Vulnerabilities > Linux > Linux Kernel > 4.14.104

DATE CVE VULNERABILITY TITLE RISK
2024-05-01 CVE-2024-26930 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix double free of the ha->vp_map pointer Coverity scan reported potential risk of double free of the pointer ha->vp_map.
local
low complexity
linux CWE-415
7.8
2024-05-01 CVE-2024-26933 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the port's parent hub device.
local
low complexity
linux CWE-667
7.8
2024-05-01 CVE-2024-26934 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device lock on an ancestor device: It calls usb_deauthorize_interface(), which locks the interface's parent USB device. The will lead to deadlock if another process already owns that lock and tries to remove the interface, whether through a configuration change or because the device has been disconnected.
local
low complexity
linux CWE-667
7.8
2024-05-01 CVE-2024-26949 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix NULL pointer dereference when get power limit Because powerplay_table initialization is skipped under sriov case, We check and set default lower and upper OD value if powerplay_table is NULL.
local
low complexity
linux CWE-476
5.5
2024-05-01 CVE-2024-26952 Classic Buffer Overflow vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid.
local
low complexity
linux CWE-120
7.8
2024-05-01 CVE-2024-26978 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: serial: max310x: fix NULL pointer dereference in I2C instantiation When trying to instantiate a max14830 device from userspace: echo max14830 0x60 > /sys/bus/i2c/devices/i2c-2/new_device we get the following error: Unable to handle kernel NULL pointer dereference at virtual address... ... Call trace: max310x_i2c_probe+0x48/0x170 [max310x] i2c_device_probe+0x150/0x2a0 ... Add check for validity of devtype to prevent the error, and abort probe with a meaningful error message.
local
low complexity
linux CWE-476
5.5
2024-05-01 CVE-2024-27013 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets.
local
low complexity
linux fedoraproject CWE-770
5.5
2024-05-01 CVE-2024-27018 In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follow bridge input hook path.
local
low complexity
linux fedoraproject
7.8
2024-05-01 CVE-2024-27019 Race Condition vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in __nft_obj_type_get().
local
high complexity
linux fedoraproject CWE-362
4.7
2024-05-01 CVE-2024-27020 Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get().
local
high complexity
linux CWE-362
7.0