i.e., tc chain) is limited. In order to mitigate the effects of the above limitation, the device allows filters to share a single mask if their masks only differ in up to 8 conse... • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43879 – wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()
https://notcve.org/view.php?id=CVE-2024-43879
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cfg80211_calculate_bitrate_he+0x22b/0x270 [cfg80211] Fix it by handling 2x996 RU allocation in the same way as 160 MHz bandwidth. In the Linux ker... • https://git.kernel.org/stable/c/c4cbaf7973a794839af080f13748335976cf3f3f • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43875 – PCI: endpoint: Clean up error handling in vpci_scan_bus()
https://notcve.org/view.php?id=CVE-2024-43875
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021) Instead of printing an error message and then crashing we should return an error code and clean up. Also the NULL check is reversed so it prints an error for success instead of fa... • https://git.kernel.org/stable/c/e2b6ef72b7aea9d7d480d2df499bcd1c93247abb •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-43873 – vhost/vsock: always initialize seqpacket_allow
https://notcve.org/view.php?id=CVE-2024-43873
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1. seqpacket_allow is not initialized when socket is created. Thus if features are never set, it will be read uninitialized. 2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared, then seqpacket_allow will not be cleared appropriately (existing apps I know about don't usually do this but it's legal and there's no way to be sure no one relies on this... • https://git.kernel.org/stable/c/ced7b713711fdd8f99d8d04dc53451441d194c60 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-43872 – RDMA/hns: Fix soft lockup under heavy CEQE load
https://notcve.org/view.php?id=CVE-2024-43872
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs are handled in interrupt handler currently. This may cause the CPU core staying in interrupt context too long and lead to soft lockup under heavy load. Handle CEQEs in BH workqueue and set an upper limit for the number of CEQE handled by a single call of work handler. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix soft lockup under heavy CEQE load CEQEs... • https://git.kernel.org/stable/c/a5073d6054f75d7c94b3354206eec4b804d2fbd4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43871 – devres: Fix memory leakage caused by driver API devm_free_percpu()
https://notcve.org/view.php?id=CVE-2024-43871
21 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use ... • https://git.kernel.org/stable/c/ff86aae3b4112b85d2231c23bccbc49589df1c06 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •