USN-7194-1: Linux kernel (Azure) vulnerabilities

Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type-confusion error. A physically proximate remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2020-12351 Andy Nguyen discovered that the...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-7185-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7185-2 advisory. Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux kernel contained an integer overflow vulnerability. A...

CVE-2024-56778

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stihqvdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

USN-7159-5: Linux kernel (Raspberry Pi) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - S390 architecture; - x86 architecture; - Power management core; - GPU...

CVE-2024-56712

In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last exportudmabuf error path In exportudmabuf, if dmabuffd fails because the FD table is full, a dmabuf owning the udmabuf has already been created; but the error handling in udmabufcreate will tear...

CVE-2024-53227

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfadimmoduleexit BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: dumpstacklvl+0x95/0xe0 printreport+0xcb/0x6...

CVE-2024-53186

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling in ksmbdconnhandlerloop and the freeing of ksmbdconn in the workqueue handler handleksmbdwork. This leads to a UAF. - KASAN:...

CVE-2024-56717 net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()

In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRCPORT field in ocelotifhsetbasic Packets injected by the CPU should have a SRCPORT field equal to the CPU port module index in the Analyzer block ocelot-numphysports. The blamed commit copie...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an issue with otx2mboxgetrsp error handling in the octeontx2-pf driver...

CVE-2024-56702

The CVE-2024-56702 issue is a Linux kernel fix for BPF raw tracepoints. It explains that raw_tp arguments were previously treated as non-NULL, risking NULL dereferences when NULL values occur. The fix marks raw_tp arguments as PTR_MAYBE_NULL and adjusts dereferences, arithmetic, and allowed passe...

CVE-2024-56691 mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device

In the Linux kernel, the following vulnerability has been resolved: mfd: intelsocpmicbxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has inherited flaws. This was unveiled when...

CVE-2024-56669

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS, leading to potential memory leaks and kernel crashes. Specifically, CACHETAGDEVTLB type cache tags may still...

CVE-2024-56564

In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to cephmdsauthmatch This eliminates a redundant getcurrentcred call, because cephmdscheckaccess has already obtained this pointer. As a side effect, this also fixes a reference leak in cephmdsauthmatch: by...

CVE-2024-56656 bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X P7 chip's HW GRO/LRO interface is very similar to that of the previous generation 5750X or P5. However, the aggregation ID fields in the completion structur...

CVE-2024-56644 net/ipv6: release expired exception dst cached in socket

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6negativeadvice when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must ...

CVE-2024-56627 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbdvfsstreamread An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxat...

CVE-2024-56619

CVE-2024-56619 — Linux kernel nilfs2 . A potential out-of-bounds memory access in nilfs_find_entry() when an inode’s i_size is large/corrupted. Root cause: i_size upper 32 bits were lost due to a local variable type, causing underflow in end-address calculation. Fix: replace the offending local v...

CVE-2024-56619 nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfsfindentry Syzbot reported that when searching for records in a directory where the inode's isize is corrupted and has a large value, memory access outside the folio/page...

CVE-2024-56614 xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

CVE-2024-56609 wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...