CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43853 – cgroup/cpuset: Prevent UAF in proc_cpuset_show()
https://notcve.org/view.php?id=CVE-2024-43853
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43849 – soc: qcom: pdr: protect locator_addr with the main mutex
https://notcve.org/view.php?id=CVE-2024-43849
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of those fields under the main pdr->lock. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewri... • https://git.kernel.org/stable/c/fbe639b44a82755d639df1c5d147c93f02ac5a0f •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43846 – lib: objagg: Fix general protection fault
https://notcve.org/view.php?id=CVE-2024-43846
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation on how to aggregate the provided objects. Nesting is not possible in the first case due to a check that prevents it, but in the second case the... • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43841 – wifi: virt_wifi: avoid reporting connection success with wrong SSID
https://notcve.org/view.php?id=CVE-2024-43841
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_not_found). The issue is because the connection code in virt_wifi does not check the SSID from user space (it only checks the BSSID), and virt_wifi will call cfg80211_connect_result() with WLAN_STATUS_SUCCESS even i... • https://git.kernel.org/stable/c/c7cdba31ed8b87526db978976392802d3f93110c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43839 – bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
https://notcve.org/view.php?id=CVE-2024-43839
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers, assume that they require: * 1 char for 'tx_id + tx_info->tcb[i]->id' sum, BNAD_MAX_TXQ_PER_TX is 8 * 2 chars for 'rx_id + rx_info->rx_ctrl[i].ccb->id', BNAD_MAX_... • https://git.kernel.org/stable/c/8b230ed8ec96c933047dd0625cf95f739e4939a6 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43835 – virtio_net: Fix napi_skb_cache_put warning
https://notcve.org/view.php?id=CVE-2024-43835
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix napi_skb_cache_put warning After the commit bdacf3e34945 ("net: Use nested-BH locking for napi_alloc_cache.") was merged, the following warning began to appear: WARNING: CPU: 5 PID: 1 at net/core/skbuff.c:1451 napi_skb_cache_put+0x82/0x4b0 __warn+0x12f/0x340 napi_skb_cache_put+0x82/0x4b0 napi_skb_cache_put+0x82/0x4b0 report_bug+0x165/0x370 handle_bug+0x3d/0x80 exc_invalid_op+0x1a/0x50 asm_exc_invalid_op+0x1a/0x20 __free_old_... • https://git.kernel.org/stable/c/df133f3f96257ee29696c0ed8bd198ec801dc810 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43834 – xdp: fix invalid wait context of page_pool_destroy()
https://notcve.org/view.php?id=CVE-2024-43834
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: xdp: fix invalid wait context of page_pool_destroy() If the driver uses a page pool, it creates a page pool with page_pool_create(). The reference count of page pool is 1 as default. A page pool will be destroyed only when a reference count reaches 0. page_pool_destroy() is used to destroy page pool, it decreases a reference count. When a page pool is destroyed, ->disconnect() is called, which is mem_allocator_disconnect(). This function in... • https://git.kernel.org/stable/c/c3f812cea0d7006469d1cf33a4a9f0a12bb4b3a3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-43832 – s390/uv: Don't call folio_wait_writeback() without a folio reference
https://notcve.org/view.php?id=CVE-2024-43832
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After we dropped the PTL, the folio could get freed concurrently. So grab a temporary reference. In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires... • https://git.kernel.org/stable/c/214d9bbcd3a67230b932f6cea83c078ab34d9e70 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-43831 – media: mediatek: vcodec: Handle invalid decoder vsi
https://notcve.org/view.php?id=CVE-2024-43831
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the... • https://git.kernel.org/stable/c/590577a4e5257ac3ed72999a94666ad6ba8f24bc •
CVSS: 6.6EPSS: 0%CPEs: 8EXPL: 0CVE-2024-43830 – leds: trigger: Unregister sysfs attributes before calling deactivate()
https://notcve.org/view.php?id=CVE-2024-43830
17 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigg... • https://git.kernel.org/stable/c/a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 • CWE-416: Use After Free •