4.7
CVE-2024-46710 - drm/vmwgfx: Prevent unmapping active read buffers
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) β¦
5.5
CVE-2024-46707 - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the ICC_*SGI*_EL1 regisβ¦
4.7
CVE-2024-46711 - mptcp: pm: fix ID 0 endp usage after multiple re-creations
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initβ¦
7.8
CVE-2024-46674 - usb: dwc3: st: fix probed platform device ref count on probe error path
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops the reference count β¦
5
CVE-2024-44685 -
Titan SFTP and Titan MFT Server 2.0.25.2426 and earlier have a vulnerability a vulnerability where sensitive information, including passwords, is exposed in clear text within the JSON response when configuring SMTP settings via the Web UI.
8.8
CVE-2024-39924 -
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate tβ¦
5.7
CVE-2024-46044 -
CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
5.5
CVE-2024-46712 - drm/vmwgfx: Disable coherent dumb buffers without 3d
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3d Coherent surfaces make only sense if the host renders to them using accelerated apis. Without 3d the entire content of dumb buffers stays in the guest making all of the extra wβ¦
5.5
CVE-2024-46706 - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsl_lpuart: mark last busy before uart_add_one_port With "earlycon initcall_debug=1 loglevel=8" in bootargs, kernel sometimes boot hang. It is because normal console still is not ready, but runtime suspend is called,β¦
5.5
CVE-2024-46705 - drm/xe: reset mmio mappings with devm
In the Linux kernel, the following vulnerability has been resolved: drm/xe: reset mmio mappings with devm Set our various mmio mappings to NULL. This should make it easier to catch something rogue trying to mess with mmio after device removal. For example, we might unmap everything and then startβ¦