SB20240711180 - Ubuntu update for linux
Published: July 11, 2024 Updated: May 13, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 221 secuirty vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2022-38096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
2) Use-after-free (CVE-ID: CVE-2023-47233)
The vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.
3) Use-after-free (CVE-ID: CVE-2023-6270)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the aoecmd_cfg_pkts() function in the ATA over Ethernet (AoE) driver. A local user can trigger a use-after-free error and escalate privileges on the system.
4) NULL pointer dereference (CVE-ID: CVE-2023-7042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() function in drivers/net/wireless/ath/ath10k/wmi-tlv.c. A local user can pass specially crafted data to the driver and perform a denial of service (DoS) attack.
5) Deserialization of Untrusted Data (CVE-ID: CVE-2024-21823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.
6) Integer overflow (CVE-ID: CVE-2024-23307)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow in raid5_cache_count() function. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
7) Race condition (CVE-ID: CVE-2024-24861)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the xc4000 xc4000_get_frequency() function in the media/xc4000 device driver. A local user can exploit the race and escalate privileges on the system.
8) Improper check for unusual or exceptional conditions (CVE-ID: CVE-2024-25739)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper check for unusual or exceptional conditions error within the ubi_read_volume_table() function in drivers/mtd/ubi/vtbl.c. A local user can perform a denial of service (DoS) attack.
9) Resource management error (CVE-ID: CVE-2024-27432)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mtk_ppe_start() and mtk_ppe_stop() functions in drivers/net/ethernet/mediatek/mtk_ppe.c. A local user can perform a denial of service (DoS) attack.
10) Improper locking (CVE-ID: CVE-2024-35822)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usb_ep_queue() function in drivers/usb/gadget/udc/core.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2024-26859)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h. A local user can perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2024-26967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/camcc-sc8280xp.c. A local user can perform a denial of service (DoS) attack.
13) Improper locking (CVE-ID: CVE-2024-27053)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the wilc_parse_join_bss_param() function in drivers/staging/wilc1000/wilc_hif.c. A local user can perform a denial of service (DoS) attack.
14) Memory leak (CVE-ID: CVE-2024-27064)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nf_tables_updchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2024-27437)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vfio_intx_set_signal() function in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
16) NULL pointer dereference (CVE-ID: CVE-2024-26931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the qlt_free_session_done() function in drivers/scsi/qla2xxx/qla_target.c. A local user can perform a denial of service (DoS) attack.
17) Buffer overflow (CVE-ID: CVE-2024-26870)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the nfs4_listxattr() function in fs/nfs/nfs4proc.c. A local user can escalate privileges on the system.
18) Integer underflow (CVE-ID: CVE-2024-26927)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the sof_ipc3_fw_parse_ext_man() function in sound/soc/sof/ipc3-loader.c. A local user can execute arbitrary code.
19) Resource management error (CVE-ID: CVE-2024-26880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __dm_internal_suspend() and __dm_internal_resume() functions in drivers/md/dm.c. A local user can perform a denial of service (DoS) attack.
20) Use-after-free (CVE-ID: CVE-2024-35789)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ieee80211_change_station() function in net/mac80211/cfg.c. A local user can escalate privileges on the system.
21) Double free (CVE-ID: CVE-2024-26929)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the qla2x00_els_dcmd_sp_free() and qla24xx_els_dcmd_iocb() functions in drivers/scsi/qla2xxx/qla_iocb.c. A local user can execute arbitrary code.
22) Improper locking (CVE-ID: CVE-2024-27034)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_write_single_data_page() function in fs/f2fs/data.c, within the f2fs_compress_write_end_io(), f2fs_write_raw_pages() and unlock_page() functions in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
23) Memory leak (CVE-ID: CVE-2024-26816)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the print_absolute_relocs() function in arch/x86/tools/relocs.c. A local user can perform a denial of service (DoS) attack.
24) Memory leak (CVE-ID: CVE-2024-26896)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wfx_set_mfp_ap() function in drivers/net/wireless/silabs/wfx/sta.c. A local user can perform a denial of service (DoS) attack.
25) NULL pointer dereference (CVE-ID: CVE-2024-26975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rapl_config() function in drivers/powercap/intel_rapl_common.c. A local user can perform a denial of service (DoS) attack.
26) Memory leak (CVE-ID: CVE-2024-26972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the mutex_unlock() function in fs/ubifs/dir.c. A local user can perform a denial of service (DoS) attack.
27) Reachable assertion (CVE-ID: CVE-2024-26937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the gen11_emit_fini_breadcrumb_rcs() function in drivers/gpu/drm/i915/gt/intel_lrc.c, within the __engine_park() function in drivers/gpu/drm/i915/gt/intel_engine_pm.c. A local user can perform a denial of service (DoS) attack.
28) Infinite loop (CVE-ID: CVE-2024-27032)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the f2fs_reserve_new_block_retry() function in fs/f2fs/recovery.c. A local user can perform a denial of service (DoS) attack.
29) NULL pointer dereference (CVE-ID: CVE-2024-26871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the trace_f2fs_submit_page_write() and __submit_merged_bio() functions in fs/f2fs/data.c. A local user can perform a denial of service (DoS) attack.
30) Memory leak (CVE-ID: CVE-2024-26655)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the posix_clock_open() function in kernel/time/posix-clock.c. A local user can perform a denial of service attack.
31) Memory leak (CVE-ID: CVE-2024-35829)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lima_heap_alloc() function in drivers/gpu/drm/lima/lima_gem.c. A local user can perform a denial of service (DoS) attack.
32) Use-after-free (CVE-ID: CVE-2024-26886)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bt_sock_recvmsg() and bt_sock_ioctl() functions in net/bluetooth/af_bluetooth.c. A local user can escalate privileges on the system.
33) Memory leak (CVE-ID: CVE-2023-52653)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gss_import_v2_context() function in net/sunrpc/auth_gss/gss_krb5_mech.c. A local user can perform a denial of service (DoS) attack.
34) NULL pointer dereference (CVE-ID: CVE-2024-27028)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_spi_interrupt() function in drivers/spi/spi-mt65xx.c. A local user can perform a denial of service (DoS) attack.
35) Resource management error (CVE-ID: CVE-2024-26877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the zynqmp_handle_aes_req() function in drivers/crypto/xilinx/zynqmp-aes-gcm.c. A local user can perform a denial of service (DoS) attack.
36) Use-after-free (CVE-ID: CVE-2024-26898)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tx() function in drivers/block/aoe/aoenet.c, within the aoecmd_cfg_pkts() function in drivers/block/aoe/aoecmd.c. A local user can escalate privileges on the system.
37) NULL pointer dereference (CVE-ID: CVE-2024-35796)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the temac_probe() function in drivers/net/ethernet/xilinx/ll_temac_main.c. A local user can perform a denial of service (DoS) attack.
38) Resource management error (CVE-ID: CVE-2024-27065)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the nf_tables_updtable() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
39) Resource management error (CVE-ID: CVE-2024-35807)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the EXT4_DESC_PER_BLOCK() function in fs/ext4/resize.c. A local user can perform a denial of service (DoS) attack.
40) Out-of-bounds read (CVE-ID: CVE-2024-26966)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-apq8084.c. A local user can perform a denial of service (DoS) attack.
41) Incorrect calculation (CVE-ID: CVE-2024-35826)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __bio_release_pages() function in block/bio.c. A local user can perform a denial of service (DoS) attack.
42) Resource management error (CVE-ID: CVE-2024-27067)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the evtchn_free_ring(), evtchn_interrupt() and evtchn_unbind_from_user() functions in drivers/xen/evtchn.c. A local user can perform a denial of service (DoS) attack.
43) Infinite loop (CVE-ID: CVE-2024-27039)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the hisi_clk_register_pll() function in drivers/clk/hisilicon/clk-hi3559a.c. A local user can perform a denial of service (DoS) attack.
44) Use-after-free (CVE-ID: CVE-2024-35811)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the brcmf_notify_escan_complete() and brcmf_cfg80211_detach() functions in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can escalate privileges on the system.
45) Use-after-free (CVE-ID: CVE-2024-26895)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wilc_netdev_cleanup() function in drivers/net/wireless/microchip/wilc1000/netdev.c. A local user can escalate privileges on the system.
46) Improper error handling (CVE-ID: CVE-2024-26814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the vfio_fsl_mc_set_irq_trigger() function in drivers/vfio/fsl-mc/vfio_fsl_mc_intr.c. A local user can perform a denial of service (DoS) attack.
47) NULL pointer dereference (CVE-ID: CVE-2024-26893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smc_chan_free() function in drivers/firmware/arm_scmi/smc.c. A local user can perform a denial of service (DoS) attack.
48) Input validation error (CVE-ID: CVE-2023-52649)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the apply_lut_to_channel_value() function in drivers/gpu/drm/vkms/vkms_composer.c. A local user can perform a denial of service (DoS) attack.
49) Input validation error (CVE-ID: CVE-2024-35801)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fpu__init_cpu_xstate() function in arch/x86/kernel/fpu/xstate.c. A local user can perform a denial of service (DoS) attack.
50) Resource management error (CVE-ID: CVE-2023-52648)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmw_du_cursor_plane_prepare_fb() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
51) NULL pointer dereference (CVE-ID: CVE-2024-27048)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcmf_pmksa_v3_op() function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c. A local user can perform a denial of service (DoS) attack.
52) Improper locking (CVE-ID: CVE-2024-26934)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the interface_authorized_store() function in drivers/usb/core/sysfs.c. A local user can execute arbitrary code.
53) Use-after-free (CVE-ID: CVE-2024-27049)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mt7925_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7925/pci.c. A local user can escalate privileges on the system.
54) Out-of-bounds read (CVE-ID: CVE-2024-26890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sizeof() function in drivers/bluetooth/hci_h5.c. A local user can perform a denial of service (DoS) attack.
55) NULL pointer dereference (CVE-ID: CVE-2024-26874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mtk_drm_crtc_finish_page_flip() function in drivers/gpu/drm/mediatek/mtk_drm_crtc.c. A local user can perform a denial of service (DoS) attack.
56) Memory leak (CVE-ID: CVE-2022-48669)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the arch/powerpc/platforms/pseries/papr_platform_attributes.c. A local user can perform a denial of service (DoS) attack.
57) Improper error handling (CVE-ID: CVE-2023-52661)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the tegra_dc_rgb_probe() function in drivers/gpu/drm/tegra/rgb.c. A local user can perform a denial of service (DoS) attack.
58) Out-of-bounds write (CVE-ID: CVE-2024-27436)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the convert_chmap() function in sound/usb/stream.c. A local user can execute arbitrary code.
59) Race condition (CVE-ID: CVE-2024-27058)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the shmem_free_file_info(), shmem_get_next_id(), shmem_acquire_dquot(), shmem_is_empty_dquot() and shmem_release_dquot() functions in mm/shmem_quota.c. A local user can escalate privileges on the system.
60) Information disclosure (CVE-ID: CVE-2024-26935)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the scsi_host_dev_release() function in drivers/scsi/hosts.c. A local user can gain access to sensitive information.
61) Buffer overflow (CVE-ID: CVE-2024-26956)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the nilfs_direct_lookup_contig() function in fs/nilfs2/direct.c, within the nilfs_btree_lookup_contig() function in fs/nilfs2/btree.c. A local user can perform a denial of service (DoS) attack.
62) Race condition (CVE-ID: CVE-2024-26960)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the __swap_entry_free_locked() and free_swap_and_cache() functions in mm/swapfile.c. A local user can escalate privileges on the system.
63) Improper locking (CVE-ID: CVE-2024-26976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the async_pf_execute(), kvm_clear_async_pf_completion_queue(), kvm_check_async_pf_completion() and kvm_setup_async_pf() functions in virt/kvm/async_pf.c. A local user can perform a denial of service (DoS) attack.
64) NULL pointer dereference (CVE-ID: CVE-2024-27041)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the amdgpu_dm_fini() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c. A local user can perform a denial of service (DoS) attack.
65) Improper locking (CVE-ID: CVE-2024-26873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the hisi_sas_internal_abort_timeout() function in drivers/scsi/hisi_sas/hisi_sas_main.c. A local user can perform a denial of service (DoS) attack.
66) Input validation error (CVE-ID: CVE-2024-26946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the can_probe() function in arch/x86/kernel/kprobes/core.c. A local user can perform a denial of service (DoS) attack.
67) Improper locking (CVE-ID: CVE-2024-27080)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the try_release_extent_state(), flush_fiemap_cache(), emit_fiemap_extent(), fiemap_search_slot(), fiemap_process_hole(), extent_fiemap(), i_size_read() and unlock_extent() functions in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2023-52650)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the tegra_dsi_ganged_probe() function in drivers/gpu/drm/tegra/dsi.c. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2024-26879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the drivers/clk/meson/axg.c. A local user can perform a denial of service (DoS) attack.
70) NULL pointer dereference (CVE-ID: CVE-2023-52647)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mxc_isi_crossbar_xlate_streams() function in drivers/media/platform/nxp/imx8-isi/imx8-isi-crossbar.c. A local user can perform a denial of service (DoS) attack.
71) Improper locking (CVE-ID: CVE-2024-27435)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nvme_alloc_admin_tag_set() and nvme_alloc_io_tag_set() functions in drivers/nvme/host/core.c. A local user can perform a denial of service (DoS) attack.
72) NULL pointer dereference (CVE-ID: CVE-2024-27038)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the clk_core_get() function in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
73) Use-after-free (CVE-ID: CVE-2024-26951)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the wg_get_device_dump() function in drivers/net/wireguard/netlink.c. A local user can escalate privileges on the system.
74) Resource management error (CVE-ID: CVE-2024-27390)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way the synchronize_net() function is called within the ipv6_mc_down() function in net/ipv6/mcast.c, which can lead to long synchronization up to 5 minutes. A remote attacker can perform a denial of service (DoS) attack by initiating multiple connections.
75) Use of uninitialized resource (CVE-ID: CVE-2024-26863)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the hsr_get_node() function in net/hsr/hsr_framereg.c. A local user can perform a denial of service (DoS) attack.
76) Input validation error (CVE-ID: CVE-2024-26959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the btnxpuart_close() function in drivers/bluetooth/btnxpuart.c. A local user can perform a denial of service (DoS) attack.
77) Improper locking (CVE-ID: CVE-2024-35794)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the md_clean() and __md_stop_writes() functions in drivers/md/md.c, within the raid_message(), raid_postsuspend(), raid_preresume() and raid_resume() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
78) Buffer overflow (CVE-ID: CVE-2024-26889)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the hci_get_dev_info() function in net/bluetooth/hci_core.c. A local user can escalate privileges on the system.
79) Input validation error (CVE-ID: CVE-2024-35845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
80) Double free (CVE-ID: CVE-2024-27433)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the clk_mt7622_apmixed_remove() function in drivers/clk/mediatek/clk-mt7622-apmixedsys.c. A local user can perform a denial of service (DoS) attack.
81) Use-after-free (CVE-ID: CVE-2024-26961)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mac802154_llsec_key_del_rcu() function in net/mac802154/llsec.c. A local user can escalate privileges on the system.
82) Buffer overflow (CVE-ID: CVE-2024-35803)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the SYM_FUNC_START(), SYM_FUNC_START_LOCAL() and SYM_DATA_END() functions in arch/x86/boot/compressed/efi_mixed.S. A local user can perform a denial of service (DoS) attack.
83) Double Free (CVE-ID: CVE-2024-26653)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in drivers/usb/misc/usb-ljca.c. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
84) Use-after-free (CVE-ID: CVE-2024-26939)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the active_to_vma() and i915_vma_pin_ww() functions in drivers/gpu/drm/i915/i915_vma.c. A local user can escalate privileges on the system.
85) Use-after-free (CVE-ID: CVE-2024-26872)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the srpt_add_one() function in drivers/infiniband/ulp/srpt/ib_srpt.c. A local user can escalate privileges on the system.
86) NULL pointer dereference (CVE-ID: CVE-2024-26979)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vmw_resource_context_res_add(), vmw_cmd_dx_define_query(), vmw_cmd_dx_view_define(), vmw_cmd_dx_so_define(), vmw_cmd_dx_define_shader() and vmw_cmd_dx_define_streamoutput() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can perform a denial of service (DoS) attack.
87) Information disclosure (CVE-ID: CVE-2024-26973)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the fat_encode_fh_nostale() function in fs/fat/nfs.c. A local user can gain access to sensitive information.
88) Out-of-bounds read (CVE-ID: CVE-2024-27029)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mmhub_v3_3_print_l2_protection_fault_status() function in drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c. A local user can perform a denial of service (DoS) attack.
89) Input validation error (CVE-ID: CVE-2024-35831)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the __io_uaddr_map() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
90) Use-after-free (CVE-ID: CVE-2024-26892)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the mt792x_irq_handler() function in drivers/net/wireless/mediatek/mt76/mt792x_dma.c, within the mt7921_pci_remove() function in drivers/net/wireless/mediatek/mt76/mt7921/pci.c. A local user can escalate privileges on the system.
91) Memory leak (CVE-ID: CVE-2024-26888)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the msft_add_address_filter_sync() function in net/bluetooth/msft.c. A local user can perform a denial of service (DoS) attack.
92) Memory leak (CVE-ID: CVE-2024-27074)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the go7007_load_encoder() function in drivers/media/usb/go7007/go7007-driver.c. A local user can perform a denial of service (DoS) attack.
93) Incorrect calculation (CVE-ID: CVE-2024-35844)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the reserve_compress_blocks(), f2fs_reserve_compress_blocks() and mnt_drop_write_file() functions in fs/f2fs/file.c. A local user can perform a denial of service (DoS) attack.
94) Resource management error (CVE-ID: CVE-2024-26938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the intel_bios_encoder_supports_dp_dual_mode() function in drivers/gpu/drm/i915/display/intel_bios.c. A local user can perform a denial of service (DoS) attack.
95) Information disclosure (CVE-ID: CVE-2024-26953)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp6_output_tail() functions in net/ipv6/esp6.c, within the esp_req_sg(), esp_ssg_unref(), esp_output_done() and esp_output_tail() functions in net/ipv4/esp4.c. A local user can gain access to sensitive information.
96) Memory leak (CVE-ID: CVE-2024-27391)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the wilc_netdev_ifc_init() function in drivers/net/wireless/microchip/wilc1000/netdev.c, within the wilc_cfg80211_init() function in drivers/net/wireless/microchip/wilc1000/cfg80211.c. A local user can perform a denial of service (DoS) attack.
97) Use-after-free (CVE-ID: CVE-2024-35843)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prq_event_thread() function in drivers/iommu/intel/svm.c, within the intel_iommu_release_device() function in drivers/iommu/intel/iommu.c, within the alloc_iommu() function in drivers/iommu/intel/dmar.c. A local user can escalate privileges on the system.
98) NULL pointer dereference (CVE-ID: CVE-2024-27040)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the edp_set_replay_allow_active() function in drivers/gpu/drm/amd/display/dc/link/protocols/link_edp_panel_control.c. A local user can perform a denial of service (DoS) attack.
99) Use-after-free (CVE-ID: CVE-2024-26875)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the pvr2_context_exit() function in drivers/media/usb/pvrusb2/pvrusb2-context.c. A local user can escalate privileges on the system.
100) Resource management error (CVE-ID: CVE-2024-27026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmxnet3_process_xdp() function in drivers/net/vmxnet3/vmxnet3_xdp.c. A local user can perform a denial of service (DoS) attack.
101) NULL pointer dereference (CVE-ID: CVE-2024-26978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the max310x_i2c_slave_addr() function in drivers/tty/serial/max310x.c. A local user can perform a denial of service (DoS) attack.
102) Use of uninitialized resource (CVE-ID: CVE-2024-26882)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to use of uninitialized resource within the ip_tunnel_rcv() function in net/ipv4/ip_tunnel.c. A local user can execute arbitrary code.
103) Information disclosure (CVE-ID: CVE-2023-52652)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the pci_vntb_probe() function in drivers/pci/endpoint/functions/pci-epf-vntb.c, within the EXPORT_SYMBOL() and ntb_register_device() functions in drivers/ntb/core.c. A local user can gain access to sensitive information.
104) Memory leak (CVE-ID: CVE-2023-52662)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the vmw_gmrid_man_get_node() function in drivers/gpu/drm/vmwgfx/vmwgfx_gmrid_manager.c. A local user can perform a denial of service (DoS) attack.
105) Resource management error (CVE-ID: CVE-2024-26963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dwc3_ti_remove_core() and dwc3_ti_remove() functions in drivers/usb/dwc3/dwc3-am62.c. A local user can perform a denial of service (DoS) attack.
106) Improper locking (CVE-ID: CVE-2024-26962)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the make_stripe_request(), raid5_make_request(), raid5_start() and raid5_init() functions in drivers/md/raid5.c, within the is_suspended() and md_account_bio() functions in drivers/md/md.c, within the raid_map(), raid_message(), raid_presuspend() and raid_resume() functions in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
107) NULL pointer dereference (CVE-ID: CVE-2024-27051)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the brcm_avs_is_firmware_loaded() function in drivers/cpufreq/brcmstb-avs-cpufreq.c. A local user can perform a denial of service (DoS) attack.
108) Memory leak (CVE-ID: CVE-2024-27068)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lvts_calibration_read() function in drivers/thermal/mediatek/lvts_thermal.c. A local user can perform a denial of service (DoS) attack.
109) NULL pointer dereference (CVE-ID: CVE-2024-26881)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hclge_ptp_get_rx_hwts() function in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_ptp.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2024-35800)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the generic_ops_supported() function in drivers/firmware/efi/efi.c. A local user can perform a denial of service (DoS) attack.
111) NULL pointer dereference (CVE-ID: CVE-2024-26964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the xhci_map_temp_buffer() function in drivers/usb/host/xhci.c. A local user can perform a denial of service (DoS) attack.
112) Resource management error (CVE-ID: CVE-2024-27389)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the pstore_put_backend_records() function in fs/pstore/inode.c. A local user can perform a denial of service (DoS) attack.
113) Use-after-free (CVE-ID: CVE-2024-27043)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the dvb_register_device() function in drivers/media/dvb-core/dvbdev.c. A local user can escalate privileges on the system.
114) Information disclosure (CVE-ID: CVE-2024-26901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to information disclosure within the do_sys_name_to_handle() function in fs/fhandle.c. A local user can perform a denial of service (DoS) attack.
115) Division by zero (CVE-ID: CVE-2024-26941)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the drm_dp_bw_overhead() function in drivers/gpu/drm/display/drm_dp_helper.c. A local user can perform a denial of service (DoS) attack.
116) Race condition (CVE-ID: CVE-2024-35798)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the read_extent_buffer_pages() function in fs/btrfs/extent_io.c. A local user can escalate privileges on the system.
117) Input validation error (CVE-ID: CVE-2024-35799)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dce110_disable_stream() function in drivers/gpu/drm/amd/display/dc/dce110/dce110_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
118) Out-of-bounds read (CVE-ID: CVE-2024-26952)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds read error within the smb2_tree_connect(), smb2_open(), smb2_query_dir(), smb2_get_ea(), smb2_set_info_file(), smb2_set_info(), fsctl_pipe_transceive() and smb2_ioctl() functions in fs/smb/server/smb2pdu.c, within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can execute arbitrary code.
119) Race condition (CVE-ID: CVE-2024-26654)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in sound/sh/aica.c. A local user can exploit the race and escalate privileges on the system.
120) NULL pointer dereference (CVE-ID: CVE-2024-27046)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nfp_fl_lag_do_work() function in drivers/net/ethernet/netronome/nfp/flower/lag_conf.c. A local user can perform a denial of service (DoS) attack.
121) Buffer overflow (CVE-ID: CVE-2024-35810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the vmw_du_cursor_mob_size() and vmw_du_cursor_plane_cleanup_fb() functions in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c. A local user can perform a denial of service (DoS) attack.
122) Out-of-bounds read (CVE-ID: CVE-2024-27050)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bpf_xdp_query() function in tools/lib/bpf/netlink.c. A local user can perform a denial of service (DoS) attack.
123) Resource management error (CVE-ID: CVE-2024-27063)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the netdev_trig_notify() function in drivers/leds/trigger/ledtrig-netdev.c. A local user can perform a denial of service (DoS) attack.
124) Out-of-bounds read (CVE-ID: CVE-2024-26954)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_get_data_area_len() function in fs/smb/server/smb2misc.c. A local user can perform a denial of service (DoS) attack.
125) Buffer overflow (CVE-ID: CVE-2024-26884)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the htab_map_alloc() function in kernel/bpf/hashtab.c on 32-bit platforms. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
126) NULL pointer dereference (CVE-ID: CVE-2024-27047)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the phy_get_internal_delay() function in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
127) Double free (CVE-ID: CVE-2024-26932)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the tcpm_port_unregister_pd() function in drivers/usb/typec/tcpm/tcpm.c. A local user can execute arbitrary code.
128) Buffer overflow (CVE-ID: CVE-2024-26883)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the stack_map_alloc() function in kernel/bpf/stackmap.c on a 32-bit platform. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
129) NULL pointer dereference (CVE-ID: CVE-2024-26943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nouveau_dmem_evict_chunk() function in drivers/gpu/drm/nouveau/nouveau_dmem.c. A local user can perform a denial of service (DoS) attack.
130) Unchecked Return Value (CVE-ID: CVE-2024-26651)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing check of the return value from the usbnet_get_endpoints() function in drivers/net/usb/sr9800.c. A local user can crash the kernel.
131) Out-of-bounds read (CVE-ID: CVE-2024-26815)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the NLA_POLICY_MAX() function in net/sched/sch_taprio.c. A local user can perform a denial of service (DoS) attack.
132) Input validation error (CVE-ID: CVE-2024-26948)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the dc_state_free() function in drivers/gpu/drm/amd/display/dc/core/dc_state.c. A local user can perform a denial of service (DoS) attack.
133) Information disclosure (CVE-ID: CVE-2024-27066)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the virtqueue_add_indirect_packed(), virtqueue_add_packed() and detach_buf_packed() functions in drivers/virtio/virtio_ring.c. A local user can gain access to sensitive information.
134) NULL pointer dereference (CVE-ID: CVE-2024-27037)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the SLCR_SWDT_CLK_SEL() and zynq_clk_setup() functions in drivers/clk/zynq/clkc.c. A local user can perform a denial of service (DoS) attack.
135) Improper locking (CVE-ID: CVE-2024-35806)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qm_congestion_task() and qman_create_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
136) Improper locking (CVE-ID: CVE-2024-26869)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the f2fs_inplace_write_data() and f2fs_wait_on_block_writeback_range() functions in fs/f2fs/segment.c, within the do_checkpoint() function in fs/f2fs/checkpoint.c. A local user can perform a denial of service (DoS) attack.
137) NULL pointer dereference (CVE-ID: CVE-2024-26878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dquot_mark_dquot_dirty(), __dquot_alloc_space(), dquot_alloc_inode(), EXPORT_SYMBOL(), dquot_claim_space_nodirty(), dquot_reclaim_space_nodirty(), __dquot_free_space(), dquot_free_inode() and __dquot_transfer() functions in fs/quota/dquot.c. A local user can perform a denial of service (DoS) attack.
138) Improper locking (CVE-ID: CVE-2024-26810)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_pci_intx_mask(), vfio_pci_intx_unmask_handler(), vfio_pci_set_intx_unmask() and vfio_pci_set_intx_mask() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
139) Out-of-bounds read (CVE-ID: CVE-2024-35797)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the filemap_cachestat() function in mm/filemap.c. A local user can perform a denial of service (DoS) attack.
140) Memory leak (CVE-ID: CVE-2024-27073)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the budget_av_attach() function in drivers/media/pci/ttpci/budget-av.c. A local user can perform a denial of service (DoS) attack.
141) Improper locking (CVE-ID: CVE-2024-26812)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the vfio_send_intx_eventfd(), vfio_intx_handler() and vfio_pci_set_intx_trigger() functions in drivers/vfio/pci/vfio_pci_intrs.c. A local user can perform a denial of service (DoS) attack.
142) Improper locking (CVE-ID: CVE-2024-26933)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the disable_show() and disable_store() functions in drivers/usb/core/port.c. A local user can execute arbitrary code.
143) Improper resource shutdown or release (CVE-ID: CVE-2024-26809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the nft_pipapo_destroy() function in net/netfilter/nft_set_pipapo.c. A local user can perform a denial of service (DoS) attack.
144) Memory leak (CVE-ID: CVE-2024-26894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the acpi_processor_power_exit() function in drivers/acpi/processor_idle.c. A local user can perform a denial of service (DoS) attack.
145) Incorrect calculation (CVE-ID: CVE-2024-35813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the __mmc_blk_ioctl_cmd() function in drivers/mmc/core/block.c. A local user can perform a denial of service (DoS) attack.
146) Input validation error (CVE-ID: CVE-2024-27033)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the fs/f2fs/f2fs.h. A local user can perform a denial of service (DoS) attack.
147) Improper Initialization (CVE-ID: CVE-2024-26876)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the adv7511_probe() function in drivers/gpu/drm/bridge/adv7511/adv7511_drv.c. A local user can perform a denial of service (DoS) attack.
148) Memory leak (CVE-ID: CVE-2024-27076)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the ipu_csc_scaler_release() function in drivers/staging/media/imx/imx-media-csc-scaler.c. A local user can perform a denial of service (DoS) attack.
149) Buffer overflow (CVE-ID: CVE-2024-27045)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the dp_dsc_clock_en_read() function in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c. A local user can escalate privileges on the system.
150) NULL pointer dereference (CVE-ID: CVE-2024-27079)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the intel_pasid_setup_nested() function in drivers/iommu/intel/pasid.c, within the domain_context_clear() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
151) Race condition within a thread (CVE-ID: CVE-2024-26861)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the decrypt_packet(), counter_validate() and wg_packet_rx_poll() functions in drivers/net/wireguard/receive.c. A local user can manipulate data.
152) Use-after-free (CVE-ID: CVE-2024-26957)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the zcrypt_pick_queue() and zcrypt_drop_queue() functions in drivers/s390/crypto/zcrypt_api.c. A local user can escalate privileges on the system.
153) Information disclosure (CVE-ID: CVE-2024-26864)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sock_prot_inuse_add() function in net/ipv4/inet_hashtables.c. A local user can gain access to sensitive information.
154) Use-after-free (CVE-ID: CVE-2024-26866)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the fsl_lpspi_probe() function in drivers/spi/spi-fsl-lpspi.c. A local user can escalate privileges on the system.
155) Resource management error (CVE-ID: CVE-2024-35814)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to double allocation of slots within the swiotlb_area_find_slots() function in kernel/dma/swiotlb.c. A local user can perform a denial of service (DoS) attack.
156) NULL pointer dereference (CVE-ID: CVE-2024-26813)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vfio_platform_set_irq_unmask(), vfio_automasked_irq_handler(), vfio_irq_handler(), vfio_set_trigger(), vfio_platform_set_irq_trigger(), vfio_platform_set_irqs_ioctl(), vfio_platform_irq_init() and vfio_platform_irq_cleanup() functions in drivers/vfio/platform/vfio_platform_irq.c. A local user can perform a denial of service (DoS) attack.
157) Memory leak (CVE-ID: CVE-2024-27388)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the gssx_dec_option_array() function in net/sunrpc/auth_gss/gss_rpc_xdr.c. A local user can perform a denial of service (DoS) attack.
158) Out-of-bounds read (CVE-ID: CVE-2024-27042)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the amdgpu_discovery_reg_base_init() function in drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c. A local user can perform a denial of service (DoS) attack.
159) Race condition within a thread (CVE-ID: CVE-2024-26862)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the packet_setsockopt() and packet_getsockopt() functions in net/packet/af_packet.c, within the dev_queue_xmit_nit() function in net/core/dev.c. A local user can manipulate data.
160) Out-of-bounds read (CVE-ID: CVE-2024-26968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq9574.c. A local user can perform a denial of service (DoS) attack.
161) Resource management error (CVE-ID: CVE-2024-26940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmw_debugfs_resource_managers_init() function in drivers/gpu/drm/vmwgfx/vmwgfx_drv.c. A local user can perform a denial of service (DoS) attack.
162) Incorrect calculation (CVE-ID: CVE-2024-27027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dpll_xa_ref_pin_del() and dpll_xa_ref_dpll_del() functions in drivers/dpll/dpll_core.c. A local user can perform a denial of service (DoS) attack.
163) Improper locking (CVE-ID: CVE-2024-35793)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __debugfs_file_removed() function in fs/debugfs/inode.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2024-35874)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the aio_complete() function in fs/aio.c. A local user can perform a denial of service (DoS) attack.
165) Resource management error (CVE-ID: CVE-2024-27035)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in fs/f2fs/compress.c. A local user can perform a denial of service (DoS) attack.
166) Use-after-free (CVE-ID: CVE-2024-26958)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the , within the wait_on_commit() function in fs/nfs/write.c, within the nfs_direct_commit_schedule() function in fs/nfs/direct.c. A local user can escalate privileges on the system.
167) Memory leak (CVE-ID: CVE-2024-26887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the btusb_recv_acl_mtk() function in drivers/bluetooth/btusb.c, within the btmtk_process_coredump() function in drivers/bluetooth/btmtk.c. A local user can perform a denial of service (DoS) attack.
168) Improper error handling (CVE-ID: CVE-2024-35809)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the pci_device_remove() function in drivers/pci/pci-driver.c. A local user can perform a denial of service (DoS) attack.
169) Double free (CVE-ID: CVE-2024-26930)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a double free error within the kfree() function in drivers/scsi/qla2xxx/qla_os.c. A local user can execute arbitrary code.
170) Improper locking (CVE-ID: CVE-2024-35819)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qman_create_portal(), qm_congestion_task(), qman_create_cgr(), qman_delete_cgr() and qman_update_cgr() functions in drivers/soc/fsl/qbman/qman.c. A local user can perform a denial of service (DoS) attack.
171) Double free (CVE-ID: CVE-2024-27392)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a double free error within the ns_update_nuse() function in drivers/nvme/host/sysfs.c. A local user can perform a denial of service (DoS) attack.
172) Improper locking (CVE-ID: CVE-2024-35808)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the raid_message() function in drivers/md/dm-raid.c. A local user can perform a denial of service (DoS) attack.
173) Infinite loop (CVE-ID: CVE-2023-52644)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the b43_dma_tx() and b43_dma_handle_txstatus() functions in drivers/net/wireless/broadcom/b43/dma.c. A local user can perform a denial of service (DoS) attack.
174) Memory leak (CVE-ID: CVE-2024-35828)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lbs_allocate_cmd_buffer() function in drivers/net/wireless/marvell/libertas/cmd.c. A local user can perform a denial of service (DoS) attack.
175) NULL pointer dereference (CVE-ID: CVE-2024-26657)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in drivers/gpu/drm/scheduler/sched_entity.c. A local user can send an amdgpu_cs_wait_ioctl to the AMDGPU DRM driver on any ASICs with valid context and perform a denial of service (DoS) attack.
176) Out-of-bounds read (CVE-ID: CVE-2024-26969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq8074.c. A local user can perform a denial of service (DoS) attack.
177) Input validation error (CVE-ID: CVE-2024-27434)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iwl_mvm_get_sec_flags() function in drivers/net/wireless/intel/iwlwifi/mvm/mld-key.c. A local user can perform a denial of service (DoS) attack.
178) Improper locking (CVE-ID: CVE-2024-35821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the write_begin_slow(), ubifs_write_begin() and ubifs_write_end() functions in fs/ubifs/file.c. A local user can perform a denial of service (DoS) attack.
179) Memory leak (CVE-ID: CVE-2023-52663)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the amd_sof_acp_probe() function in sound/soc/sof/amd/acp.c. A local user can perform a denial of service (DoS) attack.
180) Memory leak (CVE-ID: CVE-2024-27078)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tpg_alloc() function in drivers/media/common/v4l2-tpg/v4l2-tpg-core.c. A local user can perform a denial of service (DoS) attack.
181) Resource management error (CVE-ID: CVE-2024-35787)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __write_sb_page(), filemap_write_page(), md_bitmap_file_set_bit() and md_bitmap_file_clear_bit() functions in drivers/md/md-bitmap.c. A local user can perform a denial of service (DoS) attack.
182) NULL pointer dereference (CVE-ID: CVE-2024-27044)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the dcn10_set_output_transfer_func() function in drivers/gpu/drm/amd/display/dc/dcn10/dcn10_hw_sequencer.c. A local user can perform a denial of service (DoS) attack.
183) Improper locking (CVE-ID: CVE-2024-26848)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the afs_dir_iterate_block() function in fs/afs/dir.c. A local user can perform a denial of service (DoS) attack.
184) Improper error handling (CVE-ID: CVE-2024-26955)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the nilfs_get_block() function in fs/nilfs2/inode.c. A local user can perform a denial of service (DoS) attack.
185) Improper locking (CVE-ID: CVE-2024-26899)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the DEFINE_MUTEX(), bd_link_disk_holder(), kfree() and bd_unlink_disk_holder() functions in block/holder.c. A local user can perform a denial of service (DoS) attack.
186) Memory leak (CVE-ID: CVE-2024-27077)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the v4l2_m2m_register_entity() function in drivers/media/v4l2-core/v4l2-mem2mem.c. A local user can perform a denial of service (DoS) attack.
187) NULL pointer dereference (CVE-ID: CVE-2024-26897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ath9k_wmi_event_tasklet() function in drivers/net/wireless/ath/ath9k/wmi.c, within the ath9k_tx_init() function in drivers/net/wireless/ath/ath9k/htc_drv_txrx.c, within the ath9k_htc_probe_device() function in drivers/net/wireless/ath/ath9k/htc_drv_init.c. A local user can perform a denial of service (DoS) attack.
188) Division by zero (CVE-ID: CVE-2024-26945)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the save_iaa_wq() and remove_iaa_wq() functions in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.
189) Buffer overflow (CVE-ID: CVE-2024-26885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the dev_map_init_map() function in kernel/bpf/devmap.c. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
190) Reachable assertion (CVE-ID: CVE-2024-27069)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to reachable assertion within the ovl_verify_area() function in fs/overlayfs/copy_up.c. A local user can perform a denial of service (DoS) attack.
191) Use-after-free (CVE-ID: CVE-2024-27070)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the f2fs_filemap_fault() function in fs/f2fs/file.c. A local user can escalate privileges on the system.
192) Incorrect calculation (CVE-ID: CVE-2024-27054)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the dasd_generic_set_online() function in drivers/s390/block/dasd.c. A local user can perform a denial of service (DoS) attack.
193) Improper locking (CVE-ID: CVE-2024-35795)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_debugfs_mqd_read() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c. A local user can perform a denial of service (DoS) attack.
194) Resource management error (CVE-ID: CVE-2024-35817)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the amdgpu_ttm_gart_bind() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c. A local user can perform a denial of service (DoS) attack.
195) Integer underflow (CVE-ID: CVE-2024-35827)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the io_recvmsg_mshot_prep() function in io_uring/net.c. A local user can execute arbitrary code.
196) Use-after-free (CVE-ID: CVE-2024-26656)
The vulnerability allows a local user to crash the kernel.
The vulnerability exists due to a use-after-free error in drivers/gpu/drm/amd/amdgpu/amdgpu_hmm.c. A local user can send a single amdgpu_gem_userptr_ioctl
to the AMDGPU DRM driver on any ASICs with an invalid address and size and perform a denial of service (DoS) attack.
197) Memory leak (CVE-ID: CVE-2024-26860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dm_integrity_rw_tag() function in drivers/md/dm-integrity.c. A local user can perform a denial of service (DoS) attack.
198) NULL pointer dereference (CVE-ID: CVE-2024-26942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the at8031_parse_dt() and at8031_probe() functions in drivers/net/phy/at803x.c. A local user can perform a denial of service (DoS) attack.
199) Input validation error (CVE-ID: CVE-2023-52659)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the arch/x86/include/asm/page.h. A local user can perform a denial of service (DoS) attack.
200) Use-after-free (CVE-ID: CVE-2024-26865)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcp_twsk_purge() function in net/ipv4/tcp_minisocks.c. A local user can escalate privileges on the system.
201) NULL pointer dereference (CVE-ID: CVE-2024-26868)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ff_layout_cancel_io() function in fs/nfs/flexfilelayout/flexfilelayout.c. A local user can perform a denial of service (DoS) attack.
202) Use-after-free (CVE-ID: CVE-2024-26947)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the __sync_icache_dcache() function in arch/arm/mm/flush.c. A local user can escalate privileges on the system.
203) Out-of-bounds read (CVE-ID: CVE-2024-35788)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the dcn35_clk_mgr_helper_populate_bw_params() function in drivers/gpu/drm/amd/display/dc/clk_mgr/dcn35/dcn35_clk_mgr.c. A local user can perform a denial of service (DoS) attack.
204) NULL pointer dereference (CVE-ID: CVE-2024-26950)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the get_peer() function in drivers/net/wireguard/netlink.c. A local user can perform a denial of service (DoS) attack.
205) Race condition (CVE-ID: CVE-2024-27030)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the rvu_queue_work(), rvu_mbox_intr_handler() and rvu_register_interrupts() functions in drivers/net/ethernet/marvell/octeontx2/af/rvu.c. A local user can escalate privileges on the system.
206) NULL pointer dereference (CVE-ID: CVE-2024-26949)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the smu_v13_0_7_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_7_ppt.c, within the smu_v13_0_0_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_0_ppt.c, within the sienna_cichlid_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/sienna_cichlid_ppt.c, within the navi10_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/navi10_ppt.c, within the arcturus_get_power_limit() function in drivers/gpu/drm/amd/pm/swsmu/smu11/arcturus_ppt.c. A local user can perform a denial of service (DoS) attack.
207) Memory leak (CVE-ID: CVE-2024-26900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.
208) Out-of-bounds read (CVE-ID: CVE-2024-26971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq5018.c. A local user can perform a denial of service (DoS) attack.
209) Improper locking (CVE-ID: CVE-2024-35805)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the dm_exception_table_exit() function in drivers/md/dm-snap.c. A local user can perform a denial of service (DoS) attack.
210) Memory leak (CVE-ID: CVE-2024-26977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci_iounmap() function in lib/pci_iomap.c. A local user can perform a denial of service (DoS) attack.
211) Use-after-free (CVE-ID: CVE-2024-26944)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_load_block_group_zone_info(), bitmap_free() and do_zone_finish() functions in fs/btrfs/zoned.c. A local user can escalate privileges on the system.
212) Infinite loop (CVE-ID: CVE-2024-27036)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the cifs_partialpagewrite(), cifs_extend_writeback(), cifs_write_back_from_locked_folio(), cifs_writepages_region() and cifs_writepages() functions in fs/smb/client/file.c. A local user can perform a denial of service (DoS) attack.
213) Out-of-bounds read (CVE-ID: CVE-2024-26965)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/mmcc-msm8974.c. A local user can perform a denial of service (DoS) attack.
214) Improper locking (CVE-ID: CVE-2024-26891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the devtlb_invalidation_with_pasid() function in drivers/iommu/intel/pasid.c. A local user can perform a denial of service (DoS) attack.
215) NULL pointer dereference (CVE-ID: CVE-2024-27071)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the hx8357_probe() function in drivers/video/backlight/hx8357.c. A local user can perform a denial of service (DoS) attack.
216) Stack-based buffer overflow (CVE-ID: CVE-2024-27075)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to stack overflow within the stv0367_writeregs() function in drivers/media/dvb-frontends/stv0367.c. A local user can perform a denial of service (DoS) attack.
217) Improper locking (CVE-ID: CVE-2024-27072)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the usbtv_video_free() function in drivers/media/usb/usbtv/usbtv-video.c. A local user can perform a denial of service (DoS) attack.
218) Resource management error (CVE-ID: CVE-2024-35830)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the tc358743_probe() function in drivers/media/i2c/tc358743.c. A local user can perform a denial of service (DoS) attack.
219) Use-after-free (CVE-ID: CVE-2024-27052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
220) Out-of-bounds read (CVE-ID: CVE-2024-26970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the F() function in drivers/clk/qcom/gcc-ipq6018.c. A local user can perform a denial of service (DoS) attack.
221) Improper locking (CVE-ID: CVE-2024-27031)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the nfs_netfs_issue_read() function in fs/nfs/fscache.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.