5.5
CVE-2024-40962 - btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: allocate dummy checksums for zoned NODATASUM writes Shin'ichiro reported that when he's running fstests' test-case btrfs/167 on emulated zoned devices, he's seeing the following NULL pointer dereference in 'btrfs_zoβ¦
5.5
CVE-2024-40961 - ipv6: prevent possible NULL deref in fib6_nh_init()
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); /β¦
5.5
CVE-2024-40937 - gve: Clear napi->skb before dev_kfree_skb_any()
In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangliβ¦
5.5
CVE-2024-40930 - wifi: cfg80211: validate HE operation element parsing
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: validate HE operation element parsing Validate that the HE operation element has the correct length before parsing it.
7.8
CVE-2024-41000 - block/ioctl: prefer different overflow check
In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid nβ¦
5.5
CVE-2024-40959 - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()
In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0β¦
5.5
CVE-2024-40982 - kernel: ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2024-39498 - drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2
In the Linux kernel, the following vulnerability has been resolved: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 [Why] Commit: - commit 5aa1dfcdf0a4 ("drm/mst: Refactor the flow for payload allocation/removement") accidently overwrite the commit - commit 54d217406afe ("drm: uβ¦
8.8
CVE-2024-40548 -
An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file.
6.5
CVE-2024-40547 -
PublicCMS v4.0.202302.e was discovered to contain an arbitrary file content replacement vulnerability via the component /admin/cmsTemplate/replace.