7.8
CVE-2024-26958 - nfs: fix UAF in direct writes
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 rβ¦
7.1
CVE-2024-26954 - ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb2_create_req, slab-out-of-bounds read can happen from smb2_open. This patch set the minimum value ofβ¦
7.8
CVE-2024-27008 - drm: nv04: Fix out of bounds access
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index thβ¦
5.5
CVE-2024-27073 - media: ttpci: fix two memleaks in budget_av_attach
In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, thereβ¦
5.5
CVE-2024-26962 - dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape
In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, inβ¦
5.5
CVE-2022-48669 - powerpc/pseries: Fix potential memleak in papr_get_attr()
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure.
5.5
CVE-2024-27042 - kernel: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.8
CVE-2024-26957 - s390/zcrypt: fix reference counting on zcrypt card objects
In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcrypt_card. The reason was an incoβ¦
7.5
CVE-2024-25458 -
An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port.
5.5
CVE-2024-26929 - kernel: scsi: qla2xxx: Fix double free of fcport
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.