SB20240711232 - Ubuntu update for linux
Published: July 11, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 179 secuirty vulnerabilities.
1) Race condition (CVE-ID: CVE-2024-24857)
The vulnerability allows a remote non-authenticated attacker to damange or delete data.
A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.
2) Race condition (CVE-ID: CVE-2024-24858)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.
3) Race condition (CVE-ID: CVE-2024-24859)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.
4) Out-of-bounds read (CVE-ID: CVE-2024-35967)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the sco_sock_setsockopt() function in net/bluetooth/sco.c. A local user can perform a denial of service (DoS) attack.
5) Infinite loop (CVE-ID: CVE-2024-35886)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the inet6_dump_fib() function in net/ipv6/ip6_fib.c. A local user can perform a denial of service (DoS) attack.
6) Improper locking (CVE-ID: CVE-2024-26999)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pmz_receive_chars() function in drivers/tty/serial/pmac_zilog.c. A local user can perform a denial of service (DoS) attack.
7) Out-of-bounds read (CVE-ID: CVE-2024-27008)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the apply_dcb_encoder_quirks() and fabricate_dcb_encoder_table() functions in drivers/gpu/drm/nouveau/nouveau_bios.c. A local user can perform a denial of service (DoS) attack.
8) Buffer overflow (CVE-ID: CVE-2024-26988)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the setup_command_line() function in init/main.c. A local user can escalate privileges on the system.
9) Integer underflow (CVE-ID: CVE-2024-35980)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the arch/arm64/include/asm/tlbflush.h. A local user can execute arbitrary code.
10) Input validation error (CVE-ID: CVE-2024-26982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the squashfs_new_inode() function in fs/squashfs/inode.c. A local user can perform a denial of service (DoS) attack.
11) NULL pointer dereference (CVE-ID: CVE-2024-35946)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the rtw89_ops_bss_info_changed() and rtw89_ops_remain_on_channel() functions in drivers/net/wireless/realtek/rtw89/mac80211.c. A local user can perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2024-35918)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the include/linux/randomize_kstack.h. A local user can perform a denial of service (DoS) attack.
13) Input validation error (CVE-ID: CVE-2024-27015)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_tuple_encap() function in net/netfilter/nf_flow_table_ip.c. A local user can perform a denial of service (DoS) attack.
14) Incorrect calculation (CVE-ID: CVE-2024-35900)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the nf_tables_addchain() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
15) Resource management error (CVE-ID: CVE-2024-35942)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the drivers/pmdomain/imx/imx8mp-blk-ctrl.c. A local user can perform a denial of service (DoS) attack.
16) Memory leak (CVE-ID: CVE-2024-35879)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pr_fmt() and of_changeset_destroy() functions in drivers/of/dynamic.c. A local user can perform a denial of service (DoS) attack.
17) Improper locking (CVE-ID: CVE-2024-35961)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5_sf_dev_remove() function in drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c, within the mlx5_init_one_devl_locked(), mlx5_init_one(), mlx5_uninit_one(), mlx5_init_one_light(), mlx5_uninit_one_light(), probe_one() and remove_one() functions in drivers/net/ethernet/mellanox/mlx5/core/main.c. A local user can perform a denial of service (DoS) attack.
18) Resource management error (CVE-ID: CVE-2024-35944)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the dg_dispatch_as_host() function in drivers/misc/vmw_vmci/vmci_datagram.c. A local user can perform a denial of service (DoS) attack.
19) Improper locking (CVE-ID: CVE-2024-35934)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the smc_pnet_create_pnetids_list() function in net/smc/smc_pnet.c. A local user can perform a denial of service (DoS) attack.
20) Memory leak (CVE-ID: CVE-2024-35978)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hci_req_sync_complete() function in net/bluetooth/hci_request.c. A local user can perform a denial of service (DoS) attack.
21) Buffer overflow (CVE-ID: CVE-2024-35938)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ARRAY_SIZE() function in drivers/net/wireless/ath/ath11k/mhi.c. A local user can perform a denial of service (DoS) attack.
22) Improper locking (CVE-ID: CVE-2024-27003)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the clk_summary_show_subtree(), clk_summary_show() and clk_dump_show() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
23) Out-of-bounds read (CVE-ID: CVE-2024-35976)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the xsk_setsockopt() function in net/xdp/xsk.c. A local user can perform a denial of service (DoS) attack.
24) Out-of-bounds read (CVE-ID: CVE-2024-36019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the regcache_maple_drop() function in drivers/base/regmap/regcache-maple.c. A local user can perform a denial of service (DoS) attack.
25) Improper locking (CVE-ID: CVE-2024-35880)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __io_remove_buffers() and io_unregister_pbuf_ring() functions in io_uring/kbuf.c, within the io_uring_validate_mmap_request() function in io_uring/io_uring.c. A local user can perform a denial of service (DoS) attack.
26) Use-after-free (CVE-ID: CVE-2024-35866)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_dump_full_key() function in fs/smb/client/ioctl.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
27) Memory leak (CVE-ID: CVE-2024-35929)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kernel/rcu/tree_nocb.h. A local user can perform a denial of service (DoS) attack.
28) NULL pointer dereference (CVE-ID: CVE-2024-35917)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the bpf_skip(), asm(), bpf_jit_epilogue(), bpf_int_jit_compile(), bpf_jit_supports_far_kfunc_call() and bpf_arch_text_poke() functions in arch/s390/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
29) Memory leak (CVE-ID: CVE-2024-35912)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iwl_rfi_get_freq_table() function in drivers/net/wireless/intel/iwlwifi/mvm/rfi.c. A local user can perform a denial of service (DoS) attack.
30) Out-of-bounds read (CVE-ID: CVE-2024-35896)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the do_replace() and compat_do_replace() functions in net/ipv6/netfilter/ip6_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/ip_tables.c, within the do_replace() and compat_do_replace() functions in net/ipv4/netfilter/arp_tables.c, within the do_replace(), update_counters() and compat_update_counters() functions in net/bridge/netfilter/ebtables.c. A local user can perform a denial of service (DoS) attack.
31) Memory leak (CVE-ID: CVE-2024-26986)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the kfd_create_process() function in drivers/gpu/drm/amd/amdkfd/kfd_process.c. A local user can perform a denial of service (DoS) attack.
32) Improper resource shutdown or release (CVE-ID: CVE-2024-35951)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to failure to properly release resources within the panfrost_mmu_map_fault_addr() and sg_free_table() functions in drivers/gpu/drm/panfrost/panfrost_mmu.c. A local user can perform a denial of service (DoS) attack.
33) Resource management error (CVE-ID: CVE-2024-35958)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the ena_unmap_tx_buff() and ena_free_tx_bufs() functions in drivers/net/ethernet/amazon/ena/ena_netdev.c. A local user can perform a denial of service (DoS) attack.
34) Input validation error (CVE-ID: CVE-2024-26997)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the dwc2_cmpl_host_isoc_dma_desc() function in drivers/usb/dwc2/hcd_ddma.c in DDMA completion flow. A local user can perform a denial of service (DoS) attack.
35) Input validation error (CVE-ID: CVE-2024-35965)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the l2cap_sock_setsockopt_old() and l2cap_sock_setsockopt() functions in net/bluetooth/l2cap_sock.c. A local user can perform a denial of service (DoS) attack.
36) Improper locking (CVE-ID: CVE-2024-35953)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ivpu_dev_init() function in drivers/accel/ivpu/ivpu_drv.c. A local user can perform a denial of service (DoS) attack.
37) Information disclosure (CVE-ID: CVE-2024-26993)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
38) Out-of-bounds read (CVE-ID: CVE-2024-26991)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the kvm_arch_post_set_memory_attributes() function in arch/x86/kvm/mmu/mmu.c. A local user can perform a denial of service (DoS) attack.
39) Improper locking (CVE-ID: CVE-2024-35892)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qdisc_tree_reduce_backlog() function in net/sched/sch_api.c. A local user can perform a denial of service (DoS) attack.
40) Resource management error (CVE-ID: CVE-2024-36026)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the smu_v13_0_4_system_features_control() function in drivers/gpu/drm/amd/pm/swsmu/smu13/smu_v13_0_4_ppt.c. A local user can perform a denial of service (DoS) attack.
41) Memory leak (CVE-ID: CVE-2024-35882)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the svc_tcp_sendmsg() function in net/sunrpc/svcsock.c. A local user can perform a denial of service (DoS) attack.
42) Input validation error (CVE-ID: CVE-2024-35964)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the iso_sock_setsockopt() function in net/bluetooth/iso.c. A local user can perform a denial of service (DoS) attack.
43) Use-after-free (CVE-ID: CVE-2024-35865)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_oplock_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
44) Resource management error (CVE-ID: CVE-2024-35897)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the nf_tables_table_disable() and nf_tables_updtable() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
45) Out-of-bounds read (CVE-ID: CVE-2024-26981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the nilfs_type_by_mode[() function in fs/nilfs2/dir.c. A local user can perform a denial of service (DoS) attack.
46) Resource management error (CVE-ID: CVE-2024-35872)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the include/linux/secretmem.h. A local user can perform a denial of service (DoS) attack.
47) Buffer overflow (CVE-ID: CVE-2024-36027)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the btrfs_clear_buffer_dirty() function in fs/btrfs/extent_io.c. A local user can perform a denial of service (DoS) attack.
48) Use-after-free (CVE-ID: CVE-2024-26983)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xbc_alloc_mem(), xbc_parse_tree() and xbc_init() functions in lib/bootconfig.c. A local user can escalate privileges on the system.
49) Buffer overflow (CVE-ID: CVE-2024-35909)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the t7xx_pcie_mac_atr_tables_dis() and t7xx_pcie_mac_atr_cfg() functions in drivers/net/wwan/t7xx/t7xx_pcie_mac.c, within the t7xx_cldma_gpd_rx_from_q() and t7xx_cldma_txq_empty_hndl() functions in drivers/net/wwan/t7xx/t7xx_hif_cldma.c, within the t7xx_cldma_tx_addr_is_set() and t7xx_cldma_hw_set_start_addr() functions in drivers/net/wwan/t7xx/t7xx_cldma.c. A local user can escalate privileges on the system.
50) Out-of-bounds read (CVE-ID: CVE-2024-35985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the avg_vruntime() and reweight_eevdf() functions in kernel/sched/fair.c. A local user can perform a denial of service (DoS) attack.
51) Input validation error (CVE-ID: CVE-2024-35875)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the setup_arch() function in arch/x86/kernel/setup.c, within the cc_mkdec() function in arch/x86/coco/core.c. A local user can perform a denial of service (DoS) attack.
52) Improper error handling (CVE-ID: CVE-2024-35890)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the skb_gro_receive_list() and skb_gro_receive() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.
53) Input validation error (CVE-ID: CVE-2024-26922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the amdgpu_vm_bo_insert_map(), amdgpu_vm_bo_map(), amdgpu_vm_bo_replace_map(), and amdgpu_vm_bo_clear_mappings() functions in drivers/gpu/drm/amd/amdgpu/amdgpu_vm.c. A local user can pass specially crafted input to the driver and perform a denial of service (DoS) attack.
54) Buffer overflow (CVE-ID: CVE-2024-26994)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the get_word() function in drivers/accessibility/speakup/main.c. A local user can perform a denial of service (DoS) attack.
55) Input validation error (CVE-ID: CVE-2024-35903)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the emit_call() function in arch/x86/net/bpf_jit_comp.c. A local user can perform a denial of service (DoS) attack.
56) Improper error handling (CVE-ID: CVE-2024-35936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the mutex_unlock() function in fs/btrfs/volumes.c. A local user can perform a denial of service (DoS) attack.
57) NULL pointer dereference (CVE-ID: CVE-2024-35904)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the init_sel_fs() function in security/selinux/selinuxfs.c. A local user can perform a denial of service (DoS) attack.
58) Improper locking (CVE-ID: CVE-2024-27013)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tun_put_user() function in drivers/net/tun.c. A local user can perform a denial of service (DoS) attack.
59) Off-by-one (CVE-ID: CVE-2024-36025)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the qla_edif_app_getstats() function in drivers/scsi/qla2xxx/qla_edif.c. A local user can perform a denial of service (DoS) attack.
60) Out-of-bounds read (CVE-ID: CVE-2024-26980)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the __handle_ksmbd_work() function in fs/smb/server/server.c. A local user can perform a denial of service (DoS) attack.
61) Input validation error (CVE-ID: CVE-2024-27006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the thermal_debug_tz_trip_up() function in drivers/thermal/thermal_debugfs.c. A local user can perform a denial of service (DoS) attack.
62) Use-after-free (CVE-ID: CVE-2024-35861)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_signal_cifsd_for_reconnect() function in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
63) Use-after-free (CVE-ID: CVE-2024-35864)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_valid_lease_break() function in fs/smb/client/smb2misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
64) Resource management error (CVE-ID: CVE-2024-27018)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to resource management error within the nf_ct_bridge_pre() function in net/bridge/netfilter/nf_conntrack_bridge.c, within the br_nf_local_in() function in net/bridge/br_netfilter_hooks.c, within the br_netif_receive_skb(), br_pass_frame_up(), br_handle_frame_finish() and br_handle_frame() functions in net/bridge/br_input.c. A local user can execute arbitrary code.
65) Improper locking (CVE-ID: CVE-2024-36022)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the amdgpu_drv_delayed_reset_work_handler() function in drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c, within the amdgpu_amdkfd_drm_client_create() function in drivers/gpu/drm/amd/amdgpu/amdgpu_amdkfd.c. A local user can perform a denial of service (DoS) attack.
66) Incorrect calculation (CVE-ID: CVE-2024-26990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the kvm_tdp_mmu_try_split_huge_pages(), kvm_tdp_mmu_clear_dirty_slot() and clear_dirty_pt_masked() functions in arch/x86/kvm/mmu/tdp_mmu.c. A local user can perform a denial of service (DoS) attack.
67) Improper locking (CVE-ID: CVE-2024-35968)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the pdsc_init_pf() function in drivers/net/ethernet/amd/pds_core/main.c, within the pdsc_devcmd_reset() function in drivers/net/ethernet/amd/pds_core/dev.c, within the pdsc_teardown() and pdsc_check_pci_health() functions in drivers/net/ethernet/amd/pds_core/core.c. A local user can perform a denial of service (DoS) attack.
68) Incorrect calculation (CVE-ID: CVE-2024-35860)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation within the bpf_kprobe_multi_link_fill_link_info() and bpf_uprobe_multi_link_dealloc() functions in kernel/trace/bpf_trace.c, within the bpf_link_inc() and bpf_raw_tp_link_fill_link_info() functions in kernel/bpf/syscall.c. A local user can perform a denial of service (DoS) attack.
69) Race condition (CVE-ID: CVE-2024-36024)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the dc_wake_and_execute_dmub_cmd_list() and dc_wake_and_execute_gpint() functions in drivers/gpu/drm/amd/display/dc/dc_dmub_srv.c. A local user can escalate privileges on the system.
70) NULL pointer dereference (CVE-ID: CVE-2024-35933)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the btintel_read_version() function in drivers/bluetooth/btintel.c. A local user can perform a denial of service (DoS) attack.
71) Race condition within a thread (CVE-ID: CVE-2024-27019)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a data race within the __nft_obj_type_get() and nft_obj_type_get() functions in net/netfilter/nf_tables_api.c. A local user can gain access to sensitive information.
72) Division by zero (CVE-ID: CVE-2024-35925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the blk_rq_stat_init() function in block/blk-stat.c. A local user can perform a denial of service (DoS) attack.
73) Use-after-free (CVE-ID: CVE-2024-35950)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drm_client_modeset_probe() function in drivers/gpu/drm/drm_client_modeset.c. A local user can escalate privileges on the system.
74) Use of uninitialized resource (CVE-ID: CVE-2024-35915)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the nci_rx_work() function in net/nfc/nci/core.c. A local user can perform a denial of service (DoS) attack.
75) NULL pointer dereference (CVE-ID: CVE-2024-35916)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sanitycheck() function in drivers/dma-buf/st-dma-fence-chain.c. A local user can perform a denial of service (DoS) attack.
76) Information disclosure (CVE-ID: CVE-2024-35956)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the btrfs_subvolume_reserve_metadata() function in fs/btrfs/root-tree.c, within the create_subvol() and create_snapshot() functions in fs/btrfs/ioctl.c, within the btrfs_delete_subvolume() and btrfs_end_transaction() functions in fs/btrfs/inode.c. A local user can gain access to sensitive information.
77) Use of uninitialized resource (CVE-ID: CVE-2024-36020)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the i40e_reset_all_vfs() function in drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c. A local user can perform a denial of service (DoS) attack.
78) Resource management error (CVE-ID: CVE-2024-35873)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the __restore_v_state() function in arch/riscv/kernel/signal.c. A local user can perform a denial of service (DoS) attack.
79) Improper locking (CVE-ID: CVE-2024-27002)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mtk_clk_simple_probe() and mtk_free_clk_data() functions in drivers/clk/mediatek/clk-mtk.c. A local user can perform a denial of service (DoS) attack.
80) Input validation error (CVE-ID: CVE-2024-35963)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the hci_sock_setsockopt_old() and hci_sock_setsockopt() functions in net/bluetooth/hci_sock.c. A local user can perform a denial of service (DoS) attack.
81) Improper locking (CVE-ID: CVE-2024-35959)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_priv_cleanup() function in drivers/net/ethernet/mellanox/mlx5/core/en_main.c, within the mlx5e_selq_init() and mlx5e_selq_cleanup() functions in drivers/net/ethernet/mellanox/mlx5/core/en/selq.c. A local user can perform a denial of service (DoS) attack.
82) Out-of-bounds read (CVE-ID: CVE-2024-35937)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the ieee80211_amsdu_subframe_length(), ieee80211_is_valid_amsdu() and ieee80211_amsdu_to_8023s() functions in net/wireless/util.c. A local user can perform a denial of service (DoS) attack.
83) Memory leak (CVE-ID: CVE-2024-27011)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_data_hold() and __nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
84) Race condition within a thread (CVE-ID: CVE-2024-27020)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a data race within the __nft_expr_type_get() and nft_expr_type_get() functions in net/netfilter/nf_tables_api.c. A local user can execute arbitrary code.
85) Memory leak (CVE-ID: CVE-2024-35883)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the pci1xxxx_spi_probe() function in drivers/spi/spi-pci1xxxx.c. A local user can perform a denial of service (DoS) attack.
86) Resource management error (CVE-ID: CVE-2024-35913)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the iwl_mvm_rx_session_protect_notif() function in drivers/net/wireless/intel/iwlwifi/mvm/time-event.c. A local user can perform a denial of service (DoS) attack.
87) Improper locking (CVE-ID: CVE-2024-35910)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tcp_close() function in net/ipv4/tcp.c, within the inet_csk_clear_xmit_timers() function in net/ipv4/inet_connection_sock.c. A local user can perform a denial of service (DoS) attack.
88) Improper locking (CVE-ID: CVE-2024-27021)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the rtl_remove_one() and rtl_init_one() functions in drivers/net/ethernet/realtek/r8169_main.c, within the rtl8168_setup_ldev() function in drivers/net/ethernet/realtek/r8169_leds.c. A local user can execute arbitrary code.
89) Improper Initialization (CVE-ID: CVE-2024-35921)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the vdec_hevc_slice_init() function in drivers/media/platform/mediatek/vcodec/decoder/vdec/vdec_hevc_req_multi_if.c. A local user can perform a denial of service (DoS) attack.
90) Out-of-bounds read (CVE-ID: CVE-2024-35905)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the check_stack_access_within_bounds() function in kernel/bpf/verifier.c. A local user can perform a denial of service (DoS) attack.
91) Improper locking (CVE-ID: CVE-2024-27010)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the qdisc_alloc() function in net/sched/sch_generic.c, within the qdisc_run_end() function in net/core/dev.c. A local user can perform a denial of service (DoS) attack.
92) Infinite loop (CVE-ID: CVE-2024-35981)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the virtnet_get_rxfh() and virtnet_probe() functions in drivers/net/virtio_net.c. A local user can perform a denial of service (DoS) attack.
93) NULL pointer dereference (CVE-ID: CVE-2024-35885)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the mlxbf_gige_shutdown() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
94) Use-after-free (CVE-ID: CVE-2024-35955)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the check_kprobe_address_safe() function in kernel/kprobes.c. A local user can escalate privileges on the system.
95) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-35894)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper access restrictions in mptcp_set_rcvlowat() function in net/mptcp/sockopt.c, which allow bpf accessing mptcp-level proto_ops from a tcp subflow scope. A local user can perform a denial of service (DoS) attack.
96) Use-after-free (CVE-ID: CVE-2024-35969)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ipv6_get_ifaddr() function in net/ipv6/addrconf.c, within the in6_ifa_hold() function in include/net/addrconf.h. A local user can escalate privileges on the system.
97) Buffer overflow (CVE-ID: CVE-2024-36018)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the op_remap() function in drivers/gpu/drm/nouveau/nouveau_uvmm.c. A local user can perform a denial of service (DoS) attack.
98) Use-after-free (CVE-ID: CVE-2024-35867)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
99) Buffer overflow (CVE-ID: CVE-2024-27007)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the move_pages_huge_pmd() function in mm/huge_memory.c. A local user can escalate privileges on the system.
100) Improper locking (CVE-ID: CVE-2024-35908)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the tls_sw_recvmsg() function in net/tls/tls_sw.c. A local user can perform a denial of service (DoS) attack.
101) Information disclosure (CVE-ID: CVE-2024-26985)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the intel_fb_bo_framebuffer_init() function in drivers/gpu/drm/xe/display/intel_fb_bo.c. A local user can gain access to sensitive information.
102) Input validation error (CVE-ID: CVE-2024-27016)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the nf_flow_xmit_xfrm(), nf_flow_skb_encap_protocol() and nf_flow_encap_pop() functions in net/netfilter/nf_flow_table_ip.c, within the nf_flow_offload_inet_hook() function in net/netfilter/nf_flow_table_inet.c. A local user can perform a denial of service (DoS) attack.
103) Improper Initialization (CVE-ID: CVE-2024-35960)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the add_rule_fg() function in drivers/net/ethernet/mellanox/mlx5/core/fs_core.c. A local user can perform a denial of service (DoS) attack.
104) Improper error handling (CVE-ID: CVE-2024-35935)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the iterate_inode_ref() function in fs/btrfs/send.c. A local user can perform a denial of service (DoS) attack.
105) Use-after-free (CVE-ID: CVE-2024-35932)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc4_prepare_fb() and vc4_cleanup_fb() functions in drivers/gpu/drm/vc4/vc4_plane.c. A local user can escalate privileges on the system.
106) Improper locking (CVE-ID: CVE-2024-35957)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the intel_iommu_probe_device() and intel_iommu_release_device() functions in drivers/iommu/intel/iommu.c. A local user can perform a denial of service (DoS) attack.
107) Resource management error (CVE-ID: CVE-2024-27001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the vmk80xx_find_usb_endpoints() function in drivers/comedi/drivers/vmk80xx.c. A local user can perform a denial of service (DoS) attack.
108) Memory leak (CVE-ID: CVE-2024-35871)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the __asm__() and copy_thread() functions in arch/riscv/kernel/process.c. A local user can perform a denial of service (DoS) attack.
109) Out-of-bounds read (CVE-ID: CVE-2024-35907)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the mlxbf_gige_open() function in drivers/net/ethernet/mellanox/mlxbf_gige/mlxbf_gige_main.c. A local user can perform a denial of service (DoS) attack.
110) NULL pointer dereference (CVE-ID: CVE-2024-35878)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the of_modalias() function in drivers/of/module.c. A local user can perform a denial of service (DoS) attack.
111) Use-after-free (CVE-ID: CVE-2024-35979)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the raid1_write_request() function in drivers/md/raid1.c. A local user can escalate privileges on the system.
112) Memory leak (CVE-ID: CVE-2024-35972)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the bnxt_rdma_aux_device_init() function in drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c. A local user can perform a denial of service (DoS) attack.
113) Memory leak (CVE-ID: CVE-2024-35975)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the otx2_qos_read_txschq_cfg_tl() function in drivers/net/ethernet/marvell/octeontx2/nic/qos.c. A local user can perform a denial of service (DoS) attack.
114) Memory leak (CVE-ID: CVE-2024-35877)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the follow_phys() function in mm/memory.c, within the is_cow_mapping(), free_pfn_range() and untrack_pfn() functions in arch/x86/mm/pat.c. A local user can perform a denial of service (DoS) attack.
115) Memory leak (CVE-ID: CVE-2024-35926)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the iaa_compress() and iaa_decompress() functions in drivers/crypto/intel/iaa/iaa_crypto_main.c. A local user can perform a denial of service (DoS) attack.
116) Integer overflow (CVE-ID: CVE-2024-26817)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the kfd_ioctl_get_process_apertures_new() function in drivers/gpu/drm/amd/amdkfd/kfd_chardev.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
117) Use-after-free (CVE-ID: CVE-2024-35899)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
118) Improper locking (CVE-ID: CVE-2024-27004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the HLIST_HEAD(), clk_pm_runtime_put(), clk_unprepare_unused_subtree(), clk_disable_unused_subtree(), __setup(), clk_disable_unused(), __clk_release() and __clk_register() functions in drivers/clk/clk.c. A local user can perform a denial of service (DoS) attack.
119) NULL pointer dereference (CVE-ID: CVE-2024-35920)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vpu_dec_check_ap_inst() function in drivers/media/platform/mediatek/vcodec/decoder/vdec_vpu_if.c, within the fops_vcodec_open(), fops_vcodec_release() and mtk_vcodec_probe() functions in drivers/media/platform/mediatek/vcodec/decoder/mtk_vcodec_dec_drv.c, within the mtk_vcodec_vpu_reset_dec_handler() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c. A local user can perform a denial of service (DoS) attack.
120) Buffer overflow (CVE-ID: CVE-2024-35924)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the ucsi_read_message_in(), ucsi_read_error(), ucsi_send_command() and ucsi_register() functions in drivers/usb/typec/ucsi/ucsi.c. A local user can perform a denial of service (DoS) attack.
121) NULL pointer dereference (CVE-ID: CVE-2024-35977)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the cros_ec_uart_probe() function in drivers/platform/chrome/cros_ec_uart.c. A local user can perform a denial of service (DoS) attack.
122) Memory leak (CVE-ID: CVE-2024-35930)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the lpfc_rcv_padisc() function in drivers/scsi/lpfc/lpfc_nportdisc.c. A local user can perform a denial of service (DoS) attack.
123) NULL pointer dereference (CVE-ID: CVE-2024-35911)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the ice_vsi_rebuild() function in drivers/net/ethernet/intel/ice/ice_lib.c. A local user can perform a denial of service (DoS) attack.
124) Use-after-free (CVE-ID: CVE-2024-26996)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ncm_set_alt() and ncm_disable() functions in drivers/usb/gadget/function/f_ncm.c. A local user can escalate privileges on the system.
125) Improper locking (CVE-ID: CVE-2024-27005)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the path_init() and icc_put() functions in drivers/interconnect/core.c. A local user can perform a denial of service (DoS) attack.
126) Use-after-free (CVE-ID: CVE-2024-35870)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_mark_tcp_ses_conns_for_reconnect() and cifs_find_smb_ses() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
127) Infinite loop (CVE-ID: CVE-2024-35982)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the batadv_tt_local_resize_to_mtu() function in net/batman-adv/translation-table.c. A local user can perform a denial of service (DoS) attack.
128) Improper locking (CVE-ID: CVE-2024-35895)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __sock_map_delete() and sock_hash_delete_elem() functions in net/core/sock_map.c. A local user can perform a denial of service (DoS) attack.
129) NULL pointer dereference (CVE-ID: CVE-2024-35943)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the omap_prm_domain_init() function in drivers/pmdomain/ti/omap_prm.c. A local user can perform a denial of service (DoS) attack.
130) NULL pointer dereference (CVE-ID: CVE-2024-35902)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the __rds_rdma_map() function in net/rds/rdma.c. A local user can perform a denial of service (DoS) attack.
131) NULL pointer dereference (CVE-ID: CVE-2024-35919)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the vpu_enc_check_ap_inst() function in drivers/media/platform/mediatek/vcodec/encoder/venc_vpu_if.c, within the fops_vcodec_open(), fops_vcodec_release() and mtk_vcodec_probe() functions in drivers/media/platform/mediatek/vcodec/encoder/mtk_vcodec_enc_drv.c, within the mtk_vcodec_vpu_reset_enc_handler() function in drivers/media/platform/mediatek/vcodec/common/mtk_vcodec_fw_vpu.c. A local user can perform a denial of service (DoS) attack.
132) Use of uninitialized resource (CVE-ID: CVE-2024-35973)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the geneve_xmit_skb() and geneve6_xmit_skb() functions in drivers/net/geneve.c. A local user can perform a denial of service (DoS) attack.
133) Improper error handling (CVE-ID: CVE-2024-35931)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the amdgpu_pci_slot_reset() function in drivers/gpu/drm/amd/amdgpu/amdgpu_device.c. A local user can perform a denial of service (DoS) attack.
134) Use of uninitialized resource (CVE-ID: CVE-2024-35888)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the ip6erspan_rcv() function in net/ipv6/ip6_gre.c, within the erspan_rcv() function in net/ipv4/ip_gre.c. A local user can perform a denial of service (DoS) attack.
135) Improper locking (CVE-ID: CVE-2024-35914)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the lock_rename() and unlock_rename() functions in fs/nfsd/vfs.c. A local user can perform a denial of service (DoS) attack.
136) Out-of-bounds read (CVE-ID: CVE-2024-35970)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the manage_oob() function in net/unix/af_unix.c. A local user can perform a denial of service (DoS) attack.
137) NULL pointer dereference (CVE-ID: CVE-2024-36023)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the orangefs_mount() function in fs/orangefs/super.c. A local user can perform a denial of service (DoS) attack.
138) Memory leak (CVE-ID: CVE-2024-27012)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the nft_rbtree_activate() and nft_rbtree_walk() functions in net/netfilter/nft_set_rbtree.c, within the nft_pipapo_activate() and nft_pipapo_walk() functions in net/netfilter/nft_set_pipapo.c, within the nft_rhash_activate(), nft_rhash_walk(), nft_hash_activate() and nft_hash_walk() functions in net/netfilter/nft_set_hash.c, within the nft_bitmap_activate() and nft_bitmap_walk() functions in net/netfilter/nft_set_bitmap.c, within the nft_mapelem_deactivate(), nft_map_catchall_deactivate(), nft_setelem_validate(), nf_tables_bind_check_setelem(), nft_mapelem_activate(), nft_map_catchall_activate(), nf_tables_dump_setelem(), nft_setelem_activate(), nft_setelem_flush() and nf_tables_loop_check_setelem() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
139) Information disclosure (CVE-ID: CVE-2024-35939)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the dma_direct_alloc(), __dma_direct_free_pages() and dma_direct_alloc_pages() functions in kernel/dma/direct.c. A local user can gain access to sensitive information.
140) NULL pointer dereference (CVE-ID: CVE-2024-26984)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the nv50_instobj_acquire() function in drivers/gpu/drm/nouveau/nvkm/subdev/instmem/nv50.c. A local user can perform a denial of service (DoS) attack.
141) Buffer overflow (CVE-ID: CVE-2024-35884)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the udp_gro_receive() function in net/ipv4/udp_offload.c, within the __udp_is_mcast_sock() function in net/ipv4/udp.c. A local user can perform a denial of service (DoS) attack.
142) Resource management error (CVE-ID: CVE-2024-35901)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the mana_get_rxbuf_cfg() function in drivers/net/ethernet/microsoft/mana/mana_en.c. A local user can perform a denial of service (DoS) attack.
143) Buffer overflow (CVE-ID: CVE-2024-26811)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when installing malicious ksmbd-tools. A local user can force the ksmbd.mountd to return invalid ipc response to ksmbd kernel server, trigger memory corruption and execute arbitrary code on the target system.
144) Out-of-bounds read (CVE-ID: CVE-2024-35966)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the rfcomm_sock_setsockopt_old() and rfcomm_sock_setsockopt() functions in net/bluetooth/rfcomm/sock.c. A local user can perform a denial of service (DoS) attack.
145) NULL pointer dereference (CVE-ID: CVE-2024-35891)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the lan8814_txtstamp(), lan8814_get_sig_rx(), lan8814_match_rx_ts(), lan8814_ptpci_adjfine(), lan8814_get_sig_tx(), lan8814_dequeue_tx_skb() and lan8814_match_skb() functions in drivers/net/phy/micrel.c. A local user can perform a denial of service (DoS) attack.
146) Use-after-free (CVE-ID: CVE-2024-35887)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ax25_dev_device_down() function in net/ax25/ax25_dev.c. A local user can escalate privileges on the system.
147) Improper error handling (CVE-ID: CVE-2024-35945)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper error handling within the phy_sfp_probe(), phy_attach_direct() and phy_get_internal_delay() functions in drivers/net/phy/phy_device.c. A local user can perform a denial of service (DoS) attack.
148) Improper locking (CVE-ID: CVE-2024-35971)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ks8851_rx_pkts() and ks8851_irq() functions in drivers/net/ethernet/micrel/ks8851_common.c. A local user can perform a denial of service (DoS) attack.
149) Use-after-free (CVE-ID: CVE-2024-35862)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the smb2_is_network_name_deleted() function in fs/smb/client/smb2ops.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
150) Improper locking (CVE-ID: CVE-2024-26987)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __page_handle_poison() function in mm/memory-failure.c. A local user can perform a denial of service (DoS) attack.
151) Integer underflow (CVE-ID: CVE-2024-26921)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer underflow within the nf_ct_frag6_queue() and nf_ct_frag6_gather() functions in net/ipv6/netfilter/nf_conntrack_reasm.c, within the ip_frag_queue() and ip_defrag() functions in net/ipv4/ip_fragment.c, within the FRAG_CB(), inet_frag_queue_insert(), inet_frag_reasm_prepare(), EXPORT_SYMBOL() and inet_frag_reasm_finish() functions in net/ipv4/inet_fragment.c. A local user can execute arbitrary code.
152) Resource management error (CVE-ID: CVE-2024-26989)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to resource management error within the kernel_page_present() function in arch/arm64/mm/pageattr.c. A local user can perform a denial of service (DoS) attack.
153) Improper locking (CVE-ID: CVE-2024-35952)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the ast_dp_set_on_off() function in drivers/gpu/drm/ast/ast_dp.c. A local user can perform a denial of service (DoS) attack.
154) Race condition (CVE-ID: CVE-2024-27009)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the ccw_device_set_online() function in drivers/s390/cio/device.c. A local user can escalate privileges on the system.
155) Memory leak (CVE-ID: CVE-2024-35893)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the tcf_skbmod_dump() function in net/sched/act_skbmod.c. A local user can perform a denial of service (DoS) attack.
156) Off-by-one (CVE-ID: CVE-2024-26995)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the tcpm_pd_set() function in drivers/usb/typec/tcpm/tcpm.c. A local user can perform a denial of service (DoS) attack.
157) Improper locking (CVE-ID: CVE-2024-26925)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the __nf_tables_abort() and nf_tables_abort() functions in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack.
158) Use-after-free (CVE-ID: CVE-2024-35868)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_stats_proc_write() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
159) NULL pointer dereference (CVE-ID: CVE-2024-35954)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the sg_remove_sfp_usercontext() function in drivers/scsi/sg.c. A local user can perform a denial of service (DoS) attack.
160) Division by zero (CVE-ID: CVE-2024-35922)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error within the fb_get_mode() and fb_videomode_from_videomode() functions in drivers/video/fbdev/core/fbmon.c. A local user can perform a denial of service (DoS) attack.
161) Improper locking (CVE-ID: CVE-2024-27000)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mxs_auart_set_ldisc() and mxs_auart_irq_handle() functions in drivers/tty/serial/mxs-auart.c. A local user can perform a denial of service (DoS) attack.
162) Improper Initialization (CVE-ID: CVE-2024-36021)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper initialization within the hclge_init_ae_dev() and hclge_comm_cmd_uninit() functions in drivers/net/ethernet/hisilicon/hns3/hns3pf/hclge_main.c. A local user can perform a denial of service (DoS) attack.
163) Improper locking (CVE-ID: CVE-2024-27014)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the mlx5e_arfs_enable(), arfs_del_rules(), arfs_handle_work() and mlx5e_rx_flow_steer() functions in drivers/net/ethernet/mellanox/mlx5/core/en_arfs.c. A local user can perform a denial of service (DoS) attack.
164) NULL pointer dereference (CVE-ID: CVE-2024-35940)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the psz_kmsg_read() function in fs/pstore/zone.c. A local user can perform a denial of service (DoS) attack.
165) Information disclosure (CVE-ID: CVE-2024-26992)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the vmx_get_perf_capabilities() function in arch/x86/kvm/vmx/vmx.c. A local user can gain access to sensitive information.
166) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2024-26926)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the binder_get_object() function in drivers/android/binder.c. A local user can influence the pointer offset and potentially execute arbitrary code.
167) Use of uninitialized resource (CVE-ID: CVE-2024-35927)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to use of uninitialized resource within the reschedule_output_poll_work() and EXPORT_SYMBOL() functions in drivers/gpu/drm/drm_probe_helper.c, within the drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() functions in drivers/gpu/drm/drm_modeset_helper.c. A local user can perform a denial of service (DoS) attack.
168) Use-after-free (CVE-ID: CVE-2024-35863)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the is_valid_oplock_break() function in fs/smb/client/misc.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
169) Improper locking (CVE-ID: CVE-2024-27022)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to improper locking within the dup_mmap() function in kernel/fork.c. A local user can execute arbitrary code.
170) NULL pointer dereference (CVE-ID: CVE-2024-26998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to NULL pointer dereference within the uart_tty_port_shutdown() function in drivers/tty/serial/serial_core.c. A local user can perform a denial of service (DoS) attack.
171) Incorrect calculation (CVE-ID: CVE-2024-27017)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to incorrect calculation within the nft_pipapo_walk() function in net/netfilter/nft_set_pipapo.c, within the nft_map_deactivate(), nf_tables_bind_set(), nft_map_activate(), nf_tables_dump_set(), nft_set_flush() and nf_tables_check_loops() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
172) Use-after-free (CVE-ID: CVE-2024-26928)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cifs_debug_files_proc_show() function in fs/smb/client/cifs_debug.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
173) Input validation error (CVE-ID: CVE-2024-35889)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the idpf_rx_process_skb_fields() function in drivers/net/ethernet/intel/idpf/idpf_txrx.c when handling unknown packet types. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
174) Race condition within a thread (CVE-ID: CVE-2024-35898)
The vulnerability allows a local user to manipulate data.
The vulnerability exists due to a data race within the nf_tables_flowtable_parse_hook() and nft_flowtable_type_get() functions in net/netfilter/nf_tables_api.c. A local user can manipulate data.
175) Use-after-free (CVE-ID: CVE-2024-35869)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the tcon_info_alloc() and tconInfoFree() functions in fs/smb/client/misc.c, within the dfs_cache_remount_fs() function in fs/smb/client/dfs_cache.c, within the get_session(), __dfs_mount_share() and dfs_mount_share() functions in fs/smb/client/dfs.c, within the match_session(), cifs_get_smb_ses(), cifs_mount_put_conns() and cifs_mount() functions in fs/smb/client/connect.c. A remote non-authenticated attacker can perform a denial of service (DoS) attack.
176) Out-of-bounds read (CVE-ID: CVE-2024-26936)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the smb2_allocate_rsp_buf() function in fs/smb/server/smb2pdu.c. A local user can perform a denial of service (DoS) attack.
177) Improper locking (CVE-ID: CVE-2024-26923)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper locking within the unix_gc() function in net/unix/garbage.c due to garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. A local user can execute arbitrary code with elevated privileges.
178) Improper locking (CVE-ID: CVE-2023-52699)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the block_end(), get_branch(), get_block() and find_shared() functions in fs/sysv/itree.c. A local user can perform a denial of service (DoS) attack.
179) Buffer overflow (CVE-ID: CVE-2024-35974)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory corruption within the blk_alloc_queue() function in block/blk-core.c, within the blkcg_css_online() and blkcg_init_disk() functions in block/blk-cgroup.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.