7.8
CVE-2024-40899 - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() We got the following issue in a fuzz test of randomly issuing the restore command: ================================================================== BUG: KASANβ¦
7.8
CVE-2024-40939 - net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer which actually holdβ¦
4.7
CVE-2024-39501 - kernel: drivers: core: synchronize really_probe() and dev_uevent()
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.1
CVE-2024-39499 - vmci: prevent speculation leaks by sanitizing event in event_deliver()
In the Linux kernel, the following vulnerability has been resolved: vmci: prevent speculation leaks by sanitizing event in event_deliver() Coverity spotted that event_msg is controlled by user-space, event_msg->event_data.event is passed to event_deliver() and used as an index without sanitizatioβ¦
5.5
CVE-2024-40976 - drm/lima: mask irqs in timeout path before hard reset
In the Linux kernel, the following vulnerability has been resolved: drm/lima: mask irqs in timeout path before hard reset There is a race condition in which a rendering job might take just long enough to trigger the drm sched job timeout handler but also still complete before the hard reset is doβ¦
7.8
CVE-2024-40909 - bpf: Fix a potential use-after-free in bpf_link_free()
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free in bpf_link_free() After commit 1a80dbcb2dba, bpf_link can be freed by link->ops->dealloc_deferred, but the code still tests and uses link->ops->dealloc afterward, which leads to a use-after-frβ¦
5.5
CVE-2024-40916 - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found
In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector. Unfortunately some variantβ¦
5.5
CVE-2024-40911 - wifi: cfg80211: Lock wiphy in cfg80211_get_station
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle keβ¦
5.5
CVE-2024-40990 - RDMA/mlx5: Add check for srq max_sge attribute
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it.
5.5
CVE-2024-40947 - ima: Avoid blocking in RCU read-side critical section
In the Linux kernel, the following vulnerability has been resolved: ima: Avoid blocking in RCU read-side critical section A panic happens in ima_match_policy: BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 42f873067 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 5 PID: 12863β¦