kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

A vulnerability was found in the Linux kernel's ngsm driver, affecting the tty subsystem. It occurs when switching between basic and advanced option modes in GSM multiplexing, leading to potential out-of-bounds memory writes. This happens because certain state variables, like gsm-len and gsm-stat...

kernel: wifi: cfg80211: check A-MSDU format more carefully

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: check A-MSDU format more carefully If it looks like there's another subframe in the A-MSDU but the header isn't fully there, we can end up reading data out of bounds, only to discard later. Make this a bit more...

kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the...

kernel: tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

A vulnerability was found in the Linux kernel's ngsm driver, affecting the tty subsystem. It occurs when switching between basic and advanced option modes in GSM multiplexing, leading to potential out-of-bounds memory writes. This happens because certain state variables, like gsm-len and gsm-stat...

kernel: sched/psi: Fix use-after-free in ep_remove_wait_queue()

In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueue gets freed in the...

kernel: pwm: Fix double shift bug

REJECTED CVE A double shift vulnerability was identified in the Linux kernel's pwm subsystem. The issue involves passing a shifted value instead of a bit number to set/testbit functions, resulting in a double shift e.g., BITBIT1. While this doesn't cause problems for values 0 or 1, values of 5 or...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6951-1)

"The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6951-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update...

kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...

kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned

A flaw was found in the Linux kernel's block subsystem, where a NULL pointer dereference occurs if partitions are created or resized with a size that is not a multiple of the logical block size. This flaw allows a privileged attacker to cause a denial of service...

kernel: scsi: qla2xxx: Fix double free of the ha->vp_map pointer

A vulnerability was found in the Linux kernel. A potential double-free in the pointer ha-vpmap exists in the Linux kernel in drivers/scsi/qla2xxx/qlaos.c...

kernel: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

CVE-2024-35789 is a vulnerability in the Linux kernel’s Wi-Fi subsystem mac80211. It occurs when a station is moved out of a VLAN, and the VLAN is subsequently deleted. A reference to the deleted VLAN’s network device may remain, leading to a use-after-free condition. This can result in system...

kernel: block: null pointer dereference in ioctl.c when length and logical block size are misaligned

A flaw was found in the Linux kernel's block subsystem, where a NULL pointer dereference occurs if partitions are created or resized with a size that is not a multiple of the logical block size. This flaw allows a privileged attacker to cause a denial of service...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in the net, sunrpc module in the xstcpsetupsocket, where the BPF program may return -EPERM if the connection...

SUSE CVE-2024-41037

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: fix null deref on system suspend entry When system enters suspend with an active stream, SOF core calls hwparamsuponresume. On Intel platforms with HDA DMA used to manage the link DMA, this leads to call...

SUSE CVE-2024-41047

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 "i40e: Fix reset path while removing the driver" introduced a new PF state "I40EINREMOVE" to block modifying the XDP program while the driver is...

SUSE CVE-2024-41064

In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev-pdev changes If a PCI device is removed during eehpereportedev, edev-pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a copy of edev-pdev-bus...

SUSE CVE-2024-41072

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check whether number of channels passed via 'ioctlsock, SIOCSIWSCAN, ...' doesn't exceed IWMAXFREQUENCIES and reject invalid request with...

SUSE CVE-2024-41085

In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix no cxlnvd during pmem region auto-assembling When CXL subsystem is auto-assembling a pmem region during cxl endpoint port probing, always hit below calltrace. BUG: kernel NULL pointer dereference, address:...

SUSE CVE-2024-42091

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Check pat.ops before dumping PAT settings We may leave pat.ops unset when running on brand new platform or when running as a VF. While the former is unlikely, the latter is valid future use case and will cause NPD when...

SUSE CVE-2024-42159

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise numphys Information is stored in mrsasport-phymask, values larger then size of this field shouldn't be allowed...