U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:linux:linux_kernel:2.6.18.7:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 2,912 matching records.
Displaying matches 181 through 200.
Vuln ID Summary CVSS Severity
CVE-2024-46860

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change When disabling wifi mt7921_ipv6_addr_change() is called as a notifier. At this point mvif->phy is already NULL so we cannot use it here.

Published: September 27, 2024; 9:15:17 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46844

In the Linux kernel, the following vulnerability has been resolved: um: line: always fill *error_out in setup_one_line() The pointer isn't initialized by callers, but I have encountered cases where it's still printed; initialize it in all possible cases in setup_one_line().

Published: September 27, 2024; 9:15:16 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-46843

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove SCSI host only if added If host tries to remove ufshcd driver from a UFS device it would cause a kernel panic if ufshcd_async_scan fails during ufshcd_probe_hba before adding a SCSI host with scsi_add_host and MCQ is enabled since SCSI host has been defered after MCQ configuration introduced by commit 0cab4023ec7b ("scsi: ufs: core: Defer adding host to SCSI if MCQ is supported"). To guarantee that SCSI host is removed only if it has been added, set the scsi_host_added flag to true after adding a SCSI host and check whether it is set or not before removing it.

Published: September 27, 2024; 9:15:16 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46842

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for MBX_TIMEOUT cases, when firmware returns SFP information at a later time, that same mailbox memory region references previously freed memory in its cmpl routine. Fix by adding checks for the MBX_TIMEOUT return code. During mailbox resource cleanup, check the mbox flag to make sure that the wait did not timeout. If the MBOX_WAKE flag is not set, then do not free the resources because it will be freed when firmware completes the mailbox at a later time in its cmpl routine. Also, increase the timeout from 30 to 60 seconds to accommodate boot scripts requiring longer timeouts.

Published: September 27, 2024; 9:15:16 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46841

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error.

Published: September 27, 2024; 9:15:16 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46840

In the Linux kernel, the following vulnerability has been resolved: btrfs: clean up our handling of refs == 0 in snapshot delete In reada we BUG_ON(refs == 0), which could be unkind since we aren't holding a lock on the extent leaf and thus could get a transient incorrect answer. In walk_down_proc we also BUG_ON(refs == 0), which could happen if we have extent tree corruption. Change that to return -EUCLEAN. In do_walk_down() we catch this case and handle it correctly, however we return -EIO, which -EUCLEAN is a more appropriate error code. Finally in walk_up_proc we have the same BUG_ON(refs == 0), so convert that to proper error handling. Also adjust the error message so we can actually do something with the information.

Published: September 27, 2024; 9:15:16 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46836

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed_udc: validate endpoint index for ast udc We should verify the bound of the array to assure that host may not manipulate the index to point past endpoint array. Found by static analysis.

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-46835

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix smatch static checker warning adev->gfx.imu.funcs could be NULL

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46834

In the Linux kernel, the following vulnerability has been resolved: ethtool: fail closed if we can't get max channel used in indirection tables Commit 0d1b7d6c9274 ("bnxt: fix crashes when reducing ring count with active RSS contexts") proves that allowing indirection table to contain channels with out of bounds IDs may lead to crashes. Currently the max channel check in the core gets skipped if driver can't fetch the indirection table or when we can't allocate memory. Both of those conditions should be extremely rare but if they do happen we should try to be safe and fail the channel change.

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46833

In the Linux kernel, the following vulnerability has been resolved: net: hns3: void array out of bound when loop tnl_num When query reg inf of SSU, it loops tnl_num times. However, tnl_num comes from hardware and the length of array is a fixed value. To void array out of bound, make sure the loop time is not greater than the length of array

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-46832

In the Linux kernel, the following vulnerability has been resolved: MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed This avoids warning: [ 0.118053] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 Caused by get_c0_compare_int on secondary CPU. We also skipped saving IRQ number to struct clock_event_device *cd as it's never used by clockevent core, as per comments it's only meant for "non CPU local devices".

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46827

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix firmware crash due to invalid peer nss Currently, if the access point receives an association request containing an Extended HE Capabilities Information Element with an invalid MCS-NSS, it triggers a firmware crash. This issue arises when EHT-PHY capabilities shows support for a bandwidth and MCS-NSS set for that particular bandwidth is filled by zeros and due to this, driver obtains peer_nss as 0 and sending this value to firmware causes crash. Address this issue by implementing a validation step for the peer_nss value before passing it to the firmware. If the value is greater than zero, proceed with forwarding it to the firmware. However, if the value is invalid, reject the association request to prevent potential firmware crashes. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46826

In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec.

Published: September 27, 2024; 9:15:15 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46823

In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled. Since this variable is used in one place only, remove it and pass the device name into kunit_device_register directly as an ascii string.

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46822

In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a valid ID is needed. If an MPIDR check fails in acpi_map_gic_cpu_interface() it is possible for the entry in cpu_madt_gicc[cpu] == NULL. This function would then cause a NULL pointer dereference. Whilst a path to trigger this has not been established, harden this caller against the possibility.

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46821

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix negative array index read Avoid using the negative values for clk_idex as an index into an array pptable->DpmDescriptor. V2: fix clk_index return check (Tim Huang)

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-46819

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 if ras_manager obj null, don't print NBIO err data

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2024-46818

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check gpio_id before used as array index [WHY & HOW] GPIO_ID_UNKNOWN (-1) is not a valid value for array index and therefore should be checked in advance. This fixes 5 OVERRUN issues reported by Coverity.

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-46815

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] [WHY & HOW] num_valid_sets needs to be checked to avoid a negative index when accessing reader_wm_sets[num_valid_sets - 1]. This fixes an OVERRUN issue reported by Coverity.

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-46814

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check msg_id before processing transcation [WHY & HOW] HDCP_MESSAGE_ID_INVALID (-1) is not a valid msg_id nor is it a valid array index, and it needs checking before used. This fixes 4 OVERRUN issues reported by Coverity.

Published: September 27, 2024; 9:15:14 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)