Vulnerabilities > Linux > Linux Kernel > 5.15

DATE CVE VULNERABILITY TITLE RISK
2024-08-21 CVE-2024-43873 Missing Initialization of Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: vhost/vsock: always initialize seqpacket_allow There are two issues around seqpacket_allow: 1.
local
low complexity
linux CWE-909
7.8
2024-08-21 CVE-2024-43882 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer is passed back.
local
high complexity
linux CWE-367
7.0
2024-08-21 CVE-2024-43863 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all fences and update their status, to do that it holds a lock to prevent the list modifcations from other threads.
local
low complexity
linux CWE-667
5.5
2024-08-20 CVE-2024-43861 Memory Leak vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.
local
low complexity
linux CWE-401
5.5
2024-08-17 CVE-2024-43817 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1.
local
low complexity
linux
5.5
2024-08-17 CVE-2024-43819 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontrol VMs have kvm->arch.gmap set to 0 and would thus result in a null pointer dereference further in. Memory management needs to be performed in userspace and using the ioctls KVM_S390_UCAS_MAP and KVM_S390_UCAS_UNMAP. Also improve s390 specific documentation for KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2. [[email protected]: commit message spelling fix, subject prefix fix]
local
low complexity
linux CWE-476
5.5
2024-08-17 CVE-2024-43823 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference.
local
low complexity
linux CWE-476
5.5
2024-08-17 CVE-2024-43824 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check.
local
low complexity
linux CWE-476
5.5
2024-08-17 CVE-2024-43828 Infinite Loop vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct.
local
low complexity
linux CWE-835
5.5
2024-08-17 CVE-2024-43829 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference.
local
low complexity
linux CWE-476
5.5