{"id":"CLSA-2024-1728936982","summary":"kernel: Fix of 86 CVEs","details":"- drm/amd/pm: Fix negative array index read {CVE-2024-46821}\n- drm/amd/display: Check gpio_id before used as array index {CVE-2024-46818}\n- drm/amd/display: Check link_index before accessing dc-\u003elinks[] {CVE-2024-46813}\n- drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box {CVE-2024-46811}\n- Squashfs: sanity check symbolic link size {CVE-2024-46744}\n- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses {CVE-2024-46859}\n- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() {CVE-2024-40995}\n- net/sched: act_api: rely on rcu in tcf_idr_check_alloc {CVE-2024-40995}\n- netfilter: bridge: confirm multicast packets before passing them up the stack {CVE-2024-27415}\n- netfilter: let reset rules clean out conntrack entries {CVE-2024-27415}\n- mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray {CVE-2024-42243}\n- gpiolib: cdev: Fix use after free in lineinfo_changed_notify {CVE-2024-36899}\n- bpf, sockmap: Prevent lock inversion deadlock in map delete elem {CVE-2024-35895}\n- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t {CVE-2024-35895}\n- mm/huge_memory: don't unpoison huge_zero_folio {CVE-2024-40914}\n- cxgb4: fix use after free bugs caused by circular dependency problem {CVE-2023-4133}\n- timers: Restore ABI Compatibility with timer_delete Functions {CVE-2023-4133}\n- timers: Provide timer_shutdown[_sync]() {CVE-2023-4133}\n- timers: Add shutdown mechanism to the internal functions {CVE-2023-4133}\n- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode {CVE-2023-4133}\n- timers: Silently ignore timers with a NULL function {CVE-2023-4133}\n- timers: Rename del_timer() to timer_delete() {CVE-2023-4133}\n- timers: Rename del_timer_sync() to timer_delete_sync() {CVE-2023-4133}\n- timers: Use del_timer_sync() even on UP {CVE-2023-4133}\n- timers: Update kernel-doc for various functions {CVE-2023-4133}\n- timers: Replace BUG_ON()s {CVE-2023-4133}\n- timers: Get rid of del_singleshot_timer_sync() {CVE-2023-4133}\n- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function {CVE-2023-4133}\n- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function {CVE-2023-4133}\n- mm: avoid overflows in dirty throttling logic {CVE-2024-42131}\n- ring-buffer: Fix a race between readers and resize checks {CVE-2024-38601}\n- igc: avoid returning frame twice in XDP_REDIRECT {CVE-2024-26853}\n- igc: Avoid transmit queue timeout for XDP {CVE-2024-26853}\n- nfsd: fix RELEASE_LOCKOWNER {CVE-2024-26629}\n- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc {CVE-2023-52880}\n- nvmet: fix a possible leak when destroy a ctrl during qp establishment {CVE-2024-42152}\n- net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() {CVE-2024-42110}\n- x86: stop playing stack games in profile_pc() {CVE-2024-42096}\n- xdp: Remove WARN() from __xdp_reg_mem_model() {CVE-2024-42082}\n- NFSv4: Fix memory leak in nfs4_set_security_label {CVE-2024-41076}\n- ppp: reject claimed-as-LCP but actually malformed packets {CVE-2024-41044}\n- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). {CVE-2024-41041}\n- sched/deadline: Fix task_struct reference leak {CVE-2024-41023}\n- tipc: force a dst refcount before doing decryption {CVE-2024-40983}\n- scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978}\n- wifi: iwlwifi: mvm: don't read past the mfuart notifcation {CVE-2024-40941}\n- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929}\n- xhci: Handle TD clearing for multiple streams case {CVE-2024-40927}\n- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() {CVE-2024-40912}\n- wifi: cfg80211: Lock wiphy in cfg80211_get_station {CVE-2024-40911}\n- ipv6: fix possible race in __fib6_drop_pcpu_from() {CVE-2024-40905}\n- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING {CVE-2024-39476}\n- usb-storage: alauda: Check whether the media is initialized {CVE-2024-38619}\n- usb-storage: alauda: Fix uninit-value in alauda_check_media() {CVE-2024-38619}\n- crypto: bcm - Fix pointer arithmetic {CVE-2024-38579}\n- scsi: qedf: Ensure the copied buf is NUL terminated {CVE-2024-38559}\n- wifi: nl80211: don't free NULL coalescing rule {CVE-2024-36941}\n- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() {CVE-2024-36025}\n- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() {CVE-2024-35898}\n- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work {CVE-2024-35852}\n- wifi: iwlwifi: dbg-tlv: ensure NUL termination {CVE-2024-35845}\n- KVM: SVM: Flush pages under kvm-\u003elock to fix UAF in svm_register_enc_region() {CVE-2024-35791}\n- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes {CVE-2024-35789}\n- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work {CVE-2024-27052}\n- nfp: flower: handle acti_netdevs allocation failure {CVE-2024-27046}\n- octeontx2-af: Use separate handlers for interrupts {CVE-2024-27030}\n- netfilter: flowtable: validate pppoe header {CVE-2024-27016}\n- kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address {CVE-2024-26946}\n- scsi: qla2xxx: Fix command flush on cable pull {CVE-2024-26931}\n- net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() {CVE-2024-26855}\n- bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel {CVE-2024-26737}\n- Input: cyapa - add missing input core locking to suspend/resume functions {CVE-2023-52884}\n- bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself {CVE-2023-52735}\n- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() {CVE-2023-52651}\n- net: tap_open(): set sk_uid from current_fsuid() {CVE-2023-4194}\n- net: tun_chr_open(): set sk_uid from current_fsuid() {CVE-2023-4194}\n- seg6: fix the iif in the IPv6 socket control block {CVE-2021-47515}\n- tty: Fix out-of-bound vmalloc access in imageblit {CVE-2021-47383}\n- bnx2x: Fix multiple UBSAN array-index-out-of-bounds {CVE-2024-42148}\n- hwmon: (adc128d818) Fix underflows seen when writing limit attributes {CVE-2024-46759}\n- net: bridge: mst: fix vlan use-after-free {CVE-2024-36979}\n- stm class: Fix a double free in stm_register_device() {CVE-2024-38627}\n- wifi: mac80211: Avoid address calculations via out of bounds array indexing {CVE-2024-41071}\n- of/irq: Prevent device address out-of-bounds read in interrupt map walk {CVE-2024-46743}\n- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup {CVE-2024-46747}\n- drm/amdgpu: fix mc_data out-of-bounds read warning {CVE-2024-46722}\n- drm/amdgpu: Fix out-of-bounds write warning {CVE-2024-46725}\n- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number {CVE-2024-46724}\n- wifi: nl80211: Avoid address calculations via out of bounds array indexing {CVE-2024-38562}\n- wifi: nl80211: convert cfg80211_scan_request allocation to *_size macros {CVE-2024-38562}\n- overflow: Implement size_t saturating arithmetic helpers {CVE-2024-38562}\n- cdrom: rearrange last_media_change check to avoid unintentional overflow {CVE-2024-42136}\n- ftrace: Fix possible use-after-free issue in ftrace_location() {CVE-2024-38588}\n- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() {CVE-2024-38588}\n- drm/amdgpu: fix ucode out-of-bounds read warning {CVE-2024-46723}\n- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() {CVE-2024-46738}\n- sch/netem: fix use after free in netem_dequeue {CVE-2024-46800}\n- firmware: cs_dsp: Fix overflow checking of wmfw header {CVE-2024-41039}\n- hwmon: (lm95234) Fix underflows seen when writing limit attributes {CVE-2024-46758}\n- HID: amd_sfh: free driver_data after destroying hid device {CVE-2024-46746}\n- xfs: don't walk off the end of a directory data block {CVE-2024-41013}\n- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes {CVE-2024-46756}\n- tunnels: fix out of bounds access when building IPv6 PMTU error {CVE-2024-26665}\n- hwmon: (nct6775-core) Fix underflows seen when writing limit attributes {CVE-2024-46757}\n- drm/amd/pm: fix the Out-of-bounds read warning {CVE-2024-46731}\n- drm/amdgpu/mes: fix mes ring buffer overflow {CVE-2024-46700}\n- exec: Fix ToCToU between perm check and set-uid/gid usage {CVE-2024-43882}\n- PCI/MSI: Fix UAF in msi_capability_init {CVE-2024-41096}","modified":"2026-05-29T01:36:58.497392520Z","published":"2024-10-14T20:16:26Z","upstream":["CVE-2021-47383","CVE-2021-47515","CVE-2023-4133","CVE-2023-4194","CVE-2023-52651","CVE-2023-52735","CVE-2023-52880","CVE-2023-52884","CVE-2024-26629","CVE-2024-26665","CVE-2024-26737","CVE-2024-26853","CVE-2024-26855","CVE-2024-26931","CVE-2024-26946","CVE-2024-27016","CVE-2024-27030","CVE-2024-27046","CVE-2024-27052","CVE-2024-27415","CVE-2024-35789","CVE-2024-35791","CVE-2024-35845","CVE-2024-35852","CVE-2024-35895","CVE-2024-35898","CVE-2024-36025","CVE-2024-36899","CVE-2024-36941","CVE-2024-36979","CVE-2024-38559","CVE-2024-38562","CVE-2024-38579","CVE-2024-38588","CVE-2024-38601","CVE-2024-38619","CVE-2024-38627","CVE-2024-39476","CVE-2024-40905","CVE-2024-40911","CVE-2024-40912","CVE-2024-40914","CVE-2024-40927","CVE-2024-40929","CVE-2024-40941","CVE-2024-40978","CVE-2024-40983","CVE-2024-40995","CVE-2024-41013","CVE-2024-41023","CVE-2024-41039","CVE-2024-41041","CVE-2024-41044","CVE-2024-41071","CVE-2024-41076","CVE-2024-41096","CVE-2024-42082","CVE-2024-42096","CVE-2024-42110","CVE-2024-42131","CVE-2024-42136","CVE-2024-42148","CVE-2024-42152","CVE-2024-42243","CVE-2024-43882","CVE-2024-46700","CVE-2024-46722","CVE-2024-46723","CVE-2024-46724","CVE-2024-46725","CVE-2024-46731","CVE-2024-46738","CVE-2024-46743","CVE-2024-46744","CVE-2024-46746","CVE-2024-46747","CVE-2024-46756","CVE-2024-46757","CVE-2024-46758","CVE-2024-46759","CVE-2024-46800","CVE-2024-46811","CVE-2024-46813","CVE-2024-46818","CVE-2024-46821","CVE-2024-46859"],"references":[{"type":"ADVISORY","url":"https://errata.tuxcare.com/almalinux9.2-esu/CLSA-2024-1728936982.html"}],"schema_version":"1.7.5"}