CVE-2024-46849

In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card-dailink' is reallocated in 'mesoncardreallocatelinks', so move 'pad' pointer initialization after this function when memory is already reallocated. Kasan bug report:...

CVE-2024-46830

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire kvm-srcu when handling KVMSETVCPUEVENTS Grab kvm-srcu when processing KVMSETVCPUEVENTS, as KVM will forcibly leave nested VMX/SVM if SMM mode is being toggled, and leaving nested VMX reads guest memory. Note,...

CVE-2024-46842

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfcgetsfpinfo The MBXTIMEOUT return code is not handled in lpfcgetsfpinfo and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for...

CVE-2024-46819

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbiov74 if rasmanager obj null, don't print NBIO err data...

CVE-2024-46858

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: Fix uaf in timerdeletesync There are two paths to access mptcppmdeladdtimer, result in a race condition: CPU1 CPU2 ==== ==== netrxaction napipoll netlinksendmsg napipoll netlinkunicast processbacklog netlinkunicastkern...

pcp: pmpost symlink attack allows escalating pcp to root user

A vulnerability was found in Performance Co-Pilot PCP. This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which is used to log messages in the system. Under certain conditions, it runs with high-level privileges...

CVE-2024-7254

Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or...

CVE-2024-46795

In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding...

CVE-2024-46764

In the Linux kernel, the following vulnerability has been resolved: bpf: add check for invalid name in btfnamevalidsection If the length of the name string is 1 and the value of name0 is NULL byte, an OOB vulnerability occurs in btfnamevalidsection and the return value is true, so the invalid nam...

CVE-2024-46780

In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing...

CVE-2024-46796

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2setpathsize If smb2compoundop is called with a valid @cfile and returned -EINVAL, we need to call cifsgetwritablepath before retrying it as the reference of @cfile was already dropped ...

CVE-2024-46718

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned to 1G VRAM chunk. v2: - Always use 2M pages for last chunk Fe...

CVE-2024-8947

A vulnerability was found in MicroPython 1.22.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file py/objarray.c. The manipulation leads to use after free. The attack can be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-7788

Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before 24.2.5...

CVE-2024-8775

A flaw was found in Ansible, where sensitive information stored in Ansible Vault files can be exposed in plaintext during the execution of a playbook. This occurs when using tasks such as includevars to load vaulted variables without setting the nolog: true parameter, resulting in sensitive data...

CVE-2024-46675

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing SMMU faults and othe...

CVE-2024-46678

In the Linux kernel, the following vulnerability has been resolved: bonding: change ipseclock from spin lock to mutex In the cited commit, bond-ipseclock is added to protect ipseclist, hence xdodevstateadd and xdodevstatedelete are called inside this lock. As ipseclock is a spin lock and such...

CVE-2024-46709

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix prime with external buffers Make sure that for external buffers mapping goes through the dmabuf interface instead of trying to access pages directly. External buffers might not provide direct access to...

CVE-2024-46674

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undoplatformdevalloc" is entirely bogus. It drops the reference count from...

CVE-2024-46692

In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Mark getwqctx as atomic call Currently getwqctx is wrongly configured as a standard call. When two SMC calls are in sleep and one SMC wakes up, it calls getwqctx to resume the corresponding sleeping thread. B...