Vulnerabilities > Linux > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-09 CVE-2024-50234 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlegacy: Clear stale interrupts before resuming device iwl4965 fails upon resume from hibernation on my laptop.
local
high complexity
linux CWE-367
7.0
2024-11-09 CVE-2024-50235 Double Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free When we free wdev->cqm_config when unregistering, we also need to clear out the pointer since the same wdev/netdev may get re-registered in another network namespace, then destroyed later, running this code again, which results in a double-free.
local
low complexity
linux CWE-415
7.8
2024-11-09 CVE-2024-50242 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release
local
low complexity
linux
7.8
2024-11-09 CVE-2024-50246 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check
local
low complexity
linux
7.8
2024-11-09 CVE-2024-50247 Out-of-bounds Read vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off.
local
low complexity
linux CWE-125
7.1
2024-11-09 CVE-2024-50250 Unspecified vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page.
local
low complexity
linux
7.1
2024-11-09 CVE-2024-50257 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in get_info() ip6table_nat module unload has refcnt warning for UAF.
local
low complexity
linux CWE-416
7.8
2024-11-09 CVE-2024-50261 Use After Free vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF.
local
low complexity
linux CWE-416
7.8
2024-11-09 CVE-2024-50262 Out-of-bounds Write vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths from the root to leaves.
local
low complexity
linux CWE-787
7.8
2024-11-08 CVE-2024-50180 Out-of-bounds Write vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the array contains non-digit characters. Then, when executing sprintf(strbuf, "%ux%ux8", xres, yres); more than 16 bytes will be written to strbuf. It is suggested to increase the size of the strbuf array to 24. Found by Linux Verification Center (linuxtesting.org) with SVACE.
local
low complexity
linux CWE-787
7.8