Vulnerabilities > Linux

DATE CVE VULNERABILITY TITLE RISK
2024-10-21 CVE-2024-49990 Use of Uninitialized Resource vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capability check.
local
low complexity
linux CWE-908
5.5
2024-10-21 CVE-2024-49991 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug.
local
low complexity
linux CWE-416
7.8
2024-10-21 CVE-2024-49992 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init().
local
low complexity
linux CWE-416
7.8
2024-10-21 CVE-2024-49994 Integer Overflow or Wraparound vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 callbacks suppressed
local
low complexity
linux CWE-190
5.5
2024-10-21 CVE-2024-49995 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only.
local
low complexity
linux
7.8
2024-10-21 CVE-2024-49996 Classic Buffer Overflow vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseDataLength. Function cifs_strndup_from_utf16() is currentlly accessing buf->DataBuffer at position after the end of the buffer because it does not subtract InodeType size from the length.
local
low complexity
linux CWE-120
7.8
2024-10-21 CVE-2024-49997 Improper Cross-boundary Removal of Sensitive Data vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure.
network
low complexity
linux CWE-212
7.5
2024-10-21 CVE-2024-49998 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net: dsa: improve shutdown sequence Alexander Sverdlin presents 2 problems during shutdown with the lan9303 driver.
local
high complexity
linux CWE-367
4.7
2024-10-21 CVE-2024-49999 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag to the server record that we used after doing the fileserver iteration loop - but it's possible to exit the loop having had a response from the server that we've discarded (e.g.
local
low complexity
linux
5.5
2024-10-21 CVE-2024-50000 NULL Pointer Dereference vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() In mlx5e_tir_builder_alloc() kvzalloc() may return NULL which is dereferenced on the next line in a reference to the modify field. Found by Linux Verification Center (linuxtesting.org) with SVACE.
local
low complexity
linux CWE-476
5.5