CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44963 – btrfs: do not BUG_ON() when freeing tree block after error
https://notcve.org/view.php?id=CVE-2024-44963
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON() when freeing tree block after error When freeing a tree block, at btrfs_free_tree_block(), if we fail to create a delayed reference we don't deal with the error and just do a BUG_ON(). The error most likely to happen is -ENOMEM, and we have a comment mentioning that only -ENOMEM can happen, but that is not true, because in case qgroups are enabled any error returned from btrfs_qgroup_trace_extent_post() (can be -EUCLE... • https://git.kernel.org/stable/c/22d907bcd283d69d5e60497fc0d51969545c583b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44962 – Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading
https://notcve.org/view.php?id=CVE-2024-44962
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading When unload the btnxpuart driver, its associated timer will be deleted. If the timer happens to be modified at this moment, it leads to the kernel call this timer even after the driver unloaded, resulting in kernel panic. Use timer_shutdown_sync() instead of del_timer_sync() to prevent rearming. panic log: Internal error: Oops: 0000000086000007 [#1] PREEMPT SMP ... • https://git.kernel.org/stable/c/ab3a769b4dccec2cf60f0a0700b140991bf9afc8 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44961 – drm/amdgpu: Forward soft recovery errors to userspace
https://notcve.org/view.php?id=CVE-2024-44961
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Forward soft recovery errors to userspace As we discussed before[1], soft recovery should be forwarded to userspace, or we can get into a really bad state where apps will keep submitting hanging command buffers cascading us to a hard reset. 1: https://lore.kernel.org/all/bf23d5ed-9a6b-43e7-84ee-8cbfd0d60f18@froggi.es/ (cherry picked from commit 434967aadbbbe3ad9103cc29e9a327de20fdba01) In the Linux kernel, the following vulnerab... • https://git.kernel.org/stable/c/0da0b06165d83a8ecbb6582d9d5a135f9d38a52a •
CVSS: 5.5EPSS: 0%CPEs: 13EXPL: 0CVE-2024-44960 – usb: gadget: core: Check for unset descriptor
https://notcve.org/view.php?id=CVE-2024-44960
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: core: Check for unset descriptor Make sure the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug duri... • https://git.kernel.org/stable/c/d1c188d330ca33cc35d1590441ba276f31144299 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44959 – tracefs: Use generic inode RCU for synchronizing freeing
https://notcve.org/view.php?id=CVE-2024-44959
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: tracefs: Use generic inode RCU for synchronizing freeing With structure layout randomization enabled for 'struct inode' we need to avoid overlapping any of the RCU-used / initialized-only-once members, e.g. i_lru or i_sb_list to not corrupt related list traversals when making use of the rcu_head. For an unlucky structure layout of 'struct inode' we may end up with the following splat when running the ftrace selftests: [<...>] list_del corru... • https://git.kernel.org/stable/c/5f91fc82794d4a6e41cdcd02d00baa377d94ca78 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44958 – sched/smt: Fix unbalance sched_smt_present dec/inc
https://notcve.org/view.php?id=CVE-2024-44958
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_dec+0x9d/0xb0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44957 – xen: privcmd: Switch from mutex to spinlock for irqfds
https://notcve.org/view.php?id=CVE-2024-44957
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wakeup() gets EPOLLHUP, when it is called by eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which gets called under spin_lock_irqsave(). We can't use a mutex here as it will lead to a deadlock. Fix it by switching over to a spin lock. In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Switch from mutex to spinlock for irqfds irqfd_wak... • https://git.kernel.org/stable/c/c2775ae4d9227729f8ca9ee2a068f62a00d5ea9c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44955 – drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute
https://notcve.org/view.php?id=CVE-2024-44955
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute [Why] When unplug one of monitors connected after mst hub, encounter null pointer dereference. It's due to dc_sink get released immediately in early_unregister() or detect_ctx(). When commit new state which directly referring to info stored in dc_sink will cause null pointer dereference. [how] Remove redundant checking condition. Relevant condition should already be covered b... • https://git.kernel.org/stable/c/c7e65cab54a89f4df54110f0b44c4ade93d1a911 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44954 – ALSA: line6: Fix racy access to midibuf
https://notcve.org/view.php?id=CVE-2024-44954
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: line6: Fix racy access to midibuf There can be concurrent accesses to line6 midibuf from both the URB completion callback and the rawmidi API access. This could be a cause of KMSAN warning triggered by syzkaller below (so put as reported-by here). This patch protects the midibuf call of the former code path with a spinlock for avoiding the possible races. In the Linux kernel, the following vulnerability has been resolved: ALSA: line6:... • https://git.kernel.org/stable/c/643293b68fbb6c03f5e907736498da17d43f0d81 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-44951 – serial: sc16is7xx: fix TX fifo corruption
https://notcve.org/view.php?id=CVE-2024-44951
04 Sep 2024 — In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix TX fifo corruption Sometimes, when a packet is received on channel A at almost the same time as a packet is about to be transmitted on channel B, we observe with a logic analyzer that the received packet on channel A is transmitted on channel B. In other words, the Tx buffer data on channel B is corrupted with data from channel A. The problem appeared since commit 4409df5866b7 ("serial: sc16is7xx: change EFR lock to o... • https://git.kernel.org/stable/c/4409df5866b7ff7686ba27e449ca97a92ee063c9 •