Vulnerabilities > Linux > Linux Kernel > 6.6.60

DATE CVE VULNERABILITY TITLE RISK
2024-05-01 CVE-2024-26954 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb2_create_req, slab-out-of-bounds read can happen from smb2_open. This patch set the minimum value of the name offset to the buffer offset to validate name length of smb2_create_req().
local
low complexity
linux
7.1
2024-05-01 CVE-2024-26962 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress.
local
low complexity
linux CWE-667
5.5
2024-05-01 CVE-2024-27010 Improper Locking vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [.....
local
low complexity
linux CWE-667
5.5
2024-05-01 CVE-2024-27011 Memory Leak vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared.
local
low complexity
linux CWE-401
5.5
2024-05-01 CVE-2024-27012 Memory Leak vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: restore set elements when delete set fails From abort path, nft_mapelem_activate() needs to restore refcounters to the original state.
local
low complexity
linux fedoraproject CWE-401
5.5
2024-04-17 CVE-2024-26836 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to confirm they are OK with this order too.
local
low complexity
linux
7.8
2024-04-10 CVE-2021-47181 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
local
low complexity
linux CWE-476
5.5
2024-04-10 CVE-2021-47203 Out-of-bounds Write vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter.
local
low complexity
linux CWE-787
5.5
2024-04-10 CVE-2021-47206 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
local
low complexity
linux CWE-476
5.5
2024-04-10 CVE-2021-47207 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer dereference issue. Fix this by adding a null check before dereference.
local
low complexity
linux CWE-476
5.5