CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57899 – wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-57899
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adju... • https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57898 – wifi: cfg80211: clear link ID from bitmap during link delete after clean up
https://notcve.org/view.php?id=CVE-2024-57898
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() i... • https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57897 – drm/amdkfd: Correct the migration DMA map direction
https://notcve.org/view.php?id=CVE-2024-57897
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 -45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/. As there's no dma_sync_sing... • https://git.kernel.org/stable/c/22d36ad92e5703e2e9bdf228990c0999d5d53ea3 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57896 – btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
https://notcve.org/view.php?id=CVE-2024-57896
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput... • https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57894 – Bluetooth: hci_core: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2024-57894
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix sleeping function called from invalid context This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5070, name: kworker/u9:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u9:2/5070: #0: ffff888015be3948 ((wq_... • https://git.kernel.org/stable/c/028a68886ead0764f4b26adfcaebf9f1955e76ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57893 – ALSA: seq: oss: Fix races at processing SysEx messages
https://notcve.org/view.php?id=CVE-2024-57893
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. En el kernel de Linux, se ha resuelto la si... • https://git.kernel.org/stable/c/cff1de87ed14fc0f2332213d2367100e7ad0753a •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57890 – RDMA/uverbs: Prevent integer overflow issue
https://notcve.org/view.php?id=CVE-2024-57890
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two... • https://git.kernel.org/stable/c/67cdb40ca444c09853ab4d8a41cf547ac26a4de4 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57875 – block: RCU protect disk->conv_zones_bitmap
https://notcve.org/view.php?id=CVE-2024-57875
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace... • https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57850 – jffs2: Prevent rtime decompress memory corruption
https://notcve.org/view.php?id=CVE-2024-57850
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompre... • https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5 •