CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44969 – s390/sclp: Prevent release of buffer in I/O
https://notcve.org/view.php?id=CVE-2024-44969
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fail... • https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44968 – tick/broadcast: Move per CPU pointer access into the atomic section
https://notcve.org/view.php?id=CVE-2024-44968
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers hoist the access into the non-preemptible region where the pointer is actually used. But of course it's valid that the compiler keeps it at the place where the code puts it which rightfully triggers: BUG: usi... • https://git.kernel.org/stable/c/408bfb6b0a7f22e971ce6b600aec448769e580a8 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44967 – drm/mgag200: Bind I2C lifetime to DRM device
https://notcve.org/view.php?id=CVE-2024-44967
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will f... • https://git.kernel.org/stable/c/b279df242972ae816a75cf1cc732af836f999100 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44966 – binfmt_flat: Fix corruption when not offsetting data start
https://notcve.org/view.php?id=CVE-2024-44966
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers. However, it did not disable the code which initializes the array, resulting in the corruption of sizeof(long) bytes before the DATA segment, generally the end of the TEXT ... • https://git.kernel.org/stable/c/04d82a6d0881ef1ab1e9f66f10805177ee2fb1e8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44965 – x86/mm: Fix pti_clone_pgtable() alignment assumption
https://notcve.org/view.php?id=CVE-2024-44965
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end... • https://git.kernel.org/stable/c/16a3fe634f6a568c6234b8747e5d50487fed3526 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44963 – btrfs: do not BUG_ON() when freeing tree block after error
https://notcve.org/view.php?id=CVE-2024-44963
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). The error most likely to happen is -ENOMEM, and we have a comment mentioning that only -ENOMEM can happen, but that is not true, because in case qgroups are enabled any error returned from btrfs_qgroup_trace_extent_post() (can be -EUC... • https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44962 – Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading
https://notcve.org/view.php?id=CVE-2024-44962
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel call this timer even after the driver unloaded, resulting in kernel panic. Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. panic log: Internal error: Oops: 0000000086000007 [#1] PREEMPT... • https://git.kernel.org/stable/c/ab3a769b4dccec2cf60f0a0700b140991bf9afc8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44961 – drm/amdgpu: Forward soft recovery errors to userspace
https://notcve.org/view.php?id=CVE-2024-44961
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ (cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01) In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-44960 – usb: gadget: core: Check for unset descriptor
https://notcve.org/view.php?id=CVE-2024-44960
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug ... • https://git.kernel.org/stable/c/d1c188d330ca33cc35d1590441ba276f31144299 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44959 – tracefs: Use generic inode RCU for synchronizing freeing
https://notcve.org/view.php?id=CVE-2024-44959
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. i_lru or i_sb_list to not corrupt related list traversals when making use of the rcu_head. For an unlucky structure layout of 'struct inode' we may end up with the following splat when running the ftrace selftests: [<...>] list_del c... • https://git.kernel.org/stable/c/5f91fc82794d4a6e41cdcd02d00baa377d94ca78 •