CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35886 – ipv6: Fix infinite recursion in fib6_dump_done().
https://notcve.org/view.php?id=CVE-2024-35886
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix infinite recursion in fib6_dump_done(). syzkaller reported infinite recursive calls of fib6_dump_done() during netlink socket destruction. [1] From the log, syzkaller sent an AF_UNSPEC RTM_GETROUTE message, and then the response was generated. The following recvmmsg() resumed the dump for IPv6, but the first call of inet6_dump_fib() failed at kzalloc() due to the fault injection. [0] 12:01:34 executing program 3: r0 = socket$nl_ro... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35878 – of: module: prevent NULL pointer dereference in vsnprintf()
https://notcve.org/view.php?id=CVE-2024-35878
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: of: module: prevent NULL pointer dereference in vsnprintf() In of_modalias(), we can get passed the str and len parameters which would cause a kernel oops in vsnprintf() since it only allows passing a NULL ptr when the length is also 0. Also, we need to filter out the negative values of the len parameter as these will result in a really huge buffer since snprintf() takes size_t parameter while ours is ssize_t... Found by Linux Verification ... • https://git.kernel.org/stable/c/e4a449368a2ce6d57a775d0ead27fc07f5a86e5b • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35877 – x86/mm/pat: fix VM_PAT handling in COW mappings
https://notcve.org/view.php?id=CVE-2024-35877
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs will not work in COW mappings. Using follow_phys(), we might just get the address+protection of the anon folio (which is very wrong), or fail on swap/nonswap entr... • https://git.kernel.org/stable/c/5899329b19100c0b82dc78e9b21ed8b920c9ffb3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35875 – x86/coco: Require seeding RNG with RDRAND on CoCo systems
https://notcve.org/view.php?id=CVE-2024-35875
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/coco: Require seeding RNG with RDRAND on CoCo systems There are few uses of CoCo that don't rely on working cryptography and hence a working RNG. Unfortunately, the CoCo threat model means that the VM host cannot be trusted and may actively work against guests to extract secrets or manipulate computation. Since a malicious host can modify or observe nearly all inputs to guests, the only remaining source of entropy for CoCo guests is RDR... • https://git.kernel.org/stable/c/22943e4fe4b3a2dcbadc3d38d5bf840bbdbfe374 •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35870 – smb: client: fix UAF in smb2_reconnect_server()
https://notcve.org/view.php?id=CVE-2024-35870
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in smb2_reconnect_server() The UAF bug is due to smb2_reconnect_server() accessing a session that is already being teared down by another thread that is executing __cifs_put_smb_ses(). This can happen when (a) the client has connection to the server but no session or (b) another thread ends up setting @ses->ses_status again to something different than SES_EXITING. To fix this, we need to make sure to unconditionally set... • https://git.kernel.org/stable/c/755fe68cd4b59e1d2a2dd3286177fd4404f57fed • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35869 – smb: client: guarantee refcounted children from parent session
https://notcve.org/view.php?id=CVE-2024-35869
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: guarantee refcounted children from parent session Avoid potential use-after-free bugs when walking DFS referrals, mounting and performing DFS failover by ensuring that all children from parent @tcon->ses are also refcounted. They're all needed across the entire DFS mount. Get rid of @tcon->dfs_ses_list while we're at it, too. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: garantiza que los hijo... • https://git.kernel.org/stable/c/645f332c6b63499cc76197f9b6bffcc659ba64cc • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35868 – smb: client: fix potential UAF in cifs_stats_proc_write()
https://notcve.org/view.php?id=CVE-2024-35868
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_write() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_stats_proc_write() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potentia... • https://git.kernel.org/stable/c/8fefd166fcb368c5fcf48238e3f7c8af829e0a72 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35867 – smb: client: fix potential UAF in cifs_stats_proc_show()
https://notcve.org/view.php?id=CVE-2024-35867
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_stats_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_stats_proc_show() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential ... • https://git.kernel.org/stable/c/16b7d785775eb03929766819415055e367398f49 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35866 – smb: client: fix potential UAF in cifs_dump_full_key()
https://notcve.org/view.php?id=CVE-2024-35866
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_dump_full_key() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en cifs_dump_full_key() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. A use-after-free flaw was found in the Linux kernel in the smb client cifs_dump_full_key() when exi... • https://git.kernel.org/stable/c/10e17ca4000ec34737bde002a13435c38ace2682 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35865 – smb: client: fix potential UAF in smb2_is_valid_oplock_break()
https://notcve.org/view.php?id=CVE-2024-35865
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_oplock_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: corrige UAF potencial en smb2_is_valid_oplock_break() Omita las sesiones que se están eliminando (estado == SES_EXITING) para evitar UAF. In the Linux kernel, the following vulnerability has been resolved: smb: client: fi... • https://git.kernel.org/stable/c/84488466b7a69570bdbf76dd9576847ab97d54e7 •