4 matches found
CVE-2024-26596
The CVE-2024-26596 entry concerns the Linux kernel net: dsa subsystem. The issue arises when handling NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER events: code dereferences netdev_priv(dev) unconditionally, but not all net_devices have a priv of type struct dsa_user_priv. This can read memory bey...
CVE-2023-0459
CVE-2023-0459: Linux kernel on 64-bit systems is affected by a local elevation of information disclosure due to Copy_from_user bypassing __uaccess_begin_nospec, bypassing access_ok and allowing a user to pass a kernel pointer to copy_from_user. Root cause is the __uaccess_begin_nospec handling. I...
CVE-2024-46725
CVE-2024-46725 refers to a Linux kernel vulnerability where the drm/amdgpu path could trigger an out-of-bounds write warning. The connected Astra Linux bulletin confirms the issue as a kernel-level flaw and notes the fix was to validate the ring type value to prevent the OOB write. The vulnerabil...
CVE-2024-53129
CVE-2024-53129 affects the Linux kernel DRM Rockchip VOP as described. The root cause was a NULL-dereference in vop_plane_atomic_async_check() where 'state' could be dereferenced before a NULL check; patch fixes crtc_state validation (rockchip_drm_vop.c:1096). Connected advisories confirm the iss...