Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

CVEID:   CVE-2024-37370
DESCRIPTION:   MIT Kerberos 5 (aka krb5) could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially crafted request to modify the plaintext Extra Count field of a confidential GSS krb5 wrap token, an attacker could exploit this vulnerability to cause the unwrapped token to appear truncated to the application.
CVSS Source:   IBM X-Force
CVSS Base score:   7.4
CVSS Vector:   (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)

CVEID:   CVE-2024-36960
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an invalid read in fence signaled events. A local authenticated attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   7.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2024-41012
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by improper locking flaw when fcntl/close race is detected. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-416: Use After Free
CVSS Source:   Red Hat
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42268
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a missing lock on sync reset reload. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-667: Improper Locking
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42271
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in iucv_sock_close() iucv_sever_path(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-41020
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper locking related to fcntl/close race recovery compat path. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CWE:   CWE-667: Improper Locking
CVSS Source:   Red Hat
CVSS Base score:   6.7
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-42265
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to protect the fetch of ->fd[fd] in do_dup2() from mispredictions. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-6119
DESCRIPTION:   OpenSSL is vulnerable to a denial of service, caused by an error when performing certificate name checks (e.g., TLS clients checking server certificates). By sending a specially crafted request, a remote attacker could exploit this vulnerability to read an invalid memory address resulting in abnormal termination of the application process.
CWE:   CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-41096
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a use-after-free read flaw in msi_capability_init. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service condition.
CWE:   CWE-416: Use After Free
CVSS Source:   Red Hat
CVSS Base score:   7.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2024-42251
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw in write.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-617: Reachable Assertion
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38575
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in the kzalloc() in brcmf_pcie_download_fw_nvram(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-400: Uncontrolled Resource Consumption
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36940
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a double-free in pinctrl_enable(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-415: Double Free
CVSS Source:   IBM X-Force
CVSS Base score:   2.3
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-36017
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read when accessing the saved (casted) entry in ivvl. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H)

CVEID:   CVE-2024-26703
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26831
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an error related to handshake_req_destroy_test1. An attacker could exploit this vulnerability to obtain sensitive information.
CWE:   CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source:   IBM X-Force
CVSS Base score:   3.3
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2023-52591
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to touching renamed directory if parent does not change. An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-39472
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by incorrect h_size values used for the initial umount record in xfs_log_recover.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36905
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a divide-by-zero error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-369: Divide By Zero
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27010
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [..... other info removed for brevity....] [ 82.890906] [ 82.890906] ============================================ [ 82.890906] WARNING: possible recursive locking detected [ 82.890906] 6.8.0-05205-g77fadd89fe2d-dirty #213 Tainted: G W [ 82.890906] -------------------------------------------- [ 82.890906] ping/418 is trying to acquire lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] but task is already holding lock: [ 82.890906] ffff888006994110 (&sch->q.lock){+.-.}-{3:3}, at: __dev_queue_xmit+0x1778/0x3550 [ 82.890906] [ 82.890906] other info that might help us debug this: [ 82.890906] Possible unsafe locking scenario: [ 82.890906] [ 82.890906] CPU0 [ 82.890906] ---- [ 82.890906] lock(&sch->q.lock); [ 82.890906] lock(&sch->q.lock); [ 82.890906] [ 82.890906] *** DEADLOCK *** [ 82.890906] [..... other info removed for brevity....] Example setup (eth0->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 Another example(eth0->eth1->eth0) to recreate tc qdisc add dev eth0 root handle 1: htb default 30 tc filter add dev eth0 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth1 tc qdisc add dev eth1 root handle 1: htb default 30 tc filter add dev eth1 handle 1: protocol ip prio 2 matchall \ action mirred egress redirect dev eth0 We fix this by adding an owner field (CPU id) to struct Qdisc set after root qdisc is entered. When the softirq enters it a second time, if the qdisc owner is the same CPU, the packet is dropped to break the loop.
CWE:   CWE-667: Improper Locking
CVSS Source:   NVD
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26663
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to check the bearer type before calling tipc_udp_nl_bearer_add(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42244
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw in USB: serial: mos7840. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52609
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition between mmput() and do_exit(). An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38598
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw in Md. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-667: Improper Locking
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-39502
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by use-after-free in netif_napi_del(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   6.7
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-36025
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an off-by-one in qla_edif_app_getstats(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-787: Out-of-bounds Write
CVSS Source:   IBM X-Force
CVSS Base score:   5.2
CVSS Vector:   (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2024-26667
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by invalid hw_pp in dpu_encoder_helper_phys_cleanup of drm/msm/dpu. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52584
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free on device remove. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   6.7
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52817
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference when the smc_rreg pointer is NULL. An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36978
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out--of-bounds write in multiq_tune(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-787: Out-of-bounds Write
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-27020
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by potential data-race in __nft_expr_type_get() in netfilter: nf_tables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36896
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an access violation during port device removal. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26713
DESCRIPTION:   Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26726
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to drop extent_map for free space inode on write error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26824
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to bogus SGL free on zero-length error path. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-47449
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to locking for Tx timestamp tracking flush. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-129: Improper Validation of Array Index
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36954
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a memleak in tipc_buf_append __skb_linearize(). An attacker could exploit this vulnerability to obtain sensitive information.
CWE:   CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-27011
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abort path could result in restoring twice the refcount of the mapping. Check for inactive element in the next generation for the delete element command in the abort path, skip restoring state if next generation bit has been already cleared. This is similar to the activate logic using the set walk iterator. [ 6170.286929] ------------[ cut here ]------------ [ 6170.286939] WARNING: CPU: 6 PID: 790302 at net/netfilter/nf_tables_api.c:2086 nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287071] Modules linked in: [...] [ 6170.287633] CPU: 6 PID: 790302 Comm: kworker/6:2 Not tainted 6.9.0-rc3+ #365 [ 6170.287768] RIP: 0010:nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.287886] Code: df 48 8d 7d 58 e8 69 2e 3b df 48 8b 7d 58 e8 80 1b 37 df 48 8d 7d 68 e8 57 2e 3b df 48 8b 7d 68 e8 6e 1b 37 df 48 89 ef eb c4 <0f> 0b 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 0f [ 6170.287895] RSP: 0018:ffff888134b8fd08 EFLAGS: 00010202 [ 6170.287904] RAX: 0000000000000001 RBX: ffff888125bffb28 RCX: dffffc0000000000 [ 6170.287912] RDX: 0000000000000003 RSI: ffffffffa20298ab RDI: ffff88811ebe4750 [ 6170.287919] RBP: ffff88811ebe4700 R08: ffff88838e812650 R09: fffffbfff0623a55 [ 6170.287926] R10: ffffffff8311d2af R11: 0000000000000001 R12: ffff888125bffb10 [ 6170.287933] R13: ffff888125bffb10 R14: dead000000000122 R15: dead000000000100 [ 6170.287940] FS: 0000000000000000(0000) GS:ffff888390b00000(0000) knlGS:0000000000000000 [ 6170.287948] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6170.287955] CR2: 00007fd31fc00710 CR3: 0000000133f60004 CR4: 00000000001706f0 [ 6170.287962] Call Trace: [ 6170.287967] [ 6170.287973] ? __warn+0x9f/0x1a0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.287986] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288092] ? report_bug+0x1b1/0x1e0 [ 6170.288104] ? handle_bug+0x3c/0x70 [ 6170.288112] ? exc_invalid_op+0x17/0x40 [ 6170.288120] ? asm_exc_invalid_op+0x1a/0x20 [ 6170.288132] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288243] ? nf_tables_chain_destroy+0x1f7/0x220 [nf_tables] [ 6170.288366] ? nf_tables_chain_destroy+0x2b/0x220 [nf_tables] [ 6170.288483] nf_tables_trans_destroy_work+0x588/0x590 [nf_tables]
CWE:   CWE-401: Missing Release of Memory after Effective Lifetime
CVSS Source:   NVD
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-35947
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an old BUG_ON in >control parser A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26727
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to ASSERT() if the newly created subvolume already got read. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26823
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to quirk probing for ACPI-based systems. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42252
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/closure.c:21! 03240 Internal error: Oops - BUG: 00000000f2000800 [#1] SMP 03240 Modules linked in: 03240 CPU: 15 PID: 40534 Comm: kworker/u80:1 Not tainted 6.10.0-rc4-ktest-ga56da69799bd #25570 03240 Hardware name: linux,dummy-virt (DT) 03240 Workqueue: btree_update btree_interior_update_work 03240 pstate: 00001005 (nzcv daif -PAN -UAO -TCO -DIT +SSBS BTYPE=--) 03240 pc : closure_put+0x224/0x2a0 03240 lr : closure_put+0x24/0x2a0 03240 sp : ffff0000d12071c0 03240 x29: ffff0000d12071c0 x28: dfff800000000000 x27: ffff0000d1207360 03240 x26: 0000000000000040 x25: 0000000000000040 x24: 0000000000000040 03240 x23: ffff0000c1f20180 x22: 0000000000000000 x21: ffff0000c1f20168 03240 x20: 0000000040000000 x19: ffff0000c1f20140 x18: 0000000000000001 03240 x17: 0000000000003aa0 x16: 0000000000003ad0 x15: 1fffe0001c326974 03240 x14: 0000000000000a1e x13: 0000000000000000 x12: 1fffe000183e402d 03240 x11: ffff6000183e402d x10: dfff800000000000 x9 : ffff6000183e402e 03240 x8 : 0000000000000001 x7 : 00009fffe7c1bfd3 x6 : ffff0000c1f2016b 03240 x5 : ffff0000c1f20168 x4 : ffff6000183e402e x3 : ffff800081391954 03240 x2 : 0000000000000001 x1 : 0000000000000000 x0 : 00000000a8000000 03240 Call trace: 03240 closure_put+0x224/0x2a0 03240 bch2_check_for_deadlock+0x910/0x1028 03240 bch2_six_check_for_deadlock+0x1c/0x30 03240 six_lock_slowpath.isra.0+0x29c/0xed0 03240 six_lock_ip_waiter+0xa8/0xf8 03240 __bch2_btree_node_lock_write+0x14c/0x298 03240 bch2_trans_lock_write+0x6d4/0xb10 03240 __bch2_trans_commit+0x135c/0x5520 03240 btree_interior_update_work+0x1248/0x1c10 03240 process_scheduled_works+0x53c/0xd90 03240 worker_thread+0x370/0x8c8 03240 kthread+0x258/0x2e8 03240 ret_from_fork+0x10/0x20 03240 Code: aa1303e0 d63f0020 a94363f7 17ffff8c (d4210000) 03240 ---[ end trace 0000000000000000 ]--- 03240 Kernel panic - not syncing: Oops - BUG: Fatal exception 03240 SMP: stopping secondary CPUs 03241 SMP: failed to stop secondary CPUs 13,15 03241 Kernel Offset: disabled 03241 CPU features: 0x00,00000003,80000008,4240500b 03241 Memory Limit: none 03241 ---[ end Kernel panic - not syncing: Oops - BUG: Fatal exception ]--- 03246 ========= FAILED TIMEOUT copygc_torture_no_checksum in 7200s
CWE:   CWE-617: Reachable Assertion
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38573
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in cppc_cpufreq_get_rate(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36941
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.7
CVSS Vector:   (CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36020
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition in the Ethernet Controller XL710 family driver. A remote authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source:   IBM X-Force
CVSS Base score:   5.3
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26702
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in the rm3100_common_probe function. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   6
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2024-42258
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by flaw with x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   Red Hat
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52596
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds access for empty sysctl registers. A local attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-39276
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by an error related to mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find(). An attacker could exploit this vulnerability to obtain sensitive information.
CWE:   CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2024-36917
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000; Add the overflow validation now.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26961
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: mac802154: fix llsec key resources release in mac802154_llsec_key_del mac802154_llsec_key_del() can free resources of a key directly without following the RCU rules for waiting before the end of a grace period. This may lead to use-after-free in case llsec_lookup_key() is traversing the list of keys in parallel with a key deletion: refcount_t: addition on 0; use-after-free. WARNING: CPU: 4 PID: 16000 at lib/refcount.c:25 refcount_warn_saturate+0x162/0x2a0 Modules linked in: CPU: 4 PID: 16000 Comm: wpan-ping Not tainted 6.7.0 #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 RIP: 0010:refcount_warn_saturate+0x162/0x2a0 Call Trace: llsec_lookup_key.isra.0+0x890/0x9e0 mac802154_llsec_encrypt+0x30c/0x9c0 ieee802154_subif_start_xmit+0x24/0x1e0 dev_hard_start_xmit+0x13e/0x690 sch_direct_xmit+0x2ae/0xbc0 __dev_queue_xmit+0x11dd/0x3c20 dgram_sendmsg+0x90b/0xd60 __sys_sendto+0x466/0x4c0 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x45/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Also, ieee802154_llsec_key_entry structures are not freed by mac802154_llsec_key_del(): unreferenced object 0xffff8880613b6980 (size 64): comm "iwpan", pid 2176, jiffies 4294761134 (age 60.475s) hex dump (first 32 bytes): 78 0d 8f 18 80 88 ff ff 22 01 00 00 00 00 ad de x......."....... 00 00 00 00 00 00 00 00 03 00 cd ab 00 00 00 00 ................ backtrace: [] __kmem_cache_alloc_node+0x1e2/0x2d0 [] kmalloc_trace+0x25/0xc0 [] mac802154_llsec_key_add+0xac9/0xcf0 [] ieee802154_add_llsec_key+0x5a/0x80 [] nl802154_add_llsec_key+0x426/0x5b0 [] genl_family_rcv_msg_doit+0x1fe/0x2f0 [] genl_rcv_msg+0x531/0x7d0 [] netlink_rcv_skb+0x169/0x440 [] genl_rcv+0x28/0x40 [] netlink_unicast+0x53c/0x820 [] netlink_sendmsg+0x93b/0xe60 [] ____sys_sendmsg+0xac5/0xca0 [] ___sys_sendmsg+0x11d/0x1c0 [] __sys_sendmsg+0xfa/0x1d0 [] do_syscall_64+0x45/0xf0 [] entry_SYSCALL_64_after_hwframe+0x6e/0x76 Handle the proper resource release in the RCU callback function mac802154_llsec_key_del_rcu(). Note that if llsec_lookup_key() finds a key, it gets a refcount via llsec_key_get() and locally copies key id from key_entry (which is a list element). So it's safe to call llsec_key_put() and free the list entry after the RCU grace period elapses. Found by Linux Verification Center (linuxtesting.org).
CWE:   CWE-416: Use After Free
CVSS Source:   NVD
CVSS Base score:   7.8
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-26668
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an integer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-190: Integer Overflow or Wraparound
CVSS Source:   IBM X-Force
CVSS Base score:   7.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)

CVEID:   CVE-2024-42247
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by unaligned 64-bit memory accesses in wireguard/allowedips.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-770: Allocation of Resources Without Limits or Throttling
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52608
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to mailbox/SMT channel for consistency. An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-39487
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds read in bond_option_arp_ip_targets_set(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36270
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-39495
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free bug in gb_interface_release due to race condition. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26714
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to Mark CO0 BCM keepalive. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26844
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to in _copy_from_iter Syzkaller reporting a warning in _copy_from_iter because an iov_iter is supposedly used in the wrong direction. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-1098: Data Element containing Pointer Item without Proper Copy Control Element
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42236
DESCRIPTION:   The Linux Kernel is vulnerable to a denial of service, caused by an out-of-bound write in configfs.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-787: Out-of-bounds Write
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52600
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free in jfs_evict_inode. An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-39476
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-667: Improper Locking
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36286
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw in Netfilter: Nfnetlink_queue. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-1287: Improper Validation of Specified Type of Input
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-40902
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a buffer overflow for invalid xattr. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26718
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to disable tasklets Tasklets having an inherent problem with memory corruption. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-123: Write-what-where Condition
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26842
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a shift issue in ufshcd_clear_cmd(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-35940
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a missing null pointer check to the psz_kmsg_read. A local attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36950
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to mask bus reset interrupts between ISR and bottom half. A local attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   6.2
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36929
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an untrusted pointer reference error. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-822: Untrusted Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36010
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by string truncation warnings in igb_set_fw_version. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26710
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a stack-based buffer overflow. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-121: Stack-based Buffer Overflow
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26820
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to Register VF in netvsc_probe if NET_DEVICE_REGISTER missed. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42255
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw with use auth only after NULL check in tpm_buf_check_hmac_response() function. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   Red Hat
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38555
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a use-after-free flaw when FW completion arrives while device is in internal error state. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-416: Use After Free
CVSS Source:   Red Hat
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36945
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a neighbour and rtable leak in smc_ib_find_route(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVSS Source:   IBM X-Force
CVSS Base score:   3.3
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-26962
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: dm-raid456, md/raid456: fix a deadlock for dm-raid456 while io concurrent with reshape For raid456, if reshape is still in progress, then IO across reshape position will wait for reshape to make progress. However, for dm-raid, in following cases reshape will never make progress hence IO will hang: 1) the array is read-only; 2) MD_RECOVERY_WAIT is set; 3) MD_RECOVERY_FROZEN is set; After commit c467e97f079f ("md/raid6: use valid sector values to determine if an I/O should wait on the reshape") fix the problem that IO across reshape position doesn't wait for reshape, the dm-raid test shell/lvconvert-raid-reshape.sh start to hang: [root@fedora ~]# cat /proc/979/stack [<0>] wait_woken+0x7d/0x90 [<0>] raid5_make_request+0x929/0x1d70 [raid456] [<0>] md_handle_request+0xc2/0x3b0 [md_mod] [<0>] raid_map+0x2c/0x50 [dm_raid] [<0>] __map_bio+0x251/0x380 [dm_mod] [<0>] dm_submit_bio+0x1f0/0x760 [dm_mod] [<0>] __submit_bio+0xc2/0x1c0 [<0>] submit_bio_noacct_nocheck+0x17f/0x450 [<0>] submit_bio_noacct+0x2bc/0x780 [<0>] submit_bio+0x70/0xc0 [<0>] mpage_readahead+0x169/0x1f0 [<0>] blkdev_readahead+0x18/0x30 [<0>] read_pages+0x7c/0x3b0 [<0>] page_cache_ra_unbounded+0x1ab/0x280 [<0>] force_page_cache_ra+0x9e/0x130 [<0>] page_cache_sync_ra+0x3b/0x110 [<0>] filemap_get_pages+0x143/0xa30 [<0>] filemap_read+0xdc/0x4b0 [<0>] blkdev_read_iter+0x75/0x200 [<0>] vfs_read+0x272/0x460 [<0>] ksys_read+0x7a/0x170 [<0>] __x64_sys_read+0x1c/0x30 [<0>] do_syscall_64+0xc6/0x230 [<0>] entry_SYSCALL_64_after_hwframe+0x6c/0x74 This is because reshape can't make progress. For md/raid, the problem doesn't exist because register new sync_thread doesn't rely on the IO to be done any more: 1) If array is read-only, it can switch to read-write by ioctl/sysfs; 2) md/raid never set MD_RECOVERY_WAIT; 3) If MD_RECOVERY_FROZEN is set, mddev_suspend() doesn't hold 'reconfig_mutex', hence it can be cleared and reshape can continue by sysfs api 'sync_action'. However, I'm not sure yet how to avoid the problem in dm-raid yet. This patch on the one hand make sure raid_message() can't change sync_thread() through raid_message() after presuspend(), on the other hand detect the above 3 cases before wait for IO do be done in dm_suspend(), and let dm-raid requeue those IO.
CWE:   CWE-667: Improper Locking
CVSS Source:   NVD
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26700
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   4.3
CVSS Vector:   (CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-41042
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by stack-based buffer overflow inf_tables_api.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-121: Stack-based Buffer Overflow
CVSS Source:   IBM X-Force
CVSS Base score:   4.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36971
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by a use-after-free error in the network route management. An attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   7.8
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2023-52590
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to touching renamed directory if parent does not change. An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38627
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a double-free in stm_register_device(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-415: Double Free
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-40974
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw in powerpc/pseries. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-1287: Improper Validation of Specified Type of Input
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36921
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker, caused by an out-of-bounds memory access flaw in the Wireless WiFi Link Next-Gen AGN driver. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   6.7
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-26958
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0 Workqueue: nfsiod nfs_direct_write_schedule_work [nfs] RIP: 0010:refcount_warn_saturate+0x9c/0xe0 PKRU: 55555554 Call Trace: ? __warn+0x9f/0x130 ? refcount_warn_saturate+0x9c/0xe0 ? report_bug+0xcc/0x150 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x16/0x40 ? asm_exc_invalid_op+0x16/0x20 ? refcount_warn_saturate+0x9c/0xe0 nfs_direct_write_schedule_work+0x237/0x250 [nfs] process_one_work+0x12f/0x4a0 worker_thread+0x14e/0x3b0 ? ZSTD_getCParams_internal+0x220/0x220 kthread+0xdc/0x120 ? __btf_name_valid+0xa0/0xa0 ret_from_fork+0x1f/0x30 This is because we're completing the nfs_direct_request twice in a row. The source of this is when we have our commit requests to submit, we process them and send them off, and then in the completion path for the commit requests we have if (nfs_commit_end(cinfo.mds)) nfs_direct_write_complete(dreq); However since we're submitting asynchronous requests we sometimes have one that completes before we submit the next one, so we end up calling complete on the nfs_direct_request twice. The only other place we use nfs_generic_commit_list() is in __nfs_commit_inode, which wraps this call in a nfs_commit_begin(); nfs_commit_end(); Which is a common pattern for this style of completion handling, one that is also repeated in the direct code with get_dreq()/put_dreq() calls around where we process events as well as in the completion paths. Fix this by using the same pattern for the commit requests. Before with my 200 node rocksdb stress running this warning would pop every 10ish minutes. With my patch the stress test has been running for several hours without popping.
CWE:   CWE-416: Use After Free
CVSS Source:   NVD
CVSS Base score:   7.8
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-26696
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a hang in nilfs_lookup_dirty_data_buffers(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-1246: Improper Write Handling in Limited-write Non-Volatile Memories
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42238
DESCRIPTION:   Linux Kernel is vulnerable to a buffer overflow, caused by improper bounds checking in cs_dsp_power_up(). By sending a specially crafted request, a remote attacker could overflow to cause a denial of service.
CWE:   CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source:   IBM X-Force
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2023-52599
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an array-index-out-of-bounds in diNewExt. An attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-129: Improper Validation of Array Index
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38615
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to exit() callback being optional. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-459: Incomplete Cleanup
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-40927
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service caused by a deadlock in ieee80211_sta_ps_deliver_wakeup() in xhci-ring.c . A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-833: Deadlock
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:   CVE-2024-36927
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition in __ip_make_skb() KMSAN. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26940
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to the creation of debugfs ttm_resource_manager entry. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26662
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a NULL pointer dereference in 'dcn21_set_backlight_level()'. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42232
DESCRIPTION:   The Linux Kernel is vulnerable to a denial of service, caused by a race condition between mon_fault() and finish_hunting(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36979
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a vlan use-after-free. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   6.6
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H)

CVEID:   CVE-2024-27019
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by potential data-race in __nft_obj_type_get() in netfilter: nf_tables. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36489
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by missing memory barrier in tls_init. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   6.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

CVEID:   CVE-2021-47231
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a memory leak in mcba_usb. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source:   IBM X-Force
CVSS Base score:   5.1
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L)

CVEID:   CVE-2024-26721
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to the macro that calculates DSCC_/DSCA_ PPS reg address. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   2.3
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2024-26825
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to nfc: nci: free rx_data_reassembly skb on NCI device cleanup. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42256
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a flaw related to server re-repick on subrequest retry. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Source:   Red Hat
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38596
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by a race condition in unix_release_sock/unix_stream_sendmsg. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSS Source:   IBM X-Force
CVSS Base score:   4.7
CVSS Vector:   (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36933
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the use of uninitialized variable. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-457: Use of Uninitialized Variable
CVSS Source:   IBM X-Force
CVSS Base score:   5.9
CVSS Vector:   (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)

CVEID:   CVE-2024-36016
DESCRIPTION:   Linux Kernel could allow a remote attacker from within the local network to gain elevated privileges on the system, caused by an out-of-bounds write in gsm0_receive(). An attacker could exploit this vulnerability to gain elevated privileges on the system.
CWE:   CWE-125: Out-of-bounds Read
CVSS Source:   IBM X-Force
CVSS Base score:   6.4
CVSS Vector:   (CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-26707
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the failure to remove WARN_ONCE() in send_hsr_supervision_frame(). A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-20: Improper Input Validation
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26818
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to clang warning about mount_point var size. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVSS Source:   IBM X-Force
CVSS Base score:   4.4
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42254
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by inconsistent error handling in io_alloc_pbuf_ring() in radeon_gem.c. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-38538
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an uninit value[1] error in bridge device's xmit path. By sending a specially crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CWE:   CWE-908: Use of Uninitialized Resource
CVSS Source:   Red Hat
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-36904
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges, caused by a use-after-free in the TCP protocol. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CWE:   CWE-416: Use After Free
CVSS Source:   IBM X-Force
CVSS Base score:   7
CVSS Vector:   (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2024-27025
DESCRIPTION:   In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.
CWE:   CWE-476: NULL Pointer Dereference
CVSS Source:   NVD
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-26697
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by an error related to data corruption in dsync block recovery for small block sizes. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-99: Improper Control of Resource Identifiers ('Resource Injection')
CVSS Source:   IBM X-Force
CVSS Base score:   5.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2024-42259
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by improper bounds checking by drm/i915/gem. A local authenticated attacker could exploit this vulnerability to cause a denial of service.
CWE:   CWE-131: Incorrect Calculation of Buffer Size
CVSS Source:   IBM X-Force
CVSS Base score:   4.1
CVSS Vector:   (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)

IBM X-Force ID:   352146
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to obtain sensitive information, caused by a type confusion within the implementation of connection tracking. An attacker could exploit this vulnerability to obtain sensitive information.
CWE:   CWE-201: Insertion of Sensitive Information Into Sent Data
CVSS Source:   ZDI
CVSS Base score:   6.5
CVSS Vector:   (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)