SUSE CVE-2024-40924

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Make DPT object unshrinkable In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm-boundlist. Then it tries to rewrite the PTEs via a stale CPU...

SUSE CVE-2022-48714

In the Linux kernel, the following vulnerability has been resolved: bpf: Use VMMAP instead of VMALLOC for ringbuf After commit 2fd3fb0be1d1 "kasan, vmalloc: unpoison VMALLOC pages after mapping", non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enabled. But now the...

UBUNTU-CVE-2022-48714

In the Linux kernel, the following vulnerability has been resolved: bpf: Use VMMAP instead of VMALLOC for ringbuf After commit 2fd3fb0be1d1 "kasan, vmalloc: unpoison VMALLOC pages after mapping", non-VMALLOC mappings will be marked as accessible in getvmareanode when KASAN is enabled. But now the...

UBUNTU-CVE-2024-38610

In the Linux kernel, the following vulnerability has been resolved: drivers/virt/acrn: fix PFNMAP PTE checks in acrnvmrammap Patch series "mm: followpte improvements and acrn followpte fixes". Patch 1 fixes a bunch of issues I spotted in the acrn driver. It compiles, that's all I know. I'll...

SUSE CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

DEBIAN-CVE-2024-36891

In the Linux kernel, the following vulnerability has been resolved: mapletree: fix masemptyarearev null pointer dereference Currently the code calls masstart followed by masdataend if the maple state is MASTART, but masstart may return with the maple state node == NULL. This will lead to a null...

SUSE CVE-2021-47531

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VMIO and VMDONTDUMP In commit 510410bfc034 "drm/msm: Implement mmap as GEM object function" we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that...

DEBIAN-CVE-2021-47531

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VMIO and VMDONTDUMP In commit 510410bfc034 "drm/msm: Implement mmap as GEM object function" we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that...

UBUNTU-CVE-2021-47531

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VMIO and VMDONTDUMP In commit 510410bfc034 "drm/msm: Implement mmap as GEM object function" we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that...

SUSE CVE-2024-35993

In the Linux kernel, the following vulnerability has been resolved: mm: turn foliotesthugetlb into a PageType The current foliotesthugetlb can be fooled by a concurrent folio split into returning true for a folio which has never belonged to hugetlbfs. This can't happen if the caller holds a...

DEBIAN-CVE-2024-35786

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveaugemioctlpushbuf If VMBIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the...

DEBIAN-CVE-2024-27400

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: once more fix the call oder in amdgputtmmove v2 This reverts drm/amdgpu: fix ftrace event amdgpubomove always move on same heap. The basic problem here is that after the move the old location is simply not available a...

SUSE CVE-2024-26939

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vma: Fix UAF on destroy against retire race Object debugging tools were sporadically reporting illegal attempts to free a still active i915 VMA object when parking a GT believed to be idle. 161.359441 ODEBUG: free active...

SUSE CVE-2024-27022

In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING 1. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfsfallocate dupmmap hugetlbfspunchhole immaplockwritemapping;...

UBUNTU-CVE-2024-27070

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fsfilemapfault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fsfilemapfault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr ffff88807bb22680 by task...

kernel: amdgpu: validate offset_in_bo of drm_amdgpu_gem_va

A flaw was found in the AMDGPU graphics driver within the Linux kernel was identified where the offsetinbo parameter in the drmamdgpugemva handler was not sufficiently validated. Under certain conditions, an addition of offsetinbo and mapsize can overflow, resulting in an out-of-bounds access...

kernel: drm/amdgpu: unmap and remove csa_va properly

A locking violation was found in the Linux kernel's AMD GPU driver in the context save area cleanup path. A local user can trigger this issue when closing GPU contexts, causing the driver to unmap and remove virtual memory mappings without first reserving the root page directory buffer object. Th...

CVE-2024-26639

...

CVE-2024-26639

Removed by vendor...

PT-2024-3374 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0 Description: The issue is related to a use-after-free problem in the f2fs filemap fault function. This occurs because vmf-vma may not be alive after filemap fault, potentially causing a use-after-free issu...