6 matches found
CVE-2024-26889
CVE-2024-26889 refers to a Linux kernel security fix for a Bluetooth (hci_core) buffer overflow. The root cause was a fixed-size name field in struct hci_dev_info (name[8]); a larger hdev->name could cause strcpy to overrun its destination. The fix switches to strscpy to safely copy the device...
CVE-2024-53123
CVE-2024-53123 affects the Linux kernel and is tied to MPTCP: the issue stems from racing disconnect handling. After a blamed commit, sk_wait_data() can return with an error while the underlying socket is already disconnected and the receive window (rcv_mss) is zero. The result is a potential use...
CVE-2024-50136
CVE-2024-50136 affects the Linux kernel’s mlx5 driver (net/mlx5) where the notifier for eswitch init could remain registered after an init failure, causing a later eswitch enable to emit warnings like “notifier callback eswitch_vport_event [mlx5_core] already registered.” The root cause described...
CVE-2023-46862
CVE-2023-46862 (Linux kernel) affects kernels up to 6.5.9. A race during SQ thread exit can trigger a NULL pointer dereference in io_uring_show_fdinfo (io_uring/fdinfo.c), potentially crashing the system or causing denial of service. The issue is tied to the io_uring subsystem and occurs under sp...
CVE-2024-36936
The CVE-2024-36936 issue affects the Linux kernel's memory-accept path under efi/unaccepted. The root cause was a soft lockup scenario caused by a spinlock held during memory acceptance, which could intermittently trigger a watchdog/softlockup on the CPU during large TD guest memory loads. The fi...
CVE-2024-27416
CVE-2024-27416 is a Linux kernel vulnerability: Bluetooth hci_event handling of HCI on_IO_CAPA_REQUEST when Read Remote Extended Features is pending could lead to an incorrect assumption that the remote supports SSP. The issue is addressed in kernel code by fixing the HCI_EV_IO_CAPA_REQUEST handl...