CVE-2024-42104 nilfs2: add missing check for inode numbers on directory entries

In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which trigger...

CVE-2024-42104

CVE-2024-42104 affects the Linux kernel’s nilfs2 filesystem. A missing check for inode numbers on directory entries allows internal inodes (metadata files) to be exposed in the namespace, potentially causing a use-after-free of metadata file inodes and kernel bugs in lru_add_fn() when mounting/un...

CVE-2024-42104 nilfs2: add missing check for inode numbers on directory entries

In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which trigger...

CVE-2024-41034 nilfs2: fix kernel bug on rename operation of broken directory

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug on rename operation of broken directory Syzbot reported that in rename directory operation on broken directory on nilfs2, blockwritebeginint called to prepare block write may fail BUGON check for access...

CVE-2024-41030

The CVE-2024-41030 vulnerability affects the Linux kernel’s ksmbd server: when opening a directory, write access could be inappropriately granted due to flags from the client, causing ksmbd to become incompatible with FUSE filesystems. The fix discards write access during directory opens, address...

kernel: net: amd-xgbe: Fix skb data length underflow

In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUGON triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the packet if such length...

DEBIAN-CVE-2022-48847

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Fix filter limit check In watchqueuesetfilter, there are a couple of places where we check that the filter type value does not exceed what the typefilter bitmap can hold. One place calculates the number of bits by: if...

UBUNTU-CVE-2022-48835

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Page fault in reply q processing A page fault was encountered in mpt3sas on a LUN reset error path: 145.763216 mpt3sascm1: Task abort tm failed: handle0x0002,timeout30 trmethod0x0 smid3 msixindex0 145.778932 scsi...

CVE-2022-48857 NFC: port100: fix use-after-free in port100_send_complete

In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100sendcomplete Syzbot reported UAF in port100sendcomplete. The root case is in missing usbkillurb calls on error handling path of -probe function. port100sendcomplete accesses devm allocat...

CVE-2022-48802

In the Linux kernel, the following vulnerability has been resolved: fs/proc: taskmmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 1 PREEMPT SMP KASAN CPU: 1 PID: 4392 Comm: syz-executor560 Not...

DEBIAN-CVE-2023-52886

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...

UBUNTU-CVE-2023-52886

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...

SUSE CVE-2024-39497

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fix BUGON on mmapPROTWRITE, MAPPRIVATE Lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flag causing a kernel panic due to BUGON in...

DEBIAN-CVE-2024-40914

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: don't unpoison hugezerofolio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted...

CVE-2024-40948

In the Linux kernel, the following vulnerability has been resolved: mm/pagetablecheck: fix crash on ZONEDEVICE Not all pages may apply to pgtable check. One example is ZONEDEVICE pages: they map PFNs directly, and they don't allocate pageext at all even if there's struct page around. One may...

CVE-2024-40914

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: don't unpoison hugezerofolio When I did memory failure tests recently, below panic occurs: kernel BUG at include/linux/mm.h:1135! invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 9 PID: 137 Comm: kswapd1 Not tainted...

CVE-2024-40948 mm/page_table_check: fix crash on ZONE_DEVICE

In the Linux kernel, the following vulnerability has been resolved: mm/pagetablecheck: fix crash on ZONEDEVICE Not all pages may apply to pgtable check. One example is ZONEDEVICE pages: they map PFNs directly, and they don't allocate pageext at all even if there's struct page around. One may...

CVE-2024-40948 mm/page_table_check: fix crash on ZONE_DEVICE

In the Linux kernel, the following vulnerability has been resolved: mm/pagetablecheck: fix crash on ZONEDEVICE Not all pages may apply to pgtable check. One example is ZONEDEVICE pages: they map PFNs directly, and they don't allocate pageext at all even if there's struct page around. One may...

CVE-2024-39510 cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefilesondemanddaemonread We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASAN:...

CVE-2024-39502

In the Linux kernel, the following vulnerability has been resolved: ionic: fix use after netifnapidel When queues are started, netifnapiadd and napienable are called. If there are 4 queues and only 3 queues are used for the current configuration, only 3 queues' napi should be registered and...