Siemens SCALANCE and RUGGEDCOM Devices Allocation of Resources Without Limits or Throttling (CVE-2024-39484)

mmc: davinci: Vulnerability from resource leaks. Using exit for the remove function results in the remove callback being discarded with CONFIGMMCDAVINCI=y. When such a device gets unbound e.g. using sysfs or hotplug, the driver is just removed without the cleanup being performed. This plugin only...

Vulnerability of the vpif_probe() function in the drivers/media/platform/davinci/vpif.c module – A driver for kernel-based multimedia devices in the Linux operating system, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the vpifprobe function in the drivers/media/platform/davinci/vpif.c module – The Linux kernel’s multimedia device support driver is vulnerable due to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the...

CLSA-2024-1724870873 Fix CVE(s): CVE-2023-52629, CVE-2023-52760, CVE-2024-39484, CVE-2024-39487

CVE-url: https://ubuntu.com/security/CVE-2024-39487 - bonding: Fix out-of-bounds read in bondoptionarpiptargetsset CVE-url: https://ubuntu.com/security/CVE-2023-52760 - gfs2: Fix slab-use-after-free in gfs2qddealloc CVE-url: https://ubuntu.com/security/CVE-2023-52629 - sh: push-switch: Reorder...

UBUNTU-CVE-2024-39484

In the Linux kernel, the following vulnerability has been resolved: mmc: davinci: Don't strip remove function when driver is builtin Using exit for the remove function results in the remove callback being discarded with CONFIGMMCDAVINCI=y. When such a device gets unbound e.g. using sysfs or...

CVE-2024-39484

CVE-2024-39484 - Linux kernel mmc: davinci driver: the remove callback was discarded when built-in and __exit was used, causing resource leaks on unbind/reset. The fix compiles the remove callback unconditionally so it is always executed during driver removal. Connected sources confirm the issue ...