UBUNTU-CVE-2024-39497

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUGON on mmapPROTWRITE, MAPPRIVATE Lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flag causing a kernel panic due to BUGON in...

kernel: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios

In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dellsmbios initdellsmbioswmi only registers the dellsmbioswmidriver on systems where the Dell WMI interface is supported. While exitdellsmbioswmi unregisters it unconditionally, th...

kernel: gro: fix ownership transfer

A flaw was found in the Linux kernel's Generic Receive Offload GRO feature, where packets processed with a fragment list are not properly orphaned due to incorrect handling of socket references. This vulnerability can cause system instability or kernel bugs. The issue has been fixed by making sur...

kernel: wifi: nl80211: reject iftype change with mesh ID change

CVE-2024-27410 is a vulnerability in the Linux kernel’s Wi-Fi subsystem, affecting the nl80211 interface. The issue occurs when a mesh ID is set while simultaneously switching the interface to mesh mode, which can overwrite critical data in the wireless device's configuration. This can lead to...

UBUNTU-CVE-2024-37026

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with...

DEBIAN-CVE-2024-37356

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix shift-out-of-bounds in dctcpupdatealpha. In dctcpupdatealpha, we use a module parameter dctcpshiftg as follows: alpha -= minnotzeroalpha, alpha dctcpshiftg; ... deliveredce /sys/module/tcpdctcp/parameters/dctcpshiftg cat...

CVE-2024-33621

Technical details about CVE-2024-33621 are not present in the provided documents. The connected materials do not specify affected products, impact, or fixes for this CVE. Monitor for updates from official advisories.

DEBIAN-CVE-2021-47607

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPFCMPXCHG on a high level has the following parameters: .-old-val .-new-val BPFR0 = cmpxchg32,64DSTREG + insn-off, BPFR0, SRCREG -mem-loc...

UBUNTU-CVE-2021-47603

In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditdthread could get blocked attempting to send audit records to the userspace audit daemon. With...

DEBIAN-CVE-2024-38554

In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issue of netdevice There is a reference count leak issue of the object "netdevice" in ax25devdevicedown. When the ax25 device is shutting down, the ax25devdevicedown drops the reference count of...

UBUNTU-CVE-2024-38557

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...

UBUNTU-CVE-2024-38575

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc in brcmfpciedownloadfwnvram will return null if the physical memory has run out. As a result, if we use getrandombytes to generate random bytes in the randbuf, t...

kernel: i2c: validate user data in compat ioctl

In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2ctransfer, ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data in compact ioctl to...

kernel: usb: ulpi: Fix debugfs directory leak

In the Linux kernel, the following vulnerability has been resolved: usb: ulpi: Fix debugfs directory leak The ULPI per-device debugfs root is named after the ulpi device's parent, but ulpiunregisterinterface tries to remove a debugfs directory named after the ulpi device itself. This results in t...

SUSE CVE-2024-36946

In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtmphonetnotify skb allocation fillroute stores three components in the skb: - struct rtmsg - RTADST u8 - RTAOIF u32 Therefore, rtmphonetnotify should use NLMSGALIGNsizeofstruct rtmsg + nlatotalsize1 + nlatotalsize4...

CVE-2024-36905

In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdownSENDSHUTDOWN for TCPSYNRECV sockets TCPSYNRECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash 1, syzbot managed to trigger a divide by zero in...

DEBIAN-CVE-2024-36935

In the Linux kernel, the following vulnerability has been resolved: ice: ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count bytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that the string is...

UBUNTU-CVE-2024-36940

In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrlenable The "pctldev" struct is allocated in devmpinctrlregisterandinit. It's a devm managed pointer that is freed by devmpinctrldevrelease, so freeing it in pinctrlenable will lead t...

CVE-2024-36915 nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies

In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfcllcpsetsockopt unsafe copies syzbot reported unsafe calls to copyfromsockptr 1 Use copysafefromsockptr instead. 1 BUG: KASAN: slab-out-of-bounds in copyfromsockptroffset include/linux/sockptr.h:49 inline BUG:...

CVE-2024-36906 ARM: 9381/1: kasan: clear stale stack poison

In the Linux kernel, the following vulnerability has been resolved: ARM: 9381/1: kasan: clear stale stack poison We found below OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...