Lucene search

K

Linux Kernel Security Vulnerabilities

cve
cve

CVE-2024-36959

In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() If we fail to allocate propname buffer, we need to drop the reference count we just took. Because the pinctrl_dt_free_maps() includes the droping operation, here we...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
28
cve
cve

CVE-2024-36948

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_migrate: Cast to output precision before multiplying operands Addressing potential overflow in result of multiplication of two lower precision (u32) operands before widening it to higher precision (u64). -v2 Fix commit...

7AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36943

In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: fix loss of young/dirty bits during pagemap scan make_uffd_wp_pte() was previously doing: pte = ptep_get(ptep); ptep_modify_prot_start(ptep); pte = pte_mkuffd_wp(pte); ptep_modify_prot_commit(ptep, pte);...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
28
cve
cve

CVE-2024-36944

In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
26
cve
cve

CVE-2024-36942

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to...

7.1AI Score

0.0004EPSS

2024-05-30 04:15 PM
26
cve
cve

CVE-2024-36947

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix dentry leak simple_recursive_removal() drops the pinning references to all positives in subtree. For the cases when its argument has been kept alive by the pinning alone that's exactly the right thing to do, but here...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: struct rtmsg RTA_DST (u8) RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) +...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36945

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable resolved by ip_route_output_flow() are not released or put before return. It may cause the...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36949

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36941

In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
cve
cve

CVE-2024-36940

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
28
cve
cve

CVE-2024-36931

In the Linux kernel, the following vulnerability has been resolved: s390/cio: Ensure the copied buf is NUL terminated Currently, we allocate a lbuf-sized kernel buffer and copy lbuf from userspace to that buffer. Later, we use scanf on this buffer but we don't ensure that the string is terminated.....

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36932

In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct....

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
45
cve
cve

CVE-2024-36938

In the Linux kernel, the following vulnerability has been resolved: bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue Fix NULL pointer data-races in sk_psock_skb_ingress_enqueue() which syzbot reported [1]. [1] BUG: KCSAN: data-race in sk_psock_drop /...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
49
cve
cve

CVE-2024-36936

In the Linux kernel, the following vulnerability has been resolved: efi/unaccepted: touch soft lockup during memory accept Commit 50e782a86c98 ("efi/unaccepted: Fix soft lockups caused by parallel memory acceptance") has released the spinlock so other CPUs can do memory acceptance in parallel and.....

6.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
cve
cve

CVE-2024-36930

In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spi_sync If spi_sync() is called with the non-empty queue and the same spi_message is then reused, the complete callback for the message remains set while the context is cleared, leading to....

5.5CVSS

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
47
cve
cve

CVE-2024-36933

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). syzbot triggered various splats (see [0] and links) by a crafted GSO packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36934

In the Linux kernel, the following vulnerability has been resolved: bna: ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is terminated.....

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
26
cve
cve

CVE-2024-36939

In the Linux kernel, the following vulnerability has been resolved: nfs: Handle error of rpc_proc_register() in nfs_net_init(). syzkaller reported a warning 0 triggered while destroying immature netns. rpc_proc_register() was called in init_nfs_fs(), but its error has been ignored since at least...

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36929

In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
cve
cve

CVE-2024-36937

In the Linux kernel, the following vulnerability has been resolved: xdp: use flags field to disambiguate broadcast redirect When redirecting a packet using XDP, the bpf_redirect_map() helper will set up the redirect destination information in struct bpf_redirect_info (using the...

6.3AI Score

0.0004EPSS

2024-05-30 04:15 PM
26
cve
cve

CVE-2024-36935

In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36928

In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36918

In the Linux kernel, the following vulnerability has been resolved: bpf: Check bloom filter map value size This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_MAX_SIZE. This brings the bloom map in line with many other map types. The lack of this protection can....

6.8AI Score

0.0004EPSS

2024-05-30 04:15 PM
28
cve
cve

CVE-2024-36920

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver prints this WARNING message: memcpy: detected field-spanning write (size 128) of single field...

6.8AI Score

0.0004EPSS

2024-05-30 04:15 PM
26
cve
cve

CVE-2024-36923

In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
26
cve
cve

CVE-2024-36925

In the Linux kernel, the following vulnerability has been resolved: swiotlb: initialise restricted pool list_head when SWIOTLB_DYNAMIC=y Using restricted DMA pools (CONFIG_DMA_RESTRICTED_POOL=y) in conjunction with dynamic SWIOTLB (CONFIG_SWIOTLB_DYNAMIC=y) leads to the following crash when...

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
47
cve
cve

CVE-2024-36924

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the hbalock to...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36926

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: LPAR panics during boot up with a frozen PE At the time of LPAR boot up, partition firmware provides Open Firmware property ibm,dma-window for the PE. This property is provided on the PCI bus the PE is...

5.5CVSS

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
49
cve
cve

CVE-2024-36919

In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as....

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36922

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry....

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36917

In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len =...

7.1AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36921

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: guard against invalid STA ID on removal Guard against invalid station IDs in iwl_mvm_mld_rm_sta_id as that would result in out-of-bounds array accesses. This prevents issues should the driver get into a bad...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36927

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling...

6.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36906

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: [ 33.452494] ================================================================== [ 33.453513] BUG: KASAN: stack-out-of-bounds in...

6.4AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
cve
cve

CVE-2024-36910

In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared....

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
cve
cve

CVE-2024-36912

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory.....

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36915

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36913

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting...

6.9AI Score

0.0004EPSS

2024-05-30 04:15 PM
24
cve
cve

CVE-2024-36914

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it's not applicable [WHY] dynamic memory safety error detector (KASAN) catches and generates error messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not support certain...

7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36907

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: add a missing rpc_stat for TCP TLS Commit 1548036ef120 ("nfs: make the rpc_stat per net namespace") added functionality to specify rpc_stats function but missed adding it to the TCP TLS functionality. As the result,...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
28
cve
cve

CVE-2024-36908

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or...

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
23
cve
cve

CVE-2024-36909

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the...

7.1AI Score

0.0004EPSS

2024-05-30 04:15 PM
23
cve
cve

CVE-2024-36905

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by.....

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36911

In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers.....

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36916

In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ ...

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36902

In the Linux kernel, the following vulnerability has been resolved: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() syzbot is able to trigger the following crash [1], caused by unsafe ip6_dst_idev() use. Indeed ip6_dst_idev() can return NULL, and must always be checked. [1]....

5.5CVSS

6.5AI Score

0.0004EPSS

2024-05-30 04:15 PM
47
cve
cve

CVE-2024-36903

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in __ip6_make_skb() As it was done in commit fc1092f51567 ("ipv4: Fix uninit-value access in __ip_make_skb()") for IPv4, check FLOWI_FLAG_KNOWN_NH on fl6->flowi6_flags instead of testing.....

6.6AI Score

0.0004EPSS

2024-05-30 04:15 PM
25
cve
cve

CVE-2024-36898

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix uninitialised kfifo If a line is requested with debounce, and that results in debouncing in software, and the line is subsequently reconfigured to enable edge detection then the allocation of the kfifo to...

6.7AI Score

0.0004EPSS

2024-05-30 04:15 PM
23
cve
cve

CVE-2024-36899

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Fix use after free in lineinfo_changed_notify The use-after-free issue occurs as follows: when the GPIO chip device file is being closed by invoking gpio_chrdev_release(), watched_lines is freed by bitmap_free(),...

6.8AI Score

0.0004EPSS

2024-05-30 04:15 PM
27
Total number of security vulnerabilities8401