CyberAlerts

CVE-2024-44949

Description: In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-43053

Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host

Description: Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-43052

Improper Input Validation in Video Analytics and Processing

Description: Memory corruption while processing API calls to NPU with invalid input.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-43050

Stack-based Buffer Overflow in WLAN Windows Host

Description: Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-43049

Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host

Description: Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-43048

Stack-based Buffer Overflow in Performance

Description: Memory corruption when invalid input is passed to invoke GPU Headroom API call.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-42322

ipvs: properly dereference pe in ip_vs_add_service

Description: In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-42158

s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings

Description: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770)

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-42157

s390/pkey: Wipe sensitive data on failure

Description: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.

CVSS: LOW (0.0)

EPSS Score: 0.04%

Source: CVE

December 3rd, 2024 (5 months ago)

CVE-2024-42156

s390/pkey: Wipe copies of clear-key structures on failure

Description: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.

CVSS: LOW (0.0)

EPSS Score: 0.05%

Source: CVE

December 3rd, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-44949	parisc: fix a possible DMA corruption Description: In the Linux kernel, the following vulnerability has been resolved: parisc: fix a possible DMA corruption ARCH_DMA_MINALIGN was defined as 16 - this is too small - it may be possible that two unrelated 16-byte allocations share a cache line. If one of these allocations is written using DMA and the other is written using cached write, the value that was written with DMA may be corrupted. This commit changes ARCH_DMA_MINALIGN to be 128 on PA20 and 32 on PA1.1 - that's the largest possible cache line size. As different parisc microarchitectures have different cache line size, we define arch_slab_minalign(), cache_line_size() and dma_get_cache_alignment() so that the kernel may tune slab cache parameters dynamically, based on the detected cache line size. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-43053	Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host Description: Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-43052	Improper Input Validation in Video Analytics and Processing Description: Memory corruption while processing API calls to NPU with invalid input. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-43050	Stack-based Buffer Overflow in WLAN Windows Host Description: Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-43049	Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN Windows Host Description: Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-43048	Stack-based Buffer Overflow in Performance Description: Memory corruption when invalid input is passed to invoke GPU Headroom API call. CVSS: HIGH (7.8) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-42322	ipvs: properly dereference pe in ip_vs_add_service Description: In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-42158	s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Description: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1506) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1643) WARNING opportunity for kfree_sensitive/kvfree_sensitive (line 1770) CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-42157	s390/pkey: Wipe sensitive data on failure Description: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. CVSS: LOW (0.0) EPSS Score: 0.04% Source: CVE December 3rd, 2024 (5 months ago)
CVE-2024-42156	s390/pkey: Wipe copies of clear-key structures on failure Description: In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. CVSS: LOW (0.0) EPSS Score: 0.05% Source: CVE December 3rd, 2024 (5 months ago)