4.4
CVE-2024-38391 - kernel: cxl/region: Fix cxlr_pmem leaks
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
10
CVE-2024-36532 -
Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
7.1
CVE-2024-38621 - media: stk1160: fix bounds checking in stk1160_copy_video()
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. When the condition isβ¦
5.5
CVE-2024-36244 - net/sched: taprio: extend minimum interval restriction to entire cycle too
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time differβ¦
7.8
CVE-2024-38627 - stm class: Fix a double free in stm_register_device()
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.
5.5
CVE-2024-36478 - null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/confiβ¦
5.5
CVE-2024-31076 - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline
In the Linux kernel, the following vulnerability has been resolved: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline The absence of IRQD_MOVE_PCNTXT prevents immediate effectiveness of interrupt affinity reconfiguration via procfs. Instead, the change is deferred until the neβ¦
5.5
CVE-2024-38633 - serial: max3100: Update uart_driver_registered on driver removal
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Update uart_driver_registered on driver removal The removal of the last MAX3100 device triggers the removal of the driver. However, code doesn't update the respective global variable and after insmod β rmmod β inβ¦
0.0
CVE-2024-37694 -
This submission has been rejected by the CNA of record. Authentication is user configurable as described in our documentation. Β Β https://enterprise.arcgis.com/en/server/latest/administer/windows/configuring-arcgis-server-security.htm
7.8
CVE-2024-39277 - dma-mapping: benchmark: handle NUMA_NO_NODE correctly
In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UBSAN: array-index-out-of-bounds in ./arch/x86/includeβ¦