Siemens Third-Party Components in SINEC OS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 9.1
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: Third-Party Components in SINEC OS
- Vulnerabilities: Improper Input Validation, Use After Free, Out-of-bounds Read, Incorrect Check of Function Return Value, Incorrect Comparison, Improper Control of Resource Identifiers ('Resource Injection'), Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), NULL Pointer Dereference, Excessive Platform Resource Consumption within a Loop, Allocation of Resources Without Limits or Throttling, Improper Restriction of Operations within the Bounds of a Memory Buffer, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Improper Resource Shutdown or Release, Transmission of Private Resources into a New Sphere ('Resource Leak'), Return of Wrong Status Code, Integer Overflow or Wraparound, Double Free, Buffer Access with Incorrect Length Value, Use of Uninitialized Variable, Missing Release of Memory after Effective Lifetime, Improper Locking, Improper Handling of Values, Use of Uninitialized Resource, Uncontrolled Resource Consumption, Improper Resource Locking, Buffer Underwrite ('Buffer Underflow'), Out-of-bounds Write, Expired Pointer Dereference, Improper Control of a Resource Through its Lifetime, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Incomplete Cleanup, Access of Resource Using Incompatible Type ('Type Confusion'), Divide By Zero, Improper Validation of Array Index, Access of Uninitialized Pointer, Operation on a Resource after Expiration or Release, Sensitive Information in Resource Not Removed Before Reuse, Improper Handling of Exceptional Conditions, Deadlock, Improper Initialization, Detection of Error Condition Without Action, Improper Check for Unusual or Exceptional Conditions, Time-of-check Time-of-use (TOCTOU) Race Condition, Incorrect Calculation of Buffer Size, Improper Cleanup on Thrown Exception, Integer Underflow (Wrap or Wraparound), Missing Initialization of a Variable, Improper Handling of Unexpected Data Type, Always-Incorrect Control Flow Implementation
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to expose information, execute arbitrary code, cause a memory leak, cause a denial-of-service, corrupt data, gain unintended privileges, and cause other system impacts.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Siemens RUGGEDCOM RST2428P (6GK6242-6PA00): Versions prior to 3.2
- Siemens SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family: Versions prior to 3.2
- Siemens SCALANCE XCM-/XRM-/XCH-/XRH-300 family: Versions prior to 3.2
3.2 VULNERABILITY OVERVIEW
3.2.1 IMPROPER INPUT VALIDATION CWE-20
nfsd: NULL dereference in nfs3svc_encode_getaclres.
CVE-2021-47316 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.2 USE AFTER FREE CWE-416
scsi: core: use-after-free vulnerability.
CVE-2022-48666 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
3.2.3 OUT-OF-BOUNDS READ CWE-125
NFSD: vulnerability caused by loff_t overflow on the server when a client reads near the maximum offset, causing the server to return an EINVAL error, which the client retries indefinitely, instead of handling out-of-range READ requests by returning a short result with an EOF flag.
CVE-2022-48827 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
3.2.4 IMPROPER INPUT VALIDATION CWE-20
NFSD: Vulnerability caused by an underflow in ia_size due to a mismatch between signed and unsigned 64-bit file size values, which can cause issues when handling large file sizes from NFS clients.
CVE-2022-48828 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.5 INCORRECT CHECK OF FUNCTION RETURN VALUE CWE-253
NFSD: Vulnerability handling large file sizes for NFSv3 improperly capping client size values larger than s64_max, leading to unexpected behavior and potential data corruption.
CVE-2022-48829 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.6 IMPROPER INPUT VALIDATION CWE-20
sh: cpuinfo: warning for CONFIG_CPUMASK_OFFSTACK. When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning when showing /proc/cpuinfo.
CVE-2022-49034 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.7 IMPROPER INPUT VALIDATION CWE-20
net: can: j1939: vulnerability related to error handling for closely received RTS messages in xtp_rx_rts_session_new, which is addressed by replacing less informative backtraces with a new method that provides clearer error messages and allows for early termination of problematic sessions.
CVE-2023-52887 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.8 IMPROPER INPUT VALIDATION CWE-20
ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir(). The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it.
CVE-2023-52917 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.9 INCORRECT COMPARISON CWE-697
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure HTTP:// scheme and perform transfers with hosts like x.example.com as well as example.com where the first host is a subdomain of the second host (the HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem). When x.example.com responds with x.example.com Strict-Transport-Security: headers, this bug can make the subdomain's expiry timeout bleed over and get set for the parent domain example.com in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to example.com get converted to HTTPS for a different period of time than what was asked for by the origin server. If example.com for instance stops supporting HTTPS at its expiry time, curl might then fail to access example.com until the (wrongly set) timeout expires. This bug can also expire the parent's entry earlier, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.
CVE-2024-9681 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L).
3.2.10 IMPROPER CONTROL OF RESOURCE IDENTIFIERS ('RESOURCE INJECTION') CWE-99
In the Linux kernel, the following vulnerability has been resolved: net: relax socket state check at accept time.
CVE-2024-36484 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.11 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete.
CVE-2024-36894 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.12 NULL POINTER DEREFERENCE CWE-476
ipv6: prevent NULL dereference in ip6_output() According to syzbot, there is a chance that ip6_dst_idev() returns NULL in ip6_output().
CVE-2024-36901 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.13 IMPROPER INPUT VALIDATION CWE-20
Denial of Service Vulnerability in the Linux Kernel: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported.
CVE-2024-36938 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.14 IMPROPER INPUT VALIDATION CWE-20
net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP. If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the kernel, the second time taprio_change() is called. First call (with valid attributes) sets dev->num_tc to a non zero value. Second call (with arbitrary mqprio attributes) returns early from taprio_parse_mqprio_opt() and bad things can happen.
CVE-2024-36974 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.15 IMPROPER INPUT VALIDATION CWE-20
net: sched: sch_multiq: possible OOB write in multiq_tune() q->bands will be assigned to qopt->bands to execute subsequent code logic after kmalloc. So the old q->bands should not be used in kmalloc. Otherwise, an out-of-bounds write will occur.
CVE-2024-36978 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L).
3.2.16 IMPROPER INPUT VALIDATION CWE-20
nilfs2: kernel vulnerability due to lack of writeback flag waiting. When the log writer starts a writeback for segment summary blocks or a super root block that use the backing devices page cache, it does not wait for the ongoing folio/page writeback, resulting in an inconsistent writeback state.
CVE-2024-37078 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.17 IMPROPER INPUT VALIDATION CWE-20
r8169: possible ring buffer corruption on fragmented Tx packets. Vulnerability on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently leading to calls to dma_unmap_single() with a null address. This was caused by rtl8169_start_xmit() not noticing changes to nr_frags which may occur when small packets are padded (to work around hardware quirks) in rtl8169_tso_csum_v2().
CVE-2024-38586 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.18 IMPROPER INPUT VALIDATION CWE-20
usb-storage: alauda: Check whether the media is initialized. The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba().
CVE-2024-38619 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.19 IMPROPER INPUT VALIDATION CWE-20
smb: client: Deadlock in smb2_find_smb_tcon().
CVE-2024-39468 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.20 EXCESSIVE PLATFORM RESOURCE CONSUMPTION WITHIN A LOOP CWE-1050
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page.
CVE-2024-39469 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.21 IMPROPER INPUT VALIDATION CWE-20
bcache: Variable length array abuse in btree_iter.
CVE-2024-39482 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.22 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770
mmc: davinci: Vulnerability from resource leaks. Using __exit for the remove function results in the remove callback being discarded with CONFIG_MMC_DAVINCI=y. When such a device gets unbound (e.g. using sysfs or hotplug), the driver is just removed without the cleanup being performed.
CVE-2024-39484 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.23 OUT-OF-BOUNDS READ CWE-125
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set().
CVE-2024-39487 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.24 USE AFTER FREE CWE-416
greybus: use-after-free vulnerability in gb_interface_release due to race condition.
CVE-2024-39495 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.25 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
vmci: speculation leaks by sanitizing event in event_deliver(). event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitization, leading to information leaks.
CVE-2024-39499 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.26 IMPROPER INPUT VALIDATION CWE-20
drivers: core: synchronize really_probe() and dev_uevent(). Synchronize the dev->driver usage in really_probe() and dev_uevent(). These can run in different threads, what can result in the following race condition for dev->driver uninitialization.
CVE-2024-39501 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.27 USE AFTER FREE CWE-416
ionic: use after netif_napi_del(). When queues are started, netif_napi_add() and napi_enable() are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and enabled. The ionic_qcq_enable() checks whether the .poll pointer is not NULL for enabling only the using queue' napi. Unused queues' napi will not be registered by netif_napi_add(), so the .poll pointer indicates NULL. But it couldn't distinguish whether the napi was unregistered or not because netif_napi_del() doesn't reset the .poll pointer to NULL. So, ionic_qcq_enable() calls napi_enable() for the queue, which was unregistered by netif_napi_del().
CVE-2024-39502 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.28 USE AFTER FREE CWE-416
netfilter: ipset: race between namespace cleanup and gc in the list:set type. The namespace cleanup can destroy the list:set type of sets while the gc of the set type is waiting to run in rcu cleanup. The latter uses data from the destroyed set which thus leads use after free.
CVE-2024-39503 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.29 IMPROPER INPUT VALIDATION CWE-20
drm/komeda: check for error-valued pointer. komeda_pipeline_get_state() may return an error-valued pointer, thus check the pointer for negative or null value before dereferencing.
CVE-2024-39505 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).
3.2.30 NULL POINTER DEREFERENCE CWE-476
liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet. In lio_vf_rep_copy_packet() pg_info->page is compared to a NULL value, but then it is unconditionally passed to skb_add_rx_frag(), which could lead to null pointer dereference.
CVE-2024-39506 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.31 IMPROPER INPUT VALIDATION CWE-20
HID: core: remove unnecessary WARN_ON() in implement(). There is a warning in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() already has a warn message printed out with the help of hid_warn() and value in question gets trimmed with: ... value &= m; ... WARN_ON may be considered superfluous.
CVE-2024-39509 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.32 OUT-OF-BOUNDS READ CWE-125
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory.
CVE-2024-40901 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.33 BUFFER COPY WITHOUT CHECKING SIZE OF INPUT ('CLASSIC BUFFER OVERFLOW') CWE-120
jfs: xattr: buffer overflow for invalid xattr. When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than the expected size, printing it out can cause an access off the end of the buffer.
CVE-2024-40902 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.34 IMPROPER INPUT VALIDATION CWE-20
USB: class: cdc-wdm: CPU lockup caused by excessive log messages.
CVE-2024-40904 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.35 IMPROPER INPUT VALIDATION CWE-20
ipv6: possible race in __fib6_drop_pcpu_from().
CVE-2024-40905 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.36 IMPROPER INPUT VALIDATION CWE-20
wifi: mac80211: deadlock in ieee80211_sta_ps_deliver_wakeup().
CVE-2024-40912 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.37 IMPROPER INPUT VALIDATION CWE-20
drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector.
CVE-2024-40916 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.38 IMPROPER INPUT VALIDATION CWE-20
wifi: iwlwifi: mvm: check n_ssids before accessing the ssids.In some versions of cfg80211, the ssids poinet might be a valid one even though n_ssids is 0. Accessing the pointer in this case will cuase an out-of-bound access.
CVE-2024-40929 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.39 IMPROPER INPUT VALIDATION CWE-20
mptcp: ensure snd_una is properly initialized on connect.
CVE-2024-40931 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.40 IMPROPER INPUT VALIDATION CWE-20
drm/exynos/vidi: memory leak in .get_modes().
CVE-2024-40932 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L).
3.2.41 IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404
HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() Fix a memory leak on logi_dj_recv_send_report() error path.
CVE-2024-40934 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).
3.2.42 OUT-OF-BOUNDS READ CWE-125
wifi: iwlwifi: mvm: don't read past the mfuart notifcation. In case the firmware sends a notification that claims it has more data than it has, it will read past that was allocated for the notification.
CVE-2024-40941 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.43 TRANSMISSION OF PRIVATE RESOURCES INTO A NEW SPHERE ('RESOURCE LEAK') CWE-402
wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned.
CVE-2024-40942 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.44 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362
ocfs2: fix races between hole punching and AIO+DIO.
CVE-2024-40943 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.45 RETURN OF WRONG STATUS CODE CWE-393
iommu: Return right value in iommu_sva_bind_device() iommu_sva_bind_device() should return either a sva bond handle or an ERR_PTR value in error cases. Existing drivers (idxd and uacce) only check the return value with IS_ERR(). This could potentially lead to a kernel NULL pointer dereference issue if the function returns NULL instead of an error pointer. In reality, this doesn't cause any problems because iommu_sva_bind_device() only returns NULL when the kernel is not configured with CONFIG_IOMMU_SVA.
CVE-2024-40945 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H).
3.2.46 IMPROPER INPUT VALIDATION CWE-20
ima: Avoid blocking in RCU read-side critical section, a panic happens in ima_match_policy.
CVE-2024-40947 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.47 USE AFTER FREE CWE-416
netns: Make get_net_ns() handle zero refcount net Syzkaller hit a warning: refcount_t: addition on 0; use-after-free.
CVE-2024-40958 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
3.2.48 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr().
CVE-2024-40959 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.49 NULL POINTER DEREFERENCE CWE-476
ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL.
CVE-2024-40960 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.50 NULL POINTER DEREFERENCE CWE-476
ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL.
CVE-2024-40961 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.51 IMPROPER INPUT VALIDATION CWE-20
mips: bmips: BCM6358: Some device have CBR address set to 0 causing kernel panic when arch_sync_dma_for_cpu_all is called.
CVE-2024-40963 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.52 IMPROPER INPUT VALIDATION CWE-20
MIPS:The standard PCIe configuration read-write interface is used to access the configuration space of the peripheral PCIe devices of the mips processor after the PCIe link surprise down, it can generate kernel panic caused by "Data bus error".
CVE-2024-40968 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.53 IMPROPER INPUT VALIDATION CWE-20
f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable.
CVE-2024-40971 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
3.2.54 IMPROPER INPUT VALIDATION CWE-20
powerpc/pseries: stack corruption at runtime when plpar_hcall9() stores results past the end of the array.
CVE-2024-40974 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).
3.2.55 IMPROPER INPUT VALIDATION CWE-20
drm/lima: There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is done by the timeout handler. This runs into race conditions not expected by the timeout handler. In some very specific cases it currently may result in a refcount imbalance on lima_pm_idle, with a stack dump.
CVE-2024-40976 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.56 IMPROPER INPUT VALIDATION CWE-20
scsi: qedi: crash while reading debugfs attribute. The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash.
CVE-2024-40978 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
3.2.57 IMPROPER INPUT VALIDATION CWE-20
drop_monitor: replace spin_lock by raw_spin_lock trace_drop_common() is called with preemption disabled, and it acquires a spin_lock. This is problematic for RT kernels because spin_locks are sleeping locks in this configuration, which causes the following splat.
CVE-2024-40980 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
3.2.58 IMPROPER INPUT VALIDATION CWE-20
batman-adv: empty buckets in batadv_purge_orig_ref() are pointing to soft lockups in batadv_purge_orig_ref().
CVE-2024-40981 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
3.2.59 IMPROPER INPUT VALIDATION CWE-20
tipc: possible crash before doing decryption.
CVE-2024-40983 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.60 NULL POINTER DEREFERENCE CWE-476
ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."
CVE-2024-40984 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.61 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: UBSAN warning in kv_dpm.c.
CVE-2024-40987 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
3.2.62 IMPROPER INPUT VALIDATION CWE-20
drm/radeon: UBSAN warning in kv_dpm.c.
CVE-2024-40988 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.63 IMPROPER INPUT VALIDATION CWE-20
ptp: integer overflow in max_vclocks_store.
CVE-2024-40990 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.64 IMPROPER INPUT VALIDATION CWE-20
net/sched: act_api: possible infinite loop in tcf_idr_check_alloc().
CVE-2024-40995 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.65 INTEGER OVERFLOW OR WRAPAROUND CWE-190
block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer.
CVE-2024-41000 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
3.2.66 IMPROPER INPUT VALIDATION CWE-20
tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock (get a reference) those event file reference in module init function, and unlock and delete it in module exit function. This is because those are designed for playing as modules. If we make those modules as built-in, those events are left locked in the kernel, and never be removed.
CVE-2024-41004 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).
3.2.67 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362
netpoll: race condition in netpoll_owner_active KCSAN detected a race condition in netpoll.
CVE-2024-41005 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.9 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
3.2.68 IMPROPER RESOURCE SHUTDOWN OR RELEASE CWE-404
netrom: a memory leak in nr_heartbeat_expiry().
CVE-2024-41006 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L).
3.2.69 IMPROPER CONTROL OF RESOURCE IDENTIFIERS ('RESOURCE INJECTION') CWE-99
tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT.
CVE-2024-41007 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
3.2.70 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770
bpf: Fix overrunning reservations in ringbuf.
CVE-2024-41009 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.71 USE AFTER FREE CWE-416
filelock: Remove locks reliably when fcntl/close race is detected When fcntl_setlk() races with close(), it removes the created lock with do_lock_file_wait().
CVE-2024-41012 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.72 IMPROPER INPUT VALIDATION CWE-20
ocfs2: add bounds checking to ocfs2_check_dir_entry(). This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region.
CVE-2024-41015 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.73 IMPROPER INPUT VALIDATION CWE-20
jfs: vulnerability involves the risk of accessing memory beyond the end of ealist, which can lead to undefined behavior or crashes.
CVE-2024-41017 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.74 IMPROPER INPUT VALIDATION CWE-20
filelock: race condition vulnerability between fcntl and close operations, which can lead to issues in the recovery compatibility path.
CVE-2024-41020 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.75 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: vulnerability involves a signedness problem in sdma_v4_0_process_trap_irq(), which can lead to incorrect handling of values and potential errors.
CVE-2024-41022 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.76 IMPROPER INPUT VALIDATION CWE-20
nilfs2: kernel bug on rename operation of broken directory.
CVE-2024-41034 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.77 IMPROPER INPUT VALIDATION CWE-20
USB: core: duplicate endpoint bug.
CVE-2024-41035 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.78 IMPROPER INPUT VALIDATION CWE-20
net/sched: UAF when resolving a clash.
CVE-2024-41040 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.79 IMPROPER INPUT VALIDATION CWE-20
udp: small race window.
CVE-2024-41041 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.80 IMPROPER INPUT VALIDATION CWE-20
ppp: claimed-as-LCP but actually malformed packets.
CVE-2024-41044 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.81 DOUBLE FREE CWE-415
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix double free in detach The number of the currently released descriptor is never incremented which results in the same skb being released multiple times.
CVE-2024-41046 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.82 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was added to the inode's list. However, before the tracepoint could fire, another task raced in and freed that lock. Fix this by moving the tracepoint inside the spinlock, which should ensure that this doesn't happen.
CVE-2024-41049 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.83 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: mm: prevent derefencing NULL ptr in pfn_section_valid() Commit 5ec8e8ea8b77 ("mm/sparsemem: fix race in accessing memory_section->usage") changed pfn_section_valid() to add a READ_ONCE() call around "ms->usage" to fix a race with section_deactivate() where ms->usage can be cleared. The READ_ONCE() call, by itself, is not enough to prevent NULL pointer dereference. We need to check its value before dereferencing it.
CVE-2024-41055 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.84 IMPROPER INPUT VALIDATION CWE-20
hfsplus: uninit-value in copy_name.
CVE-2024-41059 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
3.2.85 IMPROPER INPUT VALIDATION CWE-20
Bluetooth: hci_core: deadlock at destroy_workqueue().
CVE-2024-41063 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.86 IMPROPER INPUT VALIDATION CWE-20
powerpc/eeh: possible crash when edev->pdev changes.
CVE-2024-41064 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.87 IMPROPER INPUT VALIDATION CWE-20
powerpc/pseries: Reading the dispatch trace log from /sys/kernel/debug/powerpc/dtl/cpu-* results in a BUG().
CVE-2024-41065 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
3.2.88 IMPROPER INPUT VALIDATION CWE-20
s390/sclp: sclp_init() failure.
CVE-2024-41068 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.89 IMPROPER INPUT VALIDATION CWE-20
KVM: PPC: Book3S HV: UAF in kvm_spapr_tce_attach_iommu_group().
CVE-2024-41070 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.90 IMPROPER INPUT VALIDATION CWE-20
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise.
CVE-2024-41072 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.91 IMPROPER INPUT VALIDATION CWE-20
null_blk: validation error on block size.
CVE-2024-41077 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.92 IMPROPER INPUT VALIDATION CWE-20
btrfs: qgroup: quota root leak after quota disable failure.
CVE-2024-41078 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.93 IMPROPER INPUT VALIDATION CWE-20
ila: block BH in ila_output().
CVE-2024-41081 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.94 IMPROPER INPUT VALIDATION CWE-20
ata: libata-core: double free on error.
CVE-2024-41087 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.95 IMPROPER INPUT VALIDATION CWE-20
drm/nouveau/dispnv04: null pointer dereference in nv17_tv_get_hd_modes.
CVE-2024-41089 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.96 IMPROPER INPUT VALIDATION CWE-20
tap: add missing verification for short frame. Missing to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tap_get_user_xdp()-->skb_set_network_header() may assume the size is more than ETH_HLEN. Once transmitted, this could either cause out-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata.
CVE-2024-41090 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
3.2.97 IMPROPER INPUT VALIDATION CWE-20
tun: add missing verification for short frame. Missing to check against the validity of the frame length in the tun_xdp_one() path could cause a corrupted skb to be sent downstack. Even before the skb is transmitted, the tun_xdp_one-->eth_type_trans() may access the Ethernet header although it can be less than ETH_HLEN. Once transmitted, this could either causeout-of-bound access beyond the actual length, or confuse the underlayer with incorrect or inconsistent header length in the skb metadata.
CVE-2024-41091 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
3.2.98 IMPROPER INPUT VALIDATION CWE-20
drm/i915/gt: potential UAF by revoke of fence registers.
CVE-2024-41092 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.99 IMPROPER INPUT VALIDATION CWE-20
drm/nouveau/dispnv04: null pointer dereference in nv17_tv_get_ld_modes.
CVE-2024-41095 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.100 IMPROPER INPUT VALIDATION CWE-20
usb: atm: cxacru: incomplete endpoint checking in cxacru_bind().
CVE-2024-41097 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.101 IMPROPER INPUT VALIDATION CWE-20
net: can: j1939: unused data in j1939_send_one().
CVE-2024-42076 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.102 IMPROPER INPUT VALIDATION CWE-20
ocfs2: DIO failure due to insufficient transaction credits.
CVE-2024-42077 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.103 ALLOCATION OF RESOURCES WITHOUT LIMITS OR THROTTLING CWE-770
xdp: unused WARN() in __xdp_reg_mem_model().
CVE-2024-42082 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.104 IMPROPER INPUT VALIDATION CWE-20
ftruncate: passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB.
CVE-2024-42084 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.105 IMPROPER INPUT VALIDATION CWE-20
iio: chemical: bme680: overflows in compensate() functions.
CVE-2024-42086 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.106 IMPROPER INPUT VALIDATION CWE-20
drm/panel: ilitek-ili9881c: warning with GPIO controllers.
CVE-2024-42087 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.107 IMPROPER INPUT VALIDATION CWE-20
gpio: davinci: There can be out of chips->irqs array boundaries access in davinci_gpio_probe().
CVE-2024-42092 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.108 IMPROPER INPUT VALIDATION CWE-20
net/dpaa2: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.
CVE-2024-42093 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.109 IMPROPER INPUT VALIDATION CWE-20
net/iucv: explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack can cause potential stack overflow.
CVE-2024-42094 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.110 IMPROPER INPUT VALIDATION CWE-20
serial: 8250_omap: Erroneous timeout can be triggered, and it may lead to storm of interrupts.
CVE-2024-42095 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.111 IMPROPER INPUT VALIDATION CWE-20
drm/nouveau: null pointer dereference in nouveau_connector_get_modes.
CVE-2024-42101 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.112 IMPROPER INPUT VALIDATION CWE-20
nilfs2: use-after-free.
CVE-2024-42105 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.113 IMPROPER INPUT VALIDATION CWE-20
orangefs: out-of-bounds fsid access.
CVE-2024-42143 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.114 IMPROPER INPUT VALIDATION CWE-20
IB/core: an unbounded UMAD receive list, poses a risk of uncontrolled growth.
CVE-2024-42145 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.115 IMPROPER INPUT VALIDATION CWE-20
bnx2x: multiple UBSAN array-index-out-of-bounds.
CVE-2024-42148 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.116 IMPROPER INPUT VALIDATION CWE-20
nvmet: possible leak when destroy a ctrl during qp establishment.
CVE-2024-42152 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.117 IMPROPER INPUT VALIDATION CWE-20
i2c: pnx: potential deadlock warning from del_timer_sync() call in isr.
CVE-2024-42153 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.118 BUFFER ACCESS WITH INCORRECT LENGTH VALUE CWE-805
In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it for IPv6 but v6 is manually validated).
CVE-2024-42154 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.119 USE OF UNINITIALIZED VARIABLE CWE-457
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD.
CVE-2024-42161 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.120 IMPROPER INPUT VALIDATION CWE-20
media: dvb-frontends: tda10048: integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor.
CVE-2024-42223 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.121 IMPROPER INPUT VALIDATION CWE-20
net: dsa: mv88e6xxx: wrong check on empty list.
CVE-2024-42224 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.122 IMPROPER INPUT VALIDATION CWE-20
crypto: aead,cipher - key buffer after use not zeroized.
CVE-2024-42229 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N).
3.2.123 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362
libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that happens after cancel_delayed_work_sync() runs -- __close_session() doesn't mess with the delayed work in order to avoid interfering with the hunting interval logic. This part was missed in(libceph: behave in mon_fault() if cur_mon < ") and use-after-free can still ensue on monc and objects that hang off of it, with monc-> auth and monc->monmap being particularly susceptible to quickly being reused.
CVE-2024-42232 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.124 IMPROPER INPUT VALIDATION CWE-20
usb: gadget: configfs: OOB read/write in usb_string_copy().
CVE-2024-42236 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.125 IMPROPER CONTROL OF RESOURCE IDENTIFIERS ('RESOURCE INJECTION') CWE-99
USB: serial: mos7840: fix crash on resume Since("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure.
CVE-2024-42244 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.126 IMPROPER INPUT VALIDATION CWE-20
wireguard: allowedips: unaligned 64-bit memory accesses.
CVE-2024-42247 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.127 IMPROPER INPUT VALIDATION CWE-20
i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock. A deadlock may happen since the i3c_master_register() acquires i3cbus->lock twice.
CVE-2024-43098 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.128 IMPROPER INPUT VALIDATION CWE-20
net: usb: qmi_wwan: memory leak for not ip packets.
CVE-2024-43861 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
3.2.129 IMPROPER INPUT VALIDATION CWE-20
drm/nouveau: prime: refcount underflow.
CVE-2024-43867 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.130 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu().
CVE-2024-43871 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.131 IMPROPER INPUT VALIDATION CWE-20
wifi: cfg80211: Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to warning.
CVE-2024-43879 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.132 IMPROPER INPUT VALIDATION CWE-20
mlxsw: spectrum_acl_erp: object nesting warning.
CVE-2024-43880 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.133 IMPROPER INPUT VALIDATION CWE-20
exec: the execution may gain unintended privileges.
CVE-2024-43882 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.134 IMPROPER INPUT VALIDATION CWE-20
usb: vhci-hcd: vulnerability due to the vhci-hcd driver dropping references before new ones were gained, potentially leading to the use of stale pointers.
CVE-2024-43883 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.135 IMPROPER INPUT VALIDATION CWE-20
padata: vulnerability due to a possible divide-by-zero error in padata_mt_helper() during bootup, caused by an uninitialized chunk_size being zero.
CVE-2024-43889 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.136 IMPROPER INPUT VALIDATION CWE-20
tracing: vulnerability due to an overflow in get_free_elt(), which could lead to infinite loops and CPU hangs when the tracing map becomes full.
CVE-2024-43890 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.137 IMPROPER INPUT VALIDATION CWE-20
serial: core: vulnerability due to a missing check for uartclk being zero, leading to a potential divide-by-zero error when calling ioctl TIOCSSERIAL with an invalid baud_base.
CVE-2024-43893 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.138 IMPROPER INPUT VALIDATION CWE-20
drm/client: vulnerability due to a potential null pointer dereference in drm_client_modeset_probe() when drm_mode_duplicate() fails, which was fixed by adding a check.
CVE-2024-43894 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.139 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu/pm: null pointer dereference in apply_state_adjust_rules.
CVE-2024-43907 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.140 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: null pointer dereference in ras_manager.
CVE-2024-43908 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.141 IMPROPER INPUT VALIDATION CWE-20
md/raid5: BUG_ON() while continue reshape after reassembling.
CVE-2024-43914 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.142 NULL POINTER DEREFERENCE CWE-476
sctp: Fix null-ptr-deref in reuseport_add_sock(). A Null Pointer Dereference in reuseport_add_sock() while accessing sk2->sk_reuseport_cb . The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock().
CVE-2024-44935 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.143 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace.
CVE-2024-44944 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.144 IMPROPER INPUT VALIDATION CWE-20
parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted.
CVE-2024-44949 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.145 IMPROPER LOCKING CWE-667
driver core: vulnerability due to a potential deadlock due to improper handling of device attributes and driver detachment, which has been fixed by using synchronize_rcu() to prevent race conditions.
CVE-2024-44952 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.146 IMPROPER INPUT VALIDATION CWE-20
ALSA: line6: vulnerability involved racy access to the midibuf in the ALSA line6 driver, which has been fixed by using a spinlock to prevent concurrent access issues.
CVE-2024-44954 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.147 IMPROPER INPUT VALIDATION CWE-20
usb: gadget: core: Check for unset descriptor. It needs to be reassured that the descriptor has been set before looking at maxpacket. This fixes a null pointer panic in this case. This may happen if the gadget doesn't properly set up the endpoint for the current speed, or the gadget descriptors are malformed and the descriptor for the speed/endpoint are not found. No current gadget driver is known to have this problem, but this may cause a hard-to-find bug during development of new gadgets.
CVE-2024-44960 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.148 IMPROPER HANDLING OF VALUES CWE-229
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix pti_clone_pgtable() alignment assumption Guenter reported dodgy crashes on an i386-nosmp build using GCC-11 that had the form of endless traps until entry stack exhaust and then #DF from the stack guard. It turned out that pti_clone_pgtable() had alignment assumptions on the start address, notably it hard assumes start is PMD aligned. This is true on x86_64, but very much not true on i386. These assumptions can cause the end condition to malfunction, leading to a 'short' clone. Guess what happens when the user mapping has a short copy of the entry text? Use the correct increment form for addr to avoid alignment assumptions.
CVE-2024-44965 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.149 IMPROPER INPUT VALIDATION CWE-20
s390/sclp: vulnerability could lead to data corruption if a Store Data operation is interrupted and the halt attempt fails, which was resolved by preventing the release of data buffers in such cases.
CVE-2024-44969 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.150 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401
net: dsa: bcm_sf2: vulnerability caused a memory leak by not decrementing the reference count after finding and removing PHY devices, which has been fixed by adding a call to phy_device_free() to balance the reference count.
CVE-2024-44971 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.151 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb().
CVE-2024-44987 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.152 IMPROPER INPUT VALIDATION CWE-20
net: dsa: mv88e6xxx: vulnerability caused an out-of-bound access in the mv88e6xxx driver due to an ATU violation causing the SPID to exceed DSA_MAX_PORTS, which was resolved by ensuring the SPID stays within the valid range.
CVE-2024-44988 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.153 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference.
CVE-2024-44989 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.154 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
CVE-2024-44990 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.155 IMPROPER INPUT VALIDATION CWE-20
net: hns3: a deadlock problem when config TC during resetting.
CVE-2024-44995 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.156 IMPROPER INPUT VALIDATION CWE-20
atm: idt77252: use after free in dequeue_rx().
CVE-2024-44998 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.157 IMPROPER INPUT VALIDATION CWE-20
gtp: missing network headers in gtp_dev_xmit().
CVE-2024-44999 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.158 IMPROPER INPUT VALIDATION CWE-20
vfs: Some filesystems(eg. ext4 with ea_inode feature, ubifs with xattr) may do inode lookup in the inode evicting callback function, if the inode lookup is operated under the inode lru traversing context, deadlock problems may happen.
CVE-2024-45003 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.159 IMPROPER INPUT VALIDATION CWE-20
xhci: Panther point NULL pointer deref at full-speed re-enumeration.
CVE-2024-45006 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.160 IMPROPER INPUT VALIDATION CWE-20
Input: missing limit on max slots results in too large allocation at input_mt_init_slots().
CVE-2024-45008 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.161 IMPROPER INPUT VALIDATION CWE-20
memcg_write_event_control(): a user-triggerable oops.
CVE-2024-45021 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.162 IMPROPER INPUT VALIDATION CWE-20
bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps.
CVE-2024-45025 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.163 DOUBLE FREE CWE-415
scsi: aacraid: Fix double-free on probe failure. aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aac_init_adapter() fails after allocating memory for aac_dev::queues, it frees the memory but does not clear that member. After the hardware-specific init function returns an error, aac_probe_one() goes down an error path that frees the memory pointed to by aac_dev::queues, resulting in a double-free.
CVE-2024-46673 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.164 USE AFTER FREE CWE-416
usb: dwc3: st: fix probed platform device ref count on probe error path. The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count from the platform device being probed. If error path is triggered, this will lead to unbalanced device reference counts and premature release of device resources, thus possible use-after-free when releasing remaining devm-managed resources.
CVE-2024-46674 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.165 IMPROPER INPUT VALIDATION CWE-20
usb: dwc3: core: A vulnerability where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and other memory issues in Exynos platforms.
CVE-2024-46675 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.166 IMPROPER INPUT VALIDATION CWE-20
nfc: pn533: Add poll mod list filling check. In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod list will remain empty and dev->poll_mod_count will remain 0 which lead to division by zero.
CVE-2024-46676 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.167 NULL POINTER DEREFERENCE CWE-476
gtp: fix NULL pointer dereference. When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case.
CVE-2024-46677 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.168 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings.
CVE-2024-46679 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.169 NULL POINTER DEREFERENCE CWE-476
pinctrl: single: fix NULL dereference in pcs_get_function(). pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL.
CVE-2024-46685 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.170 IMPROPER INPUT VALIDATION CWE-20
soc: qcom: cmd-db: Map shared memory as WC, not WB Linux does not write into cmd-db region. This region of memory is write protected by XPU. XPU may sometime falsely detect clean cache eviction as "write" into the write protected region leading to secure interrupt which causes an endless loop somewhere in Trust Zone.
CVE-2024-46689 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.171 IMPROPER INPUT VALIDATION CWE-20
thunderbolt: Mark XDomain as unplugged when router is removed.
CVE-2024-46702 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.172 IMPROPER INPUT VALIDATION CWE-20
KVM: arm64: Make ICC_SGIEL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICCSGI_EL1 registers is trapped to EL2.
CVE-2024-46707 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.173 IMPROPER INPUT VALIDATION CWE-20
perf/aux: AUX buffer serialization.
CVE-2024-46713 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.174 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: Skip wbscl_set_scaler_filter if filter is null Callers can pass null in filter (i.e. from returned from the function wbscl_get_filter_coeffs_16p) and a null check is added to ensure that is not the case.
CVE-2024-46714 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.175 IMPROPER INPUT VALIDATION CWE-20
usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
CVE-2024-46719 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.176 IMPROPER INPUT VALIDATION CWE-20
apparmor: fix possible NULL pointer dereference. profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet.
CVE-2024-46721 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.177 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: vulnerability due to an out-of-bounds read warning when accessing mc_data[i-1].
CVE-2024-46722 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.178 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: vulnerability due to an out-of-bounds read warning when accessing ucode[].
CVE-2024-46723 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.179 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: vulnerability in drm/amdgpu that involved an out-of-bounds read of df_v1_7_channel_number.
CVE-2024-46724 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.180 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: vulnerability caused by an out-of-bounds write warning due to an unchecked ring type value.
CVE-2024-46725 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.181 IMPROPER INPUT VALIDATION CWE-20
drm/amd/pm: vulnerability caused by an out-of-bounds read warning where the index i - 1U can exceed the bounds of the mc_data[] array when i is zero.
CVE-2024-46731 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.182 IMPROPER INPUT VALIDATION CWE-20
nvmet-tcp: kernel crash if commands allocation fails.
CVE-2024-46737 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.183 IMPROPER INPUT VALIDATION CWE-20
VMCI: use-after-free when removing resource in vmci_resource_remove().
CVE-2024-46738 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.184 IMPROPER INPUT VALIDATION CWE-20
uio_hv_generic: kernel NULL pointer dereference in hv_uio_rescind.
CVE-2024-46739 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.185 IMPROPER INPUT VALIDATION CWE-20
binder: UAF caused by offsets overwrite.
CVE-2024-46740 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.186 OUT-OF-BOUNDS READ CWE-125
In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk.
CVE-2024-46743 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.187 USE OF UNINITIALIZED RESOURCE CWE-908
In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size.
CVE-2024-46744 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.188 UNCONTROLLED RESOURCE CONSUMPTION CWE-400
In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failure in input_mt_init_slots(). While this allocation failure is handled properly and request is rejected, it results in syzkaller reports. Additionally, such request may put undue burden on the system which will try to free a lot of memory for a bogus request. Fix it by limiting allowed number of slots to 100. This can easily be extended if we see devices that can track more than 100 contacts.
CVE-2024-46745 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.189 IMPROPER INPUT VALIDATION CWE-20
HID: cougar: slab-out-of-bounds Read in cougar_report_fixup. Report_fixup for the Cougar 500k Gaming Keyboard was not verifying that the report descriptor size was correct before accessing it.
CVE-2024-46747 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.190 IMPROPER RESOURCE LOCKING CWE-413
In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock().
CVE-2024-46750 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.191 IMPROPER INPUT VALIDATION CWE-20
wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id(). mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to NULL pointer dereferences further down the callstack.
CVE-2024-46755 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.192 IMPROPER INPUT VALIDATION CWE-20
hwmon: (w83627ehf) underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.
CVE-2024-46756 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.193 IMPROPER INPUT VALIDATION CWE-20
hwmon: (nct6775-core) underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.
CVE-2024-46757 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.194 IMPROPER INPUT VALIDATION CWE-20
hwmon: (lm95234) underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.
CVE-2024-46758 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.195 BUFFER UNDERWRITE ('BUFFER UNDERFLOW') CWE-124
In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations.
CVE-2024-46759 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.196 IMPROPER INPUT VALIDATION CWE-20
pci/hotplug/pnv_php: hotplug driver crash on Powernv.
CVE-2024-46761 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.197 IMPROPER INPUT VALIDATION CWE-20
fou: null-ptr-deref in GRO.
CVE-2024-46763 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.198 IMPROPER INPUT VALIDATION CWE-20
can: bcm: Remove proc entry when dev is unregistered.
CVE-2024-46771 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.199 IMPROPER INPUT VALIDATION CWE-20
udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap.
CVE-2024-46777 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.200 IMPROPER INPUT VALIDATION CWE-20
nilfs2: vulnerability caused by the need for mutual exclusion using nilfs->ns_sem when accessing superblock buffers in sysfs attribute show methods to prevent issues with pointer dereferencing and memory access.
CVE-2024-46780 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.201 IMPROPER INPUT VALIDATION CWE-20
nilfs2: vulnerability involves a use-after-free bug during mount-time recovery, where inodes with recovered data are not freed if an error occurs before the log writer starts, leading to potential memory issues.
CVE-2024-46781 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.202 IMPROPER INPUT VALIDATION CWE-20
ila: call nf_unregister_net_hooks() use-after-free Read in ila_nf_input.
CVE-2024-46782 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.203 IMPROPER HANDLING OF VALUES CWE-229
In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg().
CVE-2024-46783 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.204 IMPROPER LOCKING CWE-667
can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be processed while waking the device.
CVE-2024-46791 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.205 IMPROPER INPUT VALIDATION CWE-20
ASoC: dapm: vulnerability is an use-after-free bug where snd_pcm_suspend_all() accessed a freed snd_soc_pcm_runtime object during system suspension, detected with KASAN configurations.
CVE-2024-46798 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.206 IMPROPER INPUT VALIDATION CWE-20
sch/netem: use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN.
CVE-2024-46800 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.207 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: Add array index check for hdcp ddc access.
CVE-2024-46804 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.208 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: Check msg_id before processing transcation.
CVE-2024-46814 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.209 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[].
CVE-2024-46815 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.210 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6.
CVE-2024-46817 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.211 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: Check gpio_id before used as array index.
CVE-2024-46818 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.212 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data.
CVE-2024-46819 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.213 IMPROPER INPUT VALIDATION CWE-20
arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry.
CVE-2024-46822 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.214 IMPROPER INPUT VALIDATION CWE-20
sched: sch_cake: fix bulk flow accounting logic for host fairness In sch_cake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when iterating through flows.
CVE-2024-46828 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.215 IMPROPER INPUT VALIDATION CWE-20
rtmutex: Drop rt_mutex::wait_lock before scheduling. rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduling in atomic' warning. Unlock rt_mutex::wait_lock in the dead lock case before issuing the warning and dropping into the schedule for ever loop.
CVE-2024-46829 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.216 IMPROPER INPUT VALIDATION CWE-20
MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices".
CVE-2024-46832 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.217 IMPROPER INPUT VALIDATION CWE-20
btrfs: clean up our handling of refs == 0 in snapshot delete. In reada we BUG_ON(refs == 0), which may be problematic because there is no lock on the extent leave, potentially leading to a transient incorrect answer. In walk_down_proc, BUG_ON(refs == 0) is also used, which could occur due to extent tree corruption. This has been changed to return -EUCLEAN. In do_walk_down() this case is caught and handled correctly, however -EIO is returned, whereas -EUCLEAN would a more appropriate error code. Finally in walk_up_proc, BUG_ON(refs == 0) is also used, it has also been converted to proper error handling.
CVE-2024-46840 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.218 IMPROPER INPUT VALIDATION CWE-20
um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line().
CVE-2024-46844 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.219 IMPROPER INPUT VALIDATION CWE-20
dma-debug: possible deadlock on radix_lock. radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock().
CVE-2024-47143 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.220 IMPROPER INPUT VALIDATION CWE-20
smack: tcp: vulnerability in Smack's TCP/IPv4 labeling allows packets to be incorrectly labeled, enabling unauthorized data writing from one label to another.
CVE-2024-47659 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.221 IMPROPER RESOURCE LOCKING CWE-413
In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant contention on the lock when we remove the watch from the directory as the __fsnotify_update_child_dentry_flags() call from fsnotify_recalc_mask() races with __fsnotify_update_child_dentry_flags() calls from __fsnotify_parent() happening on children. This can lead upto softlockup reports reported by users. Fix the problem by calling fsnotify_update_children_dentry_flags() to set PARENT_WATCHED flags only when parent starts watching children. When parent stops watching children, clear false positive PARENT_WATCHED flags lazily in __fsnotify_parent() for each accessed child.
CVE-2024-47660 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.222 IMPROPER INPUT VALIDATION CWE-20
staging: iio: frequency: ad9834: In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() is called from ad9834_write(), where fout is taken from text buffer, which can contain any value.
CVE-2024-47663 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.223 IMPROPER INPUT VALIDATION CWE-20
PCI: keystone: Missing workaround for Errata #i2037 (AM65x SR 1.0).
CVE-2024-47667 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.224 IMPROPER INPUT VALIDATION CWE-20
lib/generic-radix-tree.c: race in __genradix_ptr_alloc().
CVE-2024-47668 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.225 IMPROPER INPUT VALIDATION CWE-20
nilfs2: state management vulnerability in error path of log writing function.
CVE-2024-47669 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.226 IMPROPER INPUT VALIDATION CWE-20
vfs: race between evice_inodes() and find_inode()&iput().
CVE-2024-47679 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.227 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:tcp: check skb is non-NULL in tcp_rto_delta_us()We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also saw it getting hit from the RACK case as well. Here are examples of the oops messages we saw in each of those cases:Jul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020 Jul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode Jul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page Jul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0 Jul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI Jul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu Jul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023 Jul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 <48> 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3 Jul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246 Jul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000 Jul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60 Jul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8 Jul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900 Jul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30 Jul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000 Jul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 Jul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0 Jul 26 15:05:02 rx [11061395.913822] PKRU: 55555554 Jul 26 15:05:02 rx [11061395.916786] Call Trace: Jul 26 15:05:02 rx [11061395.919488] Jul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f Jul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9 Jul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380 Jul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0 Jul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50 Jul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0 Jul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20 Jul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450 Jul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140 Jul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90 Jul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0 Jul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40 Jul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160 Jul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220 Jul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240 Jul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0 Jul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240 Jul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130 Jul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280 Jul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10 Jul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30 Jul 26 15:05:02 rx [11061396.017718] ? lapic_next_even ---truncated---
CVE-2024-47684 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.228 USE OF UNINITIALIZED RESOURCE CWE-908
In the Linux kernel, the following vulnerability has been resolved:netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garbage on the four reserved tcp bits (th->res1)Use skb_put_zero() to clear the whole TCP header, as done in nf_reject_ip_tcphdr_put()BUG: KMSAN: uninit-value in nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_reject_ip6_tcphdr_put+0x688/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:255 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5661 [inline] __netif_receive_skb+0x1da/0xa00 net/core/dev.c:5775 process_backlog+0x4ad/0xa50 net/core/dev.c:6108 __napi_poll+0xe7/0x980 net/core/dev.c:6772 napi_poll net/core/dev.c:6841 [inline] net_rx_action+0xa5a/0x19b0 net/core/dev.c:6963 handle_softirqs+0x1ce/0x800 kernel/softirq.c:554 __do_softirq+0x14/0x1a kernel/softirq.c:588 do_softirq+0x9a/0x100 kernel/softirq.c:455 __local_bh_enable_ip+0x9f/0xb0 kernel/softirq.c:382 local_bh_enable include/linux/bottom_half.h:33 [inline] rcu_read_unlock_bh include/linux/rcupdate.h:908 [inline] __dev_queue_xmit+0x2692/0x5610 net/core/dev.c:4450 dev_queue_xmit include/linux/netdevice.h:3105 [inline] neigh_resolve_output+0x9ca/0xae0 net/core/neighbour.c:1565 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x2347/0x2ba0 net/ipv6/ip6_output.c:141 __ip6_finish_output net/ipv6/ip6_output.c:215 [inline] ip6_finish_output+0xbb8/0x14b0 net/ipv6/ip6_output.c:226 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x356/0x620 net/ipv6/ip6_output.c:247 dst_output include/net/dst.h:450 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_xmit+0x1ba6/0x25d0 net/ipv6/ip6_output.c:366 inet6_csk_xmit+0x442/0x530 net/ipv6/inet6_connection_sock.c:135 __tcp_transmit_skb+0x3b07/0x4880 net/ipv4/tcp_output.c:1466 tcp_transmit_skb net/ipv4/tcp_output.c:1484 [inline] tcp_connect+0x35b6/0x7130 net/ipv4/tcp_output.c:4143 tcp_v6_connect+0x1bcc/0x1e40 net/ipv6/tcp_ipv6.c:333 __inet_stream_connect+0x2ef/0x1730 net/ipv4/af_inet.c:679 inet_stream_connect+0x6a/0xd0 net/ipv4/af_inet.c:750 __sys_connect_file net/socket.c:2061 [inline] __sys_connect+0x606/0x690 net/socket.c:2078 __do_sys_connect net/socket.c:2088 [inline] __se_sys_connect net/socket.c:2085 [inline] __x64_sys_connect+0x91/0xe0 net/socket.c:2085 x64_sys_call+0x27a5/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:43 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x77/0x7fUninit was stored to memory at: nf_reject_ip6_tcphdr_put+0x60c/0x6c0 net/ipv6/netfilter/nf_reject_ipv6.c:249 nf_send_reset6+0xd84/0x15b0 net/ipv6/netfilter/nf_reject_ipv6.c:344 nft_reject_inet_eval+0x3c1/0x880 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline] nft_do_chain+0x438/0x22a0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x41a/0x4f0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xf4/0x400 net/netfilter/core.c:626 nf_hook include/linux/netfilter.h:269 [inline] NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0x29b/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core ---truncated---
CVE-2024-47685 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H).
3.2.229 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered.[ T1205] ================================================================== [ T1205] BUG: KASAN: null-ptr-deref in nfs4_client_to_reclaim+0xe9/0x260 [ T1205] Read of size 1 at addr 0000000000000010 by task nfsdcld/1205 [ T1205] [ T1205] CPU: 11 PID: 1205 Comm: nfsdcld Not tainted 5.10.0-00003-g2c1423731b8d #406 [ T1205] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ?-20190727_073836-buildvm-ppc64le-16.ppc.fedoraproject.org-3.fc31 04/01/2014 [ T1205] Call Trace: [ T1205]dump_stack+0x9a/0xd0 [ T1205]? nfs4_client_to_reclaim+0xe9/0x260 [ T1205]__kasan_report.cold+0x34/0x84 [ T1205]? nfs4_client_to_reclaim+0xe9/0x260 [ T1205]kasan_report+0x3a/0x50 [ T1205]nfs4_client_to_reclaim+0xe9/0x260 [ T1205]? nfsd4_release_lockowner+0x410/0x410 [ T1205]cld_pipe_downcall+0x5ca/0x760 [ T1205]? nfsd4_cld_tracking_exit+0x1d0/0x1d0 [ T1205]? down_write_killable_nested+0x170/0x170 [ T1205]? avc_policy_seqno+0x28/0x40 [ T1205]? selinux_file_permission+0x1b4/0x1e0 [ T1205]rpc_pipe_write+0x84/0xb0 [ T1205]vfs_write+0x143/0x520 [ T1205]ksys_write+0xc9/0x170 [ T1205]? __ia32_sys_read+0x50/0x50 [ T1205]? ktime_get_coarse_real_ts64+0xfe/0x110 [ T1205]? ktime_get_coarse_real_ts64+0xa2/0x110 [ T1205]do_syscall_64+0x33/0x40 [ T1205]entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ T1205] RIP: 0033:0x7fdbdb761bc7 [ T1205] Code: 0f 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 514 [ T1205] RSP: 002b:00007fff8c4b7248 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ T1205] RAX: ffffffffffffffda RBX: 000000000000042b RCX: 00007fdbdb761bc7 [ T1205] RDX: 000000000000042b RSI: 00007fff8c4b75f0 RDI: 0000000000000008 [ T1205] RBP: 00007fdbdb761bb0 R08: 0000000000000000 R09: 0000000000000001 [ T1205] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000042b [ T1205] R13: 0000000000000008 R14: 00007fff8c4b75f0 R15: 0000000000000000 [ T1205] ==================================================================
CVE-2024-47692 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.230 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn't have the flag WQ_MEM_RECLAIM, verify that the current process is not reclaiming memory or running on a workqueue which doesn't have the flag WQ_MEM_RECLAIM as that can break forward-progress guarantee leading to a deadlock.
CVE-2024-47696 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.231 OUT-OF-BOUNDS WRITE CWE-787
In the Linux kernel, the following vulnerability has been resolved:drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write errorEnsure index in rtl2830_pid_filter does not exceed 31 to prevent out-of-bounds access.dev->filters is a 32-bit value, so set_bit and clear_bit functions should only operate on indices from 0 to 31. If index is 32, it will attempt to access a non-existent 33rd bit, leading to out-of-bounds access. Change the boundary check from index > 32 to index >= 32 to resolve this issue.
CVE-2024-47697 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.232 IMPROPER INPUT VALIDATION CWE-20
drivers: media: dvb-frontends/rtl2832: An out-of-bounds access occurs if rtl2832_pid_filter exceed 31, which was not verified.
CVE-2024-47698 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.233 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()Patch series "nilfs2: fix potential issues with empty b-tree nodes".This series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot. This patch (of 3):If a b-tree is broken on the device, and the b-tree height is greater than 2 (the level of the root node is greater than 1) even if the number of child nodes of the b-tree root is 0, a NULL pointer dereference occurs in nilfs_btree_prepare_insert(), which is called from nilfs_btree_insert().This is because, when the number of child nodes of the b-tree root is 0, nilfs_btree_do_lookup() does not set the block buffer head in any of path[x].bp_bh, leaving it as the initial value of NULL, but if the level of the b-tree root node is greater than 1, nilfs_btree_get_nonroot_node(), which accesses the buffer memory of path[x].bp_bh, is called.Fix this issue by adding a check to nilfs_btree_root_broken(), which performs sanity checks when reading the root node from the device, to detect this inconsistency.Thanks to Lizhi Xu for trying to solve the bug and clarifying the cause early on.
CVE-2024-47699 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.234 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid OOB when system.data xattr changes underneath the filesystem.
CVE-2024-47701 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.235 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:block: fix potential invalid pointer dereference in blk_add_partitionThe blk_add_partition() function initially used a single if-condition (IS_ERR(part)) to check for errors when adding a partition. This was modified to handle the specific case of -ENXIO separately, allowing the function to proceed without logging the error in this case. However, this change unintentionally left a path where md_autodetect_dev() could be called without confirming that part is a valid pointer.This commit separates the error handling logic by splitting the initial if-condition, improving code readability and handling specific error scenarios explicitly. The function now distinguishes the general error case from -ENXIO without altering the existing behavior of md_autodetect_dev() calls.
CVE-2024-47705 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.236 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved:block, bfq: fix possible UAF for bfqq->bic with merge chainIn this case, IO from Process 1 will get bfqq2 from BIC1 first, and then get bfqq3 through merge chain, and finially handle IO by bfqq3. Howerver, current code will think bfqq2 is owned by BIC1, like initial state, and set bfqq2->bic to BIC1.Allocated by task 20776:kasan_save_stack+0x20/0x40 mm/kasan/common.c:45kasan_set_track+0x25/0x30 mm/kasan/common.c:52__kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328kasan_slab_alloc include/linux/kasan.h:188 [inline]slab_post_alloc_hook mm/slab.h:763 [inline]slab_alloc_node mm/slub.c:3458 [inline]kmem_cache_alloc_node+0x1a4/0x6f0 mm/slub.c:3503ioc_create_icq block/blk-ioc.c:370 [inline] ---truncated---
CVE-2024-47706 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.237 EXPIRED POINTER DEREFERENCE CWE-825
can: bcm: A warning is triggered when connect() is issued again for a socket whose connect()ed device has been unregistered. However, if the socket is just close()d without the 2nd connect(), the remaining bo->bcm_proc_read triggers unnecessary remove_proc_entry() in bcm_release().
CVE-2024-47709 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.238 UNCONTROLLED RESOURCE CONSUMPTION CWE-400
sock_map: vulnerability result of adding a cond_resched() in sock_hash_free() to prevent CPU soft lockups when destroying maps with a large number of buckets.
CVE-2024-47710 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.239 NULL POINTER DEREFERENCE CWE-476
wifi: wilc1000: vulnerability caused by a potential RCU dereference issue in wilc_parse_join_bss_param by storing the TSF value in a local variable before releasing the RCU lock to prevent use-after-free errors.
CVE-2024-47712 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.240 IMPROPER CONTROL OF A RESOURCE THROUGH ITS LIFETIME CWE-664
wifi: mac80211: vulnerability caused by implementing a two-phase skb reclamation in ieee80211_do_stop() to avoid warnings and potential issues caused by calling __dev_queue_xmit() with interrupts disabled.
CVE-2024-47713 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.241 USE AFTER FREE CWE-416
wifi: rtw88: vulnerability may lead to a use-after-free (UAF) error if firmware loading is not properly synchronized during USB initialization and disconnection.
CVE-2024-47718 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.242 OUT-OF-BOUNDS READ CWE-125
In the Linux kernel, the following vulnerability has been resolved:jfs: fix out-of-bounds in dbNextAG() and diAlloc()In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount().And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented.Additionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds.
CVE-2024-47723 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.243 IMPROPER LOCKING CWE-667
RDMA/hns: missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold.
CVE-2024-47735 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.244 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL.
CVE-2024-47737 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.245 INTEGER OVERFLOW OR WRAPAROUND CWE-190
padata: missing integer wrap around can cause deadlock on seq_nr overflow.
CVE-2024-47739 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.246 IMPROPER INPUT VALIDATION CWE-20
Inf2fs: Require FMODE_WRITE for atomic write ioctls. The F2FS ioctls for starting and committing atomic writes check for inode_owner_or_capable(), but this does not give LSMs like SELinux or Landlock an opportunity to deny the write access - if the caller's FSUID matches the inode's UID, inode_owner_or_capable() immediately returns true.
CVE-2024-47740 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.247 IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22
firmware_loader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple codepaths in the kernel where firmware file names contain string components that are passed through from a device or semi-privileged userspace.
CVE-2024-47742 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.248 USE AFTER FREE CWE-416
net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition. In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once the timer is started, there is a risk of a race condition if the module or device is removed, triggering the ether3_remove function to perform cleanup.
CVE-2024-47747 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.249 USE AFTER FREE CWE-416
vhost_vdpa: assign irq bypass producer token correctly.
CVE-2024-47748 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
3.2.250 NULL POINTER DEREFERENCE CWE-476
RDMA/cxgb4: Added NULL check for lookup_atid. The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the act_establish() and act_open_rpl() functions.
CVE-2024-47749 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.251 NULL POINTER DEREFERENCE CWE-476
PCI: keystone: Fix if-statement expression in ks_pcie_quirk(). This code accidentally uses && where || was intended. It potentially results in a NULL dereference.
CVE-2024-47756 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.252 OUT-OF-BOUNDS READ CWE-125
nilfs2: potential oob read in nilfs_btree_check_delete(). The function nilfs_btree_check_delete(), which checks whether degeneration to direct mapping occurs before deleting a b-tree entry, causes memory access outside the block buffer when retrieving the maximum key if the root node has no entries.
CVE-2024-47757 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.253 NULL POINTER DEREFERENCE CWE-476
bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again.
CVE-2024-48881 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.254 INCOMPLETE CLEANUP CWE-459
tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further commands performed.
CVE-2024-49851 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.255 IMPROPER INPUT VALIDATION CWE-20
efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption The TPM event log table is a Linux specific construct, where the data produced by the GetEventLog() boot service is cached in memory, and passed on to the OS using an EFI configuration table. The use of EFI_LOADER_DATA here results in the region being left unreserved in the E820 memory map constructed by the EFI stub, and this is the memory description that is passed on to the incoming kernel by kexec, which is therefore unaware that the region should be reserved. Even though the utility of the TPM2 event log after a kexec is questionable, any corruption might send the parsing code off into the weeds and crash the kernel.
CVE-2024-49858 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.256 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843
CPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.
CVE-2024-49860 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.257 IMPROPER INPUT VALIDATION CWE-20
vhost/scsi: null-ptr-dereference in vhost_scsi_get_req().
CVE-2024-49863 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.258 IMPROPER INPUT VALIDATION CWE-20
btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree().
CVE-2024-49867 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.259 IMPROPER INPUT VALIDATION CWE-20
btrfs: a NULL pointer dereference when failed to start a new trasacntion.
CVE-2024-49868 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.260 IMPROPER INPUT VALIDATION CWE-20
nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs.
CVE-2024-49875 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.261 IMPROPER INPUT VALIDATION CWE-20
ocfs2: When doing cleanup, if flags do not have OCFS2_BH_READAHEAD set, it may trigger NULL pointer dereference in the following ocfs2_set_buffer_uptodate() if bh is NULL.
CVE-2024-49877 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.262 IMPROPER INPUT VALIDATION CWE-20
resource: Because drivers/dax/kmem.c calls add_memory_driver_managed() during onlining CXL memory, which makes "System RAM (kmem)" a descendant of "CXL Window X". This confuses region_intersects(), which expects all "System RAM" resources to be at the top level of iomem_resource.
CVE-2024-49878 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.263 IMPROPER INPUT VALIDATION CWE-20
drm: omapdrm: alloc_ordered_workqueue may return NULL pointer and cause NULL pointer dereference.
CVE-2024-49879 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.264 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: ext4: update orig_path in ext4_find_extent().
CVE-2024-49881 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.265 IMPROPER INPUT VALIDATION CWE-20
ext4: In ext4_ext_try_to_merge_up(), path[1].p_bh should be set to NULL after it has been released, otherwise it may be released twice.
CVE-2024-49882 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.266 IMPROPER INPUT VALIDATION CWE-20
ext4: In ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), the stale path will be used and cause use-after-free.
CVE-2024-49883 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.267 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at().
CVE-2024-49884 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.268 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved:ext4: avoid use-after-free in ext4_ext_show_leaf()In ext4_find_extent(), path may be freed by error or be reallocated, so using a previously saved *ppath may have been freed and thus may trigger use-after-free, as follows:ext4_split_extent path = *ppath; ext4_split_extent_at(ppath) path = ext4_find_extent(ppath) ext4_split_extent_at(ppath) // ext4_find_extent fails to free path // but zeroout succeeds ext4_ext_show_leaf(inode, path) eh = path[depth].p_hdr // path use-after-free !!!Similar to ext4_split_extent_at(), we use *ppath directly as an input to ext4_ext_show_leaf(). Fix a spelling error by the way.Same problem in ext4_ext_handle_unwritten_extents(). Since 'path' is only used in ext4_ext_show_leaf(), remove 'path' and use *ppath directly.This issue is triggered only when EXT_DEBUG is defined and therefore does not affect functionality.
CVE-2024-49889 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.269 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:drm/amd/pm: ensure the fw_info is not null before using itThis resolves the dereference null return value warning reported by Coverity.
CVE-2024-49890 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.270 DIVIDE BY ZERO CWE-369
In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Initialize get_bytes_per_element's default to 1Variables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y & bytes_per_element_c are initialized by get_bytes_per_element() which should never return 0.This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity.
CVE-2024-49892 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.271 IMPROPER VALIDATION OF ARRAY INDEX CWE-129
In the Linux kernel, the following vulnerability has been resolved:drm/amd/display: Fix index out of bounds in degamma hardware format translationFixes index out of bounds issue in cm_helper_translate_curve_to_degamma_hw_format function. The issue could occur when the index 'i' exceeds the number of transfer function points (TRANSFER_FUNC_POINTS).The fix adds a check to ensure 'i' is within bounds before accessing the transfer function points. If 'i' is out of bounds the function returns false to indicate an error.Reported by smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:594 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.red' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:595 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.green' 1025 <= s32max drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:596 cm_helper_translate_curve_to_degamma_hw_format() error: buffer overflow 'output_tf->tf_pts.blue' 1025 <= s32max
CVE-2024-49894 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.272 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: vulnerability caused by adding a check to ensure the index 'i' is within bounds before accessing transfer function points in cm_helper_translate_curve_to_degamma_hw_format, preventing buffer overflow errors.
CVE-2024-49895 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.273 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: vulnerability caused by adding a null check for the stream before dereferencing it in dc_is_stream_unchanged to prevent null pointer dereference.
CVE-2024-49896 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.274 USE OF UNINITIALIZED RESOURCE CWE-908
In the Linux kernel, the following vulnerability has been resolved:jfs: Fix uninit-value access of new_ea in ea_buffersyzbot reports that lzo1x_1_do_compress is using uninit-value:===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_compress+0x19f9/0x2510 lib/lzo/lzo1x_compress.c:178...Uninit was stored to memory at:ea_put fs/jfs/xattr.c:639 [inline]...Local variable ea_buf created at:jfs_setxattr+0x5d/0x1ae0 fs/jfs/xattr.c:662jfs_xattr_set+0xe6/0x1f0 fs/jfs/xattr.c:934=====================================================The reason is ea_buf->new_ea is not initialized properly.Fix this by using memset to empty its content at the beginning in ea_get().
CVE-2024-49900 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.275 IMPROPER INPUT VALIDATION CWE-20
drm/msm/adreno: vulnerability caused by assigning msm_gpu->pdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.
CVE-2024-49901 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.276 OUT-OF-BOUNDS READ CWE-125
jfs: vulnerability caused by assigning msm_gpu->pdev earlier in the initialization process to prevent null pointer dereferences in msm_gpu_cleanup.
CVE-2024-49902 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.277 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved:jfs: Fix uaf in dbFreeBits[syzbot reported] ================================================================== BUG: KASAN: slab-use-after-free in mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KASAN: slab-use-after-free in __mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752 Read of size 8 at addr ffff8880229254b0 by task syz-executor357/5216CPU: 0 UID: 0 PID: 5216 Comm: syz-executor357 Not tainted 6.11.0-rc3-syzkaller-00156-gd7a5aa4b3c00 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 Call Trace:dump_stack lib/dump_stack.c:93 [inline]dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119print_address_description mm/kasan/report.c:377 [inline]print_report+0x169/0x550 mm/kasan/report.c:488kasan_report+0x143/0x180 mm/kasan/report.c:601__mutex_lock_common kernel/locking/mutex.c:587 [inline]mutex_lock+0xfe/0xd70 kernel/locking/mutex.c:752dbFreeBits+0x7ea/0xd90 fs/jfs/jfs_dmap.c:2390dbFreeDmap fs/jfs/jfs_dmap.c:2089 [inline]dbFree+0x35b/0x680 fs/jfs/jfs_dmap.c:409dbDiscardAG+0x8a9/0xa20 fs/jfs/jfs_dmap.c:1650jfs_ioc_trim+0x433/0x670 fs/jfs/jfs_discard.c:100jfs_ioctl+0x2d0/0x3e0 fs/jfs/ioctl.c:131vfs_ioctl fs/ioctl.c:51 [inline]do_sys_ioctl fs/ioctl.c:907 [inline]se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893do_syscall_x64 arch/x86/entry/common.c:52 [inline]do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83Freed by task 5218:kasan_save_stack mm/kasan/common.c:47 [inline]kasan_save_track+0x3f/0x80 mm/kasan/common.c:68kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579poison_slab_object+0xe0/0x150 mm/kasan/common.c:240kasan_slab_free+0x37/0x60 mm/kasan/common.c:256kasan_slab_free include/linux/kasan.h:184 [inline]slab_free_hook mm/slub.c:2252 [inline]slab_free mm/slub.c:4473 [inline]kfree+0x149/0x360 mm/slub.c:4594dbUnmount+0x11d/0x190 fs/jfs/jfs_dmap.c:278jfs_mount_rw+0x4ac/0x6a0 fs/jfs/jfs_mount.c:247jfs_remount+0x3d1/0x6b0 fs/jfs/super.c:454reconfigure_super+0x445/0x880 fs/super.c:1083vfs_cmd_reconfigure fs/fsopen.c:263 [inline]vfs_fsconfig_locked fs/fsopen.c:292 [inline]do_sys_fsconfig fs/fsopen.c:473 [inline]se_sys_fsconfig+0xb6e/0xf80 fs/fsopen.c:345do_syscall_x64 arch/x86/entry/common.c:52 [inline]do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x77/0x7f[Analysis] There are two paths (dbUnmount and jfs_ioc_trim) that generate race condition when accessing bmap, which leads to the occurrence of uaf.Use the lock s_umount to synchronize them, in order to avoid uaf caused by race condition.
CVE-2024-49903 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.278 NULL POINTER DEREFERENCE CWE-476
drm/amd/display: missing null pointer check before using dc->clk_mgr.
CVE-2024-49907 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.279 NULL POINTER DEREFERENCE CWE-476
drm/amd/display: missing null check for top_pipe_to_program in commit_planes_for_stream.
CVE-2024-49913 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.280 IMPROPER INPUT VALIDATION CWE-20
fbdev: pxafb:use after free in pxafb_task(). In the pxafb_probe function, it calls the pxafb_init_fbinfo function, after which &fbi->task is associated with pxafb_task. Moreover, within this pxafb_init_fbinfo function, the pxafb_blank function within the &pxafb_ops struct is capable of scheduling work. If we remove the module which will call pxafb_remove to make cleanup, it will call unregister_framebuffer function which can call do_unregister_framebuffer to free fbi->fb through put_fb_info(fb_info), while the work mentioned above will be used.
CVE-2024-49924 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.281 OUT-OF-BOUNDS READ CWE-125
wifi: ath11k: fix array out-of-bound access in SoC stats. Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() function access ath11k_soc_dp_stats::hal_reo_error using the REO destination SRNG ring ID, which is incorrect. SRNG ring ID differ from normal ring ID, and this usage leads to out-of-bounds array access.
CVE-2024-49930 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
3.2.282 IMPROPER INPUT VALIDATION CWE-20
blk_iocost: fix more out of bound shifts.
CVE-2024-49933 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.283 USE AFTER FREE CWE-416
net/xen-netback: prevent UAF in xenvif_flush_hash(). During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is called when the rcu grace period ends during the iteration, UAF occurs when accessing head->next after the entry becomes free.
CVE-2024-49936 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.284 ACCESS OF UNINITIALIZED POINTER CWE-824
In the Linux kernel, the following vulnerability has been resolved:wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmitSyzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch to calling __skb_set_length(skb, 0) directly. In addition, __skb_set_length() already contains a call to skb_reset_tail_pointer(), so remove the redundant call.The syzbot report came from ath9k_hif_usb_reg_in_cb(), but there's a similar usage of skb_trim() in ath9k_hif_usb_rx_cb(), change both while we're at it.
CVE-2024-49938 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.285 NULL POINTER DEREFERENCE CWE-476
sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start. In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, next time when calling sctp_inet_listen(), if sctp_sk(sk)->reuse is already set via setsockopt(SCTP_REUSE_PORT), sctp_sk(sk)->bind_hash will be dereferenced as sk_state is LISTENING, which causes a crash as bind_hash is NULL
CVE-2024-49944 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.286 BUFFER UNDERWRITE ('BUFFER UNDERFLOW') CWE-124
In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init().
CVE-2024-49948 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.287 BUFFER UNDERWRITE ('BUFFER UNDERFLOW') CWE-124
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO.
CVE-2024-49949 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.288 CONCURRENT EXECUTION USING SHARED RESOURCE WITH IMPROPER SYNCHRONIZATION ('RACE CONDITION') CWE-362
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption.
CVE-2024-49952 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.289 OPERATION ON A RESOURCE AFTER EXPIRATION OR RELEASE CWE-672
In the Linux kernel, the following vulnerability has been resolved:ACPI: battery: Fix possible crash when unregistering a battery hookWhen a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook provider cannot know that, so it will later call battery_hook_unregister() on the already unregistered battery hook, resulting in a crash.Fix this by using the list head to mark already unregistered battery hooks as already being unregistered so that they can be ignored by battery_hook_unregister().
CVE-2024-49955 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.290 IMPROPER INPUT VALIDATION CWE-20
ocfs2: null-ptr-deref when journal load failed.
CVE-2024-49957 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.291 IMPROPER INPUT VALIDATION CWE-20
ocfs2: reserve space for inline xattr before attaching reflink tree.
CVE-2024-49958 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.292 IMPROPER INPUT VALIDATION CWE-20
jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space.
CVE-2024-49959 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.293 IMPROPER INPUT VALIDATION CWE-20
ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package().
CVE-2024-49962 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.294 IMPROPER INPUT VALIDATION CWE-20
mailbox: bcm2835: timeout during suspend mode.
CVE-2024-49963 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.295 IMPROPER INPUT VALIDATION CWE-20
ocfs2: remove unreasonable unlock in ocfs2_read_blocks Patch series "Misc fixes for ocfs2_read_blocks", v5.
CVE-2024-49965 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.296 IMPROPER INPUT VALIDATION CWE-20
ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end.
CVE-2024-49966 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.297 IMPROPER INPUT VALIDATION CWE-20
ext4: no need to continue when the number of entries is 1.
CVE-2024-49967 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.298 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: index out of bounds in DCN30 color transformation.
CVE-2024-49969 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.299 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: dml2_core_shared_mode_support and dml_core_mode_support access the third element of dummy_boolean, for example: hw_debug5 = &s->dummy_boolean. Any assignment to hw_debug5 would cause an OVERRUN.
CVE-2024-49971 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.300 OUT-OF-BOUNDS WRITE CWE-787
r8169: RTL8125 added fields to the tally counter, this change could cause the chip to perform Direct Memory Access on these new fields, potentially writing to unallocated memory.
CVE-2024-49973 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.301 IMPROPER INPUT VALIDATION CWE-20
uprobes: vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ permission. Additionally setting VM_EXEC produces the same page protection attributes (pgprot_t) as setting both VM_EXEC and VM_READ. Nevertheless, the debugger can read this memory.
CVE-2024-49975 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.302 IMPROPER INPUT VALIDATION CWE-20
net: stmmac: port_transmit_rate_kbps could be set to a value of 0, which is then passed to the "div_s64" function when tc-cbs is disabled. This leads to a zero-division error.
CVE-2024-49977 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.303 IMPROPER INPUT VALIDATION CWE-20
media: venus: A race condition may trigger a use after free vulnerability in venus_remove.
CVE-2024-49981 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.304 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of doing in aoecmd_cfg_pkts(). It avoids that the tx() runs into use-after-free. Then Nicolai Stange found more places in aoe have potential use-after-free problem with tx(). e.g. revalidate(), aoecmd_ata_rw(), resend(), probe() and aoecmd_cfg_rsp(). Those functions also use aoenet_xmit() to push packet to tx queue. So they should also use dev_hold() to increase the refcnt of skb->dev. On the other hand, moving dev_put() to tx() causes that the refcnt of skb->dev be reduced to a negative value, because corresponding dev_hold() are not called in revalidate(), aoecmd_ata_rw(), resend(), probe(), and aoecmd_cfg_rsp(). This patch fixed this issue.
CVE-2024-49982 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.305 IMPROPER INPUT VALIDATION CWE-20
ext4: When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(), the 'ppath' is updated but it is the 'path' that is freed, thus potentially triggering a double-free.
CVE-2024-49983 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.306 IMPROPER INPUT VALIDATION CWE-20
i2c: stm32f7: In case there is any sort of clock controller attached to the I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may trigger a deadlock on drivers/clk/clk.c prepare_lock mutex.
CVE-2024-49985 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.307 IMPROPER INPUT VALIDATION CWE-20
iommu/vt-d: vulnerability may cause a soft lockup if qi_submit_sync() is called with zero invalidation descriptors, as the completion of invalidation_wait may not be detected, leading to an indefinite wait.
CVE-2024-49993 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.308 IMPROPER INPUT VALIDATION CWE-20
tipc: vulnerability due to a potential buffer overrun when copying media_name and if_name to name_parts, which may be prevented by using strscpy() to avoid overwriting the destination buffer.
CVE-2024-49995 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.309 SENSITIVE INFORMATION IN RESOURCE NOT REMOVED BEFORE REUSE CWE-226
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. This driver does not support statistics in the old 32-bit format or the new 64-bit format. These will be added in the future. In its current form, the patch should be easily backported to stable versions. Ethernet MACs on Amazon-SE and Danube cannot do padding of the packets in hardware, so software padding must be applied.
CVE-2024-49997 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.310 IMPROPER HANDLING OF EXCEPTIONAL CONDITIONS CWE-755
In the Linux kernel, the following vulnerability has been resolved:net/mlx5: Fix error path in multi-packet WQE transmitRemove the erroneous unmap in case no DMA mapping was establishedThe multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This could fail, e.g. under memory pressure, when the IOMMU driver just can't allocate more memory for page tables. While the code tries to handle this in the path below the err_unmap label it erroneously unmaps one entry from the sq's FIFO list of active mappings. Since the current map attempt failed this unmap is removing some random DMA mapping that might still be required. If the PCI function now presents that IOVA, the IOMMU may assumes a rogue DMA access and e.g. on s390 puts the PCI function in error state.The erroneous behavior was seen in a stress-test environment that created memory pressure.
CVE-2024-50001 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.311 DEADLOCK CWE-833
In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate().
CVE-2024-50006 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.312 IMPROPER INPUT VALIDATION CWE-20
ALSA: asihpi: potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware.
CVE-2024-50007 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.313 OUT-OF-BOUNDS WRITE CWE-787
wifi: mwifiex: memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in struct host_cmd_ds_802_11_scan_ext.
CVE-2024-50008 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.314 IMPROPER INPUT VALIDATION CWE-20
exfat: memory leak in exfat_load_bitmap() If the first directory entry in the root directory is not a bitmap directory entry, 'bh' will not be released and reassigned, which will cause a memory leak.
CVE-2024-50013 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.315 IMPROPER INITIALIZATION CWE-665
ext4: dax: Overflowing extents beyond inode size when partially writing.
CVE-2024-50015 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.316 IMPROPER INPUT VALIDATION CWE-20
net: unsafe loop on the list.
CVE-2024-50024 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.317 USE OF UNINITIALIZED RESOURCE CWE-908
In the Linux kernel, the following vulnerability has been resolved:slip: make slhc_remember() more robust against malicious packetssyzbot found that slhc_remember() was missing checks against malicious packets [1].slhc_remember() only checked the size of the packet was at least 20, which is not good enough.We need to make sure the packet includes the IPv4 and TCP header that are supposed to be carried.Add iph and th pointers to make the code more readable.[1]BUG: KMSAN: uninit-value in slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 slhc_remember+0x2e8/0x7b0 drivers/net/slip/slhc.c:666 ppp_receive_nonmp_frame+0xe45/0x35e0 drivers/net/ppp/ppp_generic.c:2455 ppp_receive_frame drivers/net/ppp/ppp_generic.c:2372 [inline] ppp_do_recv+0x65f/0x40d0 drivers/net/ppp/ppp_generic.c:2212 ppp_input+0x7dc/0xe60 drivers/net/ppp/ppp_generic.c:2327 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 __sys_sendmsg+0x903/0xb60 net/socket.c:2602 sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x77/0x7fUninit was created at: slab_post_alloc_hook mm/slub.c:4091 [inline] slab_alloc_node mm/slub.c:4134 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [inline] sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 _sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x77/0x7fCPU: 0 UID: 0 PID: 5460 Comm: syz.2.33 Not tainted 6.12.0-rc2-syzkaller-00006-g87d6aab2389e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
CVE-2024-50033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.318 USE OF UNINITIALIZED RESOURCE CWE-908
In the Linux kernel, the following vulnerability has been resolved:ppp: fix ppp_async_encode() illegal accesssyzbot reported an issue in ppp_async_encode() [1]In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is called with an empty skb.BUG: KMSAN: uninit-value in ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline]BUG: KMSAN: uninit-value in ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_encode drivers/net/ppp/ppp_async.c:545 [inline] ppp_async_push+0xb4f/0x2660 drivers/net/ppp/ppp_async.c:675 ppp_async_send+0x130/0x1b0 drivers/net/ppp/ppp_async.c:634 ppp_channel_bridge_input drivers/net/ppp/ppp_generic.c:2280 [inline] ppp_input+0x1f1/0xe60 drivers/net/ppp/ppp_generic.c:2304 pppoe_rcv_core+0x1d3/0x720 drivers/net/ppp/pppoe.c:379 sk_backlog_rcv+0x13b/0x420 include/net/sock.h:1113 release_sock+0x1da/0x330 net/core/sock.c:3072 release_sock+0x6b/0x250 net/core/sock.c:3626 pppoe_sendmsg+0x2b8/0xb90 drivers/net/ppp/pppoe.c:903 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 __sys_sendmsg+0x903/0xb60 net/socket.c:2602 sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x77/0x7fUninit was created at: slab_post_alloc_hook mm/slub.c:4092 [inline] slab_alloc_node mm/slub.c:4135 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4187 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1322 [inline] sock_wmalloc+0xfe/0x1a0 net/core/sock.c:2732 pppoe_sendmsg+0x3a7/0xb90 drivers/net/ppp/pppoe.c:867 sock_sendmsg_nosec net/socket.c:729 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:744 _sys_sendmsg+0x903/0xb60 net/socket.c:2602 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2656 __sys_sendmmsg+0x3c1/0x960 net/socket.c:2742 __do_sys_sendmmsg net/socket.c:2771 [inline] __se_sys_sendmmsg net/socket.c:2768 [inline] __x64_sys_sendmmsg+0xbc/0x120 net/socket.c:2768 x64_sys_call+0xb6e/0x3ba0 arch/x86/include/generated/asm/syscalls_64.h:308 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83entry_SYSCALL_64_after_hwframe+0x77/0x7fCPU: 1 UID: 0 PID: 5411 Comm: syz.1.14 Not tainted 6.12.0-rc1-syzkaller-00165-g360c1f1f24c6 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
CVE-2024-50035 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.319 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:net/sched: accept TCA_STAB only for root qdiscMost qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers.Unfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1]We can't support TCA_STAB on arbitrary level, this would require to maintain per-qdisc storage.
CVE-2024-50039 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.320 DETECTION OF ERROR CONDITION WITHOUT ACTION CWE-390
In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error.
CVE-2024-50040 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.2 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
3.2.321 IMPROPER LOCKING CWE-667
In the Linux kernel, the following vulnerability has been resolved:Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_changerfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it.
CVE-2024-50044 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
3.2.322 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb.
CVE-2024-50045 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.323 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved:NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()On the node of an NFS client, some files saved in the mountpoint of the NFS server were copied to another location of the same NFS server. Accidentally, the nfs42_complete_copies() got a NULL-pointer dereference crash.
CVE-2024-50046 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.324 IMPROPER INPUT VALIDATION CWE-20
drm/amd/display: null pointer before dereferencing se.
CVE-2024-50049 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.325 IMPROPER INPUT VALIDATION CWE-20
spi: mpc52xx: Add cancel_work_sync before module remove. If the module which will call mpc52xx_spi_remove is removed, it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug.
CVE-2024-50051 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.326 IMPROPER INPUT VALIDATION CWE-20
ntb: ntb_hw_switchtec: use after free vulnerability in switchtec_ntb_remove due to race condition.
CVE-2024-50059 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).
3.2.327 IMPROPER INPUT VALIDATION CWE-20
parport: The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, not the actually output size, the length calculation can still go over the given limit.
CVE-2024-50074 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.328 IMPROPER INPUT VALIDATION CWE-20
blk-rq-qos: vulnerability in blk-rq-qos can cause a crash due to a race condition between rq_qos_wait and rq_qos_wake_function, which is fixed by ensuring the waitqueue entry is accessed in the correct order.
CVE-2024-50082 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.329 IMPROPER INPUT VALIDATION CWE-20
tcp: vulnerability in may cause DSS corruption due to large PMTU transmissions, which is fixed by addressing the issue in the __mptcp_move_skbs_from_subflow function.
CVE-2024-50083 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.330 IMPROPER INPUT VALIDATION CWE-20
unicode: problematic ignorable code points.
CVE-2024-50089 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.331 IMPROPER LOCKING CWE-667
In the Linux kernel, the following vulnerability has been resolved:RDMA/mad: Improve handling of timed out WRs of mad agentCurrent timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. of WRs are to be handled inside timeout handler.This leads to softlockup with below trace in some use cases where rdma-cm path is used to establish connection between peer nodes Simplified timeout handler by creating local list of timed out WRs and invoke send handler post creating the list. The new method acquires/releases lock once to fetch the list and hence helps to reduce locking contetiong when processing higher no. of WRs
CVE-2024-50095 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.332 IMPROPER INPUT VALIDATION CWE-20
nouveau/dmem: vulnerability in migrate_to_ram upon copy error.
CVE-2024-50096 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
3.2.333 IMPROPER INPUT VALIDATION CWE-20
arm64: probes: Broken LDR (literal) uprobe support.
CVE-2024-50099 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.334 IMPROPER INPUT VALIDATION CWE-20
ceph: incorrect Fw reference check when dirtying pages.
CVE-2024-50179 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.335 IMPROPER INPUT VALIDATION CWE-20
fbdev: sisfb: Fix strbuf array overflow. The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf.
CVE-2024-50180 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.336 IMPROPER INPUT VALIDATION CWE-20
clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D. For i.MX7D DRAM related mux clock, the clock source change should ONLY be done done in low level asm code without accessing DRAM, and then calling clk API to sync the HW clock status with clk tree, it should never touch real clock source switch via clk API, so CLK_SET_PARENT_GATE flag should NOT be added, otherwise, DRAM's clock parent will be disabled when DRAM is active, and system will hang.
CVE-2024-50181 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.337 IMPROPER INPUT VALIDATION CWE-20
virtio_pmem: Check device status before requesting flush. If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang.
CVE-2024-50184 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.338 IMPROPER INPUT VALIDATION CWE-20
linux: mptcp: handle consistently DSS corruption. Bugged peer implementation can send corrupted DSS options, consistently hitting a few warning in the data path.
CVE-2024-50185 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.339 OUT-OF-BOUNDS WRITE CWE-787
net: phy: dp83869: fix memory corruption when enabling fiber. When configuring the fiber port, the DP83869 PHY driver incorrectly calls linkmode_set_bit() with a bit mask (1 << 10) rather than a bit number (10). This corrupts some other memory location -- in case of arm64 the priv pointer in the same structure.
CVE-2024-50188 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.340 IMPROPER INITIALIZATION CWE-665
x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but before register state is restored. This may be okay for MDS mitigation but not for RDFS. Because RDFS mitigation requires CPU buffers to be cleared when registers don't have any sensitive data. Move CLEAR_CPU_BUFFERS after RESTORE_ALL_NMI.
CVE-2024-50193 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.341 IMPROPER INPUT VALIDATION CWE-20
arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn't convert the in-memory instruction encoding (which is always little-endian) into the kernel's native endianness before analyzing and simulating instructions.
CVE-2024-50194 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.342 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754
posix-clock: Fix missing timespec64 check in pc_clock_settime().
CVE-2024-50195 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.343 NULL POINTER DEREFERENCE CWE-476
iio: light: veml6030: fix IIO device retrieval from embedded device. The dev pointer that is received as an argument in the in_illuminance_period_available_show function references the device embedded in the IIO device, not in the i2c client. dev_to_iio_dev() must be used to accessthe right data. The current implementation leads to a segmentation fault on every attempt to read the attribute because indio_dev gets a NULL assignment.
CVE-2024-50198 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.344 IMPROPER INPUT VALIDATION CWE-20
mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff.
CVE-2024-50199 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.345 IMPROPER INPUT VALIDATION CWE-20
linux: drm/radeon: encoder->possible_clones. In the past nothing validated that drivers were populating possible_clones correctly, which resulted in some warnings during driver initialization.
CVE-2024-50201 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.346 IMPROPER INPUT VALIDATION CWE-20
nilfs2: propagate directory read errors from nilfs_find_entry(). A task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/folio via nilfs_get_folio() fails. If the filesystem images is corrupted, and the i_size of the directory inode is large, and the directory page/folio is successfully read but fails the sanity check.
CVE-2024-50202 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.347 IMPROPER INPUT VALIDATION CWE-20
ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow.
CVE-2024-50218 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.348 TIME-OF-CHECK TIME-OF-USE (TOCTOU) RACE CONDITION CWE-367
wifi: iwlegacy: vulnerability due to stale interrupts not being cleared before resuming the iwl4965 device from hibernation, causing a race condition between the resume process and restart work.
CVE-2024-50234 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.349 IMPROPER INPUT VALIDATION CWE-20
wifi: ath10k: Fix memory leak in management tx In the current logic, memory is allocated for storing the MSDU context during management packet TX but this memory is not being freed during management TX completion. Similar leaks are seen in the management TX cleanup logic.
CVE-2024-50236 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.350 IMPROPER INPUT VALIDATION CWE-20
wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Avoid potentially crashing in the driver because of uninitialized private data.
CVE-2024-50237 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.351 INCORRECT CALCULATION OF BUFFER SIZE CWE-131
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed.
CVE-2024-50251 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.352 OUT-OF-BOUNDS WRITE CWE-787
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key().
CVE-2024-50262 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.353 IMPROPER INPUT VALIDATION CWE-20
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans. During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition.
CVE-2024-50264 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.354 NULL POINTER DEREFERENCE CWE-476
ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove().
CVE-2024-50265 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.355 IMPROPER INPUT VALIDATION CWE-20
USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer.
CVE-2024-50267 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.356 IMPROPER INPUT VALIDATION CWE-20
usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd(). The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high as 255 while the size of the uc->updated[] array is UCSI_MAX_ALTMODES (30). The call tree is: ucsi_cmd() // val comes from simple_attr_write_xsigned() -> ucsi_send_command() -> ucsi_send_command_common() -> ucsi_run_command() // calls ucsi->ops->sync_control() -> ucsi_ccg_sync_control().
CVE-2024-50268 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.357 USE AFTER FREE CWE-416
usb: musb: sunxi: accessing an released usb phy will cause that usb phy @glue->xceiv is accessed after released.
CVE-2024-50269 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.358 USE OF UNINITIALIZED RESOURCE CWE-908
btrfs: reinitialize delayed ref list after deleting it from the list. At insert_delayed_ref() if there is a need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, the ref from its ref head's ref_add_list is deleted using list_del(), which leaves the ref's add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively.
CVE-2024-50273 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.359 IMPROPER INPUT VALIDATION CWE-20
dm cache: potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table.
CVE-2024-50278 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.360 IMPROPER INPUT VALIDATION CWE-20
dm cache: out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access.
CVE-2024-50279 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.361 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K.
CVE-2024-50282 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.362 IMPROPER INPUT VALIDATION CWE-20
media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero.
CVE-2024-50287 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.363 IMPROPER INPUT VALIDATION CWE-20
media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.
CVE-2024-50290 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.364 IMPROPER INPUT VALIDATION CWE-20
ASoC: stm32: spdifrx: dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null.
CVE-2024-50292 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.365 IMPROPER INPUT VALIDATION CWE-20
net: arc: A warning is shown because ndev->dev and pdev->dev are not the same device.
CVE-2024-50295 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.366 IMPROPER INPUT VALIDATION CWE-20
hns3: A kernel crash may occur when the driver is uninstalled and the VF is disabled concurrently.
CVE-2024-50296 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.367 INCORRECT CALCULATION OF BUFFER SIZE CWE-131
In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb()
CVE-2024-50299 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.368 OUT-OF-BOUNDS READ CWE-125
In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission.
CVE-2024-50301 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.369 USE OF UNINITIALIZED RESOURCE CWE-908
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report.
CVE-2024-50302 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.370 IMPROPER INPUT VALIDATION CWE-20
ipv4: ip_tunnel: Suspicious RCU usage warning in ip_tunnel_find().
CVE-2024-50304 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.371 IMPROPER CHECK FOR UNUSUAL OR EXCEPTIONAL CONDITIONS CWE-754
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
CVE-2024-50602 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H).
3.2.372 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access.
CVE-2024-52332 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.373 IMPROPER INPUT VALIDATION CWE-20
io_uring/rw: vulnerability due to io_uring not checking for IOCB_NOWAIT when starting an O_DIRECT write, leading to potential deadlocks if the mount point is being frozen.
CVE-2024-53052 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.374 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT.
CVE-2024-53057 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.375 IMPROPER CLEANUP ON THROWN EXCEPTION CWE-460
In the Linux kernel, the following vulnerability has been resolved:wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()1. The size of the response packet is not validated. 2. The response buffer is not freed.Resolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer.
CVE-2024-53059 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.376 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: vulnerability due to a potential NULL pointer dereference in drm/amdgpu if acpi_evaluate_object() returns AE_NOT_FOUND, which is mitigated by bailing out when this status is encountered.
CVE-2024-53060 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.377 INTEGER UNDERFLOW (WRAP OR WRAPAROUND) CWE-191
media: s5p-jpeg: vulnerability due to the possibility of buffer overflows when the variable word is less than 2, which is prevented by adding extra checks.
CVE-2024-53061 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.378 IMPROPER INPUT VALIDATION CWE-20
media: dvbdev: risk of out of memory access.
CVE-2024-53063 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.379 IMPROPER INPUT VALIDATION CWE-20
nfs: KMSAN warning in decode_getfattr_attrs().
CVE-2024-53066 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.380 IMPROPER INPUT VALIDATION CWE-20
mm: krealloc: MTE false alarm in __do_krealloc.
CVE-2024-53097 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).
3.2.381 MISSING INITIALIZATION OF A VARIABLE CWE-456
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0.
CVE-2024-53101 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.382 IMPROPER INPUT VALIDATION CWE-20
hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer.
CVE-2024-53103 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.383 IMPROPER INPUT VALIDATION CWE-20
media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming.
CVE-2024-53104 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.384 INTEGER OVERFLOW OR WRAPAROUND CWE-190
um: potential integer overflow during physmem setup. This vulnerability happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.
CVE-2024-53145 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.385 IMPROPER INPUT VALIDATION CWE-20
NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value.
CVE-2024-53146 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.386 IMPROPER INPUT VALIDATION CWE-20
comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path.
CVE-2024-53148 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.387 OUT-OF-BOUNDS READ CWE-125
ALSA: usb-audio: out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type.
CVE-2024-53150 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.6 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H).
3.2.388 IMPROPER INPUT VALIDATION CWE-20
ocfs2: uninitialized value in ocfs2_file_read_iter().
CVE-2024-53155 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
3.2.389 IMPROPER INPUT VALIDATION CWE-20
wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service().
CVE-2024-53156 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.390 IMPROPER INPUT VALIDATION CWE-20
firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero.
CVE-2024-53157 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.391 IMPROPER INPUT VALIDATION CWE-20
soc: qcom: geni-se: array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array.
CVE-2024-53158 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H).
3.2.392 INTEGER OVERFLOW OR WRAPAROUND CWE-190
EDAC/bluefield: potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits.
CVE-2024-53161 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
3.2.393 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded.
CVE-2024-53165 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.394 IMPROPER INPUT VALIDATION CWE-20
ubifs: authentication: After an insertion in TNC, the tree might split and cause a node to change its znode->parent. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node's znode->cparent could still point to a freed node. This znode->cparent may not be updated when getting nodes to commit in ubifs_tnc_start_commit(). This could then trigger a use-after-free when accessing the znode->cparent in write_index() in ubifs_tnc_end_commit().
CVE-2024-53171 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.395 IMPROPER INPUT VALIDATION CWE-20
ubi: fastmap: The duplicate slab cache names can be detected and a kernel WARNING is thrown out.
CVE-2024-53172 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.396 IMPROPER INPUT VALIDATION CWE-20
NFSv4.0: When two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread.
CVE-2024-53173 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.397 IMPROPER INPUT VALIDATION CWE-20
SUNRPC: The function c_show was called with protection from RCU. This only ensures that cp will not be freed. Therefore, the reference count for cp can drop to zero, which will trigger a refcount use-after-free warning when cache_get is called.
CVE-2024-53174 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.398 IMPROPER INPUT VALIDATION CWE-20
um: vector: The drvdata is not available in release
CVE-2024-53181 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.399 IMPROPER INPUT VALIDATION CWE-20
um: net: The drvdata is not available in release.
CVE-2024-53183 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.400 IMPROPER INPUT VALIDATION CWE-20
um: ubd: The drvdata is not available in release.
CVE-2024-53184 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.401 USE AFTER FREE CWE-416
PCI: vulnerability causes a use-after-free error during hot removal of a USB4 dock due to improper handling of pci_slot and pci_bus references, which is fixed by ensuring pci_slot acquires a reference to pci_bus.
CVE-2024-53194 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.402 IMPROPER INPUT VALIDATION CWE-20
ALSA: usb-audio: vulnerability leading to out-of-bound accesses due to a bogus device providing an excessive bNumConfigurations value, which is fixed by ensuring proper allocation in usb_get_configuration.
CVE-2024-53197 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.403 IMPROPER INPUT VALIDATION CWE-20
xen: issue of resource not being properly released in xenbus_dev_probe().
CVE-2024-53198 has been assigned to this vulnerability. A CVSS v3.1 base score of 3.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
3.2.404 OUT-OF-BOUNDS READ CWE-125
vfio/pci: out-of-bounds access to ecap_perms array.
CVE-2024-53214 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.405 NULL POINTER DEREFERENCE CWE-476
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update().
CVE-2024-53217 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.406 NULL POINTER DEREFERENCE CWE-476
RDMA/hns: vulnerability due to a potential NULL pointer dereference in hns_roce_map_mr_sg() because ib_map_mr_sg() allows upper layer protocols (ULPs) to specify NULL as the sg_offset argument, requiring the driver to check for NULL before dereferencing.
CVE-2024-53226 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.407 IMPROPER INPUT VALIDATION CWE-20
scsi: bfa: use-after-free in bfad_im_module_exit().
CVE-2024-53227 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.408 USE AFTER FREE CWE-416
Bluetooth: vulnerability due to an use-after-free error in the device_for_each_child function, where a device may be accessed after it has been freed, potentially leading to a dangling pointer and system instability.
CVE-2024-53237 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.409 IMPROPER INPUT VALIDATION CWE-20
ALSA: 6fire: The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()) and cause potential UAFs.
CVE-2024-53239 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.410 NULL POINTER DEREFERENCE CWE-476
xen/netfront: vulnerability causes a crash when removing a device after a suspend/resume cycle due to uninitialized queues, which is fixed by checking for the existence of queues before attempting to stop them.
CVE-2024-53240 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
3.2.411 IMPROPER RESTRICTION OF OPERATIONS WITHIN THE BOUNDS OF A MEMORY BUFFER CWE-119
x86/xen: vulnerability due to issues with the PV iret hypercall through the hypercall page, which is fixed by directly coding the sequence in xen-asm.S to avoid problems with speculation mitigations.
CVE-2024-53241 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
3.2.412 IMPROPER INPUT VALIDATION CWE-20
ipvs: vulnerability causes undefined behavior due to uninitialized stack access in ip_vs_protocol_init(), which is fixed by zeroing the on-stack buffer to prevent out-of-bound accesses.
CVE-2024-53680 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.413 IMPROPER INPUT VALIDATION CWE-20
ALSA: caiaq: OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.
CVE-2024-56531 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.414 IMPROPER INPUT VALIDATION CWE-20
ALSA: us122l: OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.
CVE-2024-56532 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.415 IMPROPER INPUT VALIDATION CWE-20
ALSA: usx2y: The USB disconnect callback takes longer than it should. The current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup.
CVE-2024-56533 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.416 IMPROPER INPUT VALIDATION CWE-20
wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan().
CVE-2024-56539 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.417 IMPROPER INPUT VALIDATION CWE-20
hfsplus: Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size.
CVE-2024-56548 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.418 IMPROPER INPUT VALIDATION CWE-20
nfsd: make sure exp active before svc_export_show The function e_show was called with protection from RCU. This only ensures that exp will not be freed. Therefore, the reference count for exp can drop to zero, which will trigger a refcount use-after-free warning when exp_get is called.
CVE-2024-56558 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.419 IMPROPER INPUT VALIDATION CWE-20
i3c: master: miss free init_dyn_addr at i3c_master_put_i3c_addrs().
CVE-2024-56562 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).
3.2.420 DIVIDE BY ZERO CWE-369
ad7780: division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero.
CVE-2024-56567 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.421 IMPROPER INPUT VALIDATION CWE-20
iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called.
CVE-2024-56568 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.422 NULL POINTER DEREFERENCE CWE-476
ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash.
CVE-2024-56569 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.4 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
3.2.423 IMPROPER INPUT VALIDATION CWE-20
In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function.This is important because such inodes can cause errors in overlayfs when passed to the lowerstack.
CVE-2024-56570 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.424 IMPROPER INPUT VALIDATION CWE-20
media: uvcvideo: Require entities to have a non-zero unique ID.
CVE-2024-56571 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.425 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401
media: platform: allegro-dvt: possible memory leak in allocate_buffers_internal(). If The buffer in the loop is not released under the exception path, it may lead to a memory leak.
CVE-2024-56572 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.426 IMPROPER INPUT VALIDATION CWE-20
media: ts2020: null-ptr-deref in ts2020_probe().
CVE-2024-56574 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.427 IMPROPER INPUT VALIDATION CWE-20
media: i2c: tc358743: crash in the probe error path when using polling. If an error occurs in the probe() function, the polling timer that was alarmed earlier should be removed, otherwise the timer is called with arguments that are already freed, which results in a crash.
CVE-2024-56576 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.428 USE AFTER FREE CWE-416
btrfs: ref-verify: use-after-free after invalid ref action.
CVE-2024-56581 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.429 IMPROPER INPUT VALIDATION CWE-20
f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on.
CVE-2024-56586 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.430 IMPROPER INPUT VALIDATION CWE-20
leds: class: Protect brightness_show() with led_cdev->led_access mutex. There is NULL pointer vulnerability observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer vulnerability.
CVE-2024-56587 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.431 IMPROPER INPUT VALIDATION CWE-20
scsi: hisi_sas: Add cond_resched() for no forced preemption model. For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, a call trace may occur.
CVE-2024-56589 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.432 IMPROPER INPUT VALIDATION CWE-20
wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw(). This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue.
CVE-2024-56593 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.433 IMPROPER INPUT VALIDATION CWE-20
drm/amdgpu: set the right AMDGPU sg segment limitation. The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length.
CVE-2024-56594 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.434 IMPROPER INPUT VALIDATION CWE-20
jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree. When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out.
CVE-2024-56595 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.435 IMPROPER INPUT VALIDATION CWE-20
jfs: array-index-out-of-bounds in jfs_readdir. The stbl might contain some invalid values. Added a check to return error code in that case.
CVE-2024-56596 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.436 IMPROPER INPUT VALIDATION CWE-20
jfs: fix shift-out-of-bounds in dbSplit. When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself.
CVE-2024-56597 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.437 IMPROPER INPUT VALIDATION CWE-20
jfs: array-index-out-of-bounds fix in dtReadFirst. The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case.
CVE-2024-56598 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.438 USE AFTER FREE CWE-416
net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error.
CVE-2024-56600 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.439 USE AFTER FREE CWE-416
In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error.
CVE-2024-56601 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.440 USE AFTER FREE CWE-416
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create(). sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free.
CVE-2024-56602 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.441 IMPROPER INPUT VALIDATION CWE-20
net: af_can: do not leave a dangling sk pointer in can_create(). On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later.
CVE-2024-56603 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.442 IMPROPER INPUT VALIDATION CWE-20
Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code.
CVE-2024-56605 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.0 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.443 USE AFTER FREE CWE-416
af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free.
CVE-2024-56606 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.444 IMPROPER INPUT VALIDATION CWE-20
kcsan: Turn report_filterlist_lock into a raw_spinlock, with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48.
CVE-2024-56610 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.445 IMPROPER INPUT VALIDATION CWE-20
bpf: OOB devmap writes when deleting elements against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes.
CVE-2024-56615 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.446 IMPROPER INPUT VALIDATION CWE-20
nilfs2: When searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled.
CVE-2024-56619 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.447 IMPROPER INPUT VALIDATION CWE-20
scsi: qla2xxx: System crash is observed with stack trace warning of use after free.
CVE-2024-56623 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.448 IMPROPER INPUT VALIDATION CWE-20
HID: wacom: Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes.
CVE-2024-56629 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.449 IMPROPER INPUT VALIDATION CWE-20
ocfs2: iput() is not called when new_inode() succeeded and dquot_initialize() failed.
CVE-2024-56630 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.450 IMPROPER INPUT VALIDATION CWE-20
tcp_bpf: The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes.
CVE-2024-56633 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.451 IMPROPER INPUT VALIDATION CWE-20
gpio: grgpio: vulnerability due to a missing NULL check in grgpio_probe for the return value of devm_kasprintf(), leading to a kernel NULL pointer dereference error.
CVE-2024-56634 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.452 IMPROPER HANDLING OF UNEXPECTED DATA TYPE CWE-241
geneve: vulnerability in geneve_xmit_skb() arises from incorrectly assuming the MAC header is set in the output path, which can lead to errors. The fix involves using skb_eth_hdr() instead of eth_hdr() to ensure the MAC header is correctly referenced, preventing potential issues.
CVE-2024-56636 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.453 IMPROPER INPUT VALIDATION CWE-20
netfilter: ipset: vulnerability involves a race condition where the ip_set.ko module can be unloaded by user space while it is requesting a set type backend module, potentially causing a kernel crash.
CVE-2024-56637 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.454 IMPROPER INPUT VALIDATION CWE-20
tipc: vulnerability in TIPC (Transparent Inter-Process Communication) involves a use-after-free issue with the UDP kernel socket in cleanup_bearer(), caused by premature reference count decrements, which is resolved by moving the decrement after releasing the socket.
CVE-2024-56642 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.455 IMPROPER INPUT VALIDATION CWE-20
dccp: vulnerability in DCCP (Datagram Congestion Control Protocol) involves a memory leak in dccp_feat_change_recv where memory allocated for a new SP feature value is not freed if dccp_feat_push_confirm() fails, leading to potential resource exhaustion.
CVE-2024-56643 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.456 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table.
CVE-2024-56644 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.457 IMPROPER INPUT VALIDATION CWE-20
can: j1939: vulnerability involves a reference count underflow issue in j1939_session_new(), which is fixed by adding an extra skb_get() to match the behavior of j1939_session_skb_queue().
CVE-2024-56645 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.458 IMPROPER INPUT VALIDATION CWE-20
net: hsr: avoid potential out-of-bound access in fill_frame_info(). By extending the check to cover packets with only 14 bytes, it prevents uninitialized values from causing undefined behavior or security issues.
CVE-2024-56648 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.459 OUT-OF-BOUNDS READ CWE-125
In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN
CVE-2024-56650 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
3.2.460 IMPROPER INPUT VALIDATION CWE-20
net: lapb: It is unclear if net/lapb code is supposed to be ready for 8021q, this may lead to crashes.
CVE-2024-56659 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.461 IMPROPER INPUT VALIDATION CWE-20
tipc: NULL deref in cleanup_bearer().
CVE-2024-56661 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.462 IMPROPER INPUT VALIDATION CWE-20
acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl.
CVE-2024-56662 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.463 IMPROPER INPUT VALIDATION CWE-20
usb: gadget: u_serial: gs_start_io crashed due to accessing null pointer. Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function, the port->port_usb pointer will be set to NULL.
CVE-2024-56670 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.464 IMPROPER INPUT VALIDATION CWE-20
crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error.
CVE-2024-56681 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.465 IMPROPER INPUT VALIDATION CWE-20
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared.
CVE-2024-56688 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.466 IMPROPER INPUT VALIDATION CWE-20
crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY.
CVE-2024-56690 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.467 IMPROPER INPUT VALIDATION CWE-20
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws.
CVE-2024-56691 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.468 IMPROPER INPUT VALIDATION CWE-20
usb: dwc3: gadget: looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared).
CVE-2024-56698 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.469 IMPROPER INPUT VALIDATION CWE-20
media: wl128x: Atomicity violation occurs when the fmc_send_cmd() function is executed.
CVE-2024-56700 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.470 IMPROPER INPUT VALIDATION CWE-20
powerpc/pseries: The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep.
CVE-2024-56701 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.471 IMPROPER INPUT VALIDATION CWE-20
9p/xen: A fix release of IRQ Kernel logs indicate an IRQ was double-freed.
CVE-2024-56704 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.472 IMPROPER INPUT VALIDATION CWE-20
media: atomisp: In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_css_s3a_hmem_decode().
CVE-2024-56705 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.473 IMPROPER INPUT VALIDATION CWE-20
bpf, sockmap: Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, it should put_page 2. if (len == 0), returning early is better 3. pop the entire sk_msg (last == msg->sg.size) should be supported 4. Fix for the value of variable "a" 5. In sk_msg_shift_left, after shifting, it has already pointed to the next element. Addtional sk_msg_iter_var_next may result in BUG.
CVE-2024-56720 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.474 IMPROPER INPUT VALIDATION CWE-20
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) vulnerabilities. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ).
CVE-2024-56723 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.475 IMPROPER INPUT VALIDATION CWE-20
mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device. While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) vulnerability. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ).
CVE-2024-56724 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.476 IMPROPER INPUT VALIDATION CWE-20
octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c. Add error pointer check after calling otx2_mbox_get_rsp().
CVE-2024-56728 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.477 IMPROPER INPUT VALIDATION CWE-20
rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup.
CVE-2024-56739 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.478 IMPROPER INPUT VALIDATION CWE-20
apparmor: test: Fix memory leak for aa_unpack_strdup() The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks.
CVE-2024-56741 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.479 IMPROPER INPUT VALIDATION CWE-20
fbdev: sh7760fb: vulnerability involves a potential memory leak in sh7760fb_alloc_mem() where sh7760fb_free_mem() does not release memory correctly if info->screen_base is not ready, which is fixed by calling dma_free_coherent() instead.
CVE-2024-56746 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.480 IMPROPER INPUT VALIDATION CWE-20
scsi: qedi: vulnerability involves a potential memory leak in qedi_alloc_and_init_sb() where the DMA memory sb_virt is not released upon failure, which is fixed by adding dma_free_coherent() to free the memory, similar to other functions like qedr_alloc_mem_sb() and qede_alloc_mem_sb().
CVE-2024-56747 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.481 IMPROPER INPUT VALIDATION CWE-20
scsi: qedf: vulnerability involves a potential memory leak in qedf_alloc_and_init_sb() where the DMA memory sb_virt is not released upon failure, which is fixed by adding dma_free_coherent() to free the memory, similar to other functions like qedr_alloc_mem_sb() and qede_alloc_mem_sb().
CVE-2024-56748 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.482 IMPROPER INPUT VALIDATION CWE-20
crypto: vulnerability due to passing an incorrect parameter type to devm_add_action_or_reset() in the CAAM driver, which is fixed by ensuring the correct parameter type is used to properly release resources.
CVE-2024-56754 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.483 IMPROPER INPUT VALIDATION CWE-20
nvme-pci: vulnerability involves an incorrect size being passed to dma_free_coherent in nvme-pci due to __nvme_alloc_host_mem potentially using fewer descriptors than planned, which is fixed by ensuring the correct size is used for freeing the HMB descriptor table.
CVE-2024-56756 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.484 ALWAYS-INCORRECT CONTROL FLOW IMPLEMENTATION CWE-670
net/sched: netem: The interface fully stops transferring packets and "locks". In this case, the child qdisc and tfifo are empty, but 'qlen' indicates the tfifo is at its limit and no more packets are accepted.
CVE-2024-56770 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.485 MISSING RELEASE OF MEMORY AFTER EFFECTIVE LIFETIME CWE-401
nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occurThe action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server.
CVE-2024-56779 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.3 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
3.2.486 DEADLOCK CWE-833
quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots().
CVE-2024-56780 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.487 IMPROPER INPUT VALIDATION CWE-20
powerpc/prom_init: missing powermac #size-cells.
CVE-2024-56781 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.488 IMPROPER VALIDATION OF ARRAY INDEX CWE-129
MIPS: Loongson64: DTS: issues with PCIe port nodes for ls7a.
CVE-2024-56785 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.5 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
3.2.489 ACCESS OF UNINITIALIZED POINTER CWE-824
arm64: ptrace: vulnerability due to an uninitialized variable in the tagged_addr_ctrl_set() function, leading to potential memory leakage from the kernel stack when a zero-length SETREGSET call is made, exposing up to 64 bits of memory.
CVE-2024-57874 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.1 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATION: Germany
3.4 RESEARCHER
Siemens reported these vulnerabilities to CISA.
4. MITIGATIONS
Siemens has identified the following specific workarounds and mitigations users can apply to reduce risk:
- All affected products: Update to V3.2 or later version
As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens' operational guidelines for industrial security and following recommendations in the product manuals.
Additional information on industrial security by Siemens can be found on the Siemens industrial security webpage
For more information see the associated Siemens security advisory SSA-355557 in HTML and CSAF.
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:
- Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
- Locate control system networks and remote devices behind firewalls and isolating them from business networks.
- When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
- Do not click web links or open attachments in unsolicited email messages.
- Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
- Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
5. UPDATE HISTORY
- August 14, 2025: Initial Republication of Siemens ProductCERT SSA-355557
This product is provided subject to this Notification and this Privacy & Use policy.
Vendor
- Siemens