Lista CVE 2024/27xxx

CVE nel gruppo: 27xxx

CVE-2024-27040 (N/A)

CVE-2024-27041 (drm/amd/display: Add ‘replay’ NULL check in ‘edp_set_replay_allow_active()’)

CVE-2024-27042 (drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini())

CVE-2024-27043 (drm/amdgpu: Fix potential out-of-bounds access in ‘amdgpu_discovery_reg_base_init()’)

CVE-2024-27044 (media: edia: dvbdev: fix a use-after-free)

CVE-2024-27045 (drm/amd/display: Fix potential NULL pointer dereferences in ‘dcn10_set_output_transfer_func()’)

CVE-2024-27046 (drm/amd/display: Fix a potential buffer overflow in ‘dp_dsc_clock_en_read()’)

CVE-2024-27047 (nfp: flower: handle acti_netdevs allocation failure)

CVE-2024-27048 (net: phy: fix phy_get_internal_delay accessing an empty array)

CVE-2024-27049 (wifi: brcm80211: handle pmk_op allocation failure)

CVE-2024-27050 (wifi: mt76: mt7925e: fix use-after-free in free_irq())

CVE-2024-27051 (libbpf: Use OPTS_SET() macro in bpf_xdp_query())

CVE-2024-27052 (cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get’s return value)

CVE-2024-27053 (wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work)

CVE-2024-27054 (wifi: wilc1000: fix RCU usage in connect path)

CVE-2024-27055 (s390/dasd: fix double module refcount decrement)

CVE-2024-27056 (N/A)

CVE-2024-27057 (wifi: iwlwifi: mvm: ensure offloading TID queue exists)

CVE-2024-27058 (ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend)

CVE-2024-27059 (tmpfs: fix race on handling dquot rbtree)

CVE-2024-27060 (USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command)

CVE-2024-27061 (thunderbolt: Fix NULL pointer dereference in tb_port_update_credits())

CVE-2024-27062 (crypto: sun8i-ce – Fix use after free in unprepare)

CVE-2024-27063 (nouveau: lock the client object tree.)

CVE-2024-27064 (leds: trigger: netdev: Fix kernel panic on interface rename trig notify)

CVE-2024-27065 (netfilter: nf_tables: Fix a memory leak in nf_tables_updchain)

CVE-2024-27066 (netfilter: nf_tables: do not compare internal table flags on updates)

CVE-2024-27067 (virtio: packed: fix unmap leak for indirect desc table)

CVE-2024-27068 (xen/evtchn: avoid WARN() when unbinding an event channel)

CVE-2024-27069 (thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path)

CVE-2024-27070 (ovl: relax WARN_ON in ovl_verify_area())

CVE-2024-27071 (f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault)

CVE-2024-27072 (backlight: hx8357: Fix potential NULL pointer dereference)

CVE-2024-27073 (media: usbtv: Remove useless locks in usbtv_video_free())

CVE-2024-27074 (media: ttpci: fix two memleaks in budget_av_attach)

CVE-2024-27075 (media: go7007: fix a memleak in go7007_load_encoder)

CVE-2024-27076 (media: dvb-frontends: avoid stack overflow warnings with clang)

CVE-2024-27077 (media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak)

CVE-2024-27078 (media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity)

CVE-2024-27079 (media: v4l2-tpg: fix some memleaks in tpg_alloc)

CVE-2024-27080 (iommu/vt-d: Fix NULL domain on device release)

CVE-2024-27081 (btrfs: fix race when detecting delalloc ranges during fiemap)

CVE-2024-27082 (ESPHome remote code execution via arbitrary file write)

CVE-2024-27083 (Cacti Cross-site Scripting vulnerability when managing trees)

CVE-2024-27084 (Flask-AppBuilder’s OAuth login page subject to Cross Site Scripting (XSS))

CVE-2024-27085 (N/A)

CVE-2024-27086 (Denial of service through invites in Discourse)

CVE-2024-27087 (MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service)

CVE-2024-27088 (Kirby cross-site scripting (XSS) in the link field “Custom” type)

CVE-2024-27089 (es5-ext Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`)

CVE-2024-27090 (N/A)

CVE-2024-27091 (Decidim vulnerable to data disclosure through the embed feature)

CVE-2024-27092 (GeoNode stored XSS to full account takeover)

CVE-2024-27093 (Content spoofing – real Hoppscotch emails)

CVE-2024-27094 (Minder trusts client-provided mapping from repo name to upstream ID)

CVE-2024-27095 (OpenZeppelin Contracts base64 encoding may read from potentially dirty memory)

CVE-2024-27096 (Decidim cross-site scripting (XSS) in the admin panel)

CVE-2024-27097 (SQL Injection in through the search engine)

CVE-2024-27098 (Potential log injection in reset user endpoint in ckan)

CVE-2024-27099 (Blind Server-Side Request Forgery (SSRF) using Arbitrary Object Instantiation in GLPI)