CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56787 – soc: imx8m: Probe the SoC driver as platform driver
https://notcve.org/view.php?id=CVE-2024-56787
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock driver is not yet probed. This was not detected during regular testing without driver_async_probe. Convert the SoC code to platform driver and instantiate a platform device i... • https://git.kernel.org/stable/c/e497edb8f31ec2c2b6f4ce930e175aa2da8be334 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56786 – bpf: put bpf_link's program when link is safe to be deallocated
https://notcve.org/view.php?id=CVE-2024-56786
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link's program when link is safe to be deallocated In general, BPF link's underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain, and, pessimistically, we have to assume that as long as link's memory is not safe to free, attach hook's code might hold a pointer to BPF program and use it. As such, it's not (generally) correct to put link's program early before waiting for RCU GPs to ... • https://git.kernel.org/stable/c/5fe23c57abadfd46a7a66e81f3536e4757252a0b •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56785 – MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a
https://notcve.org/view.php?id=CVE-2024-56785
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips... • https://git.kernel.org/stable/c/5a2eaa3ad2b803c7ea442c6db7379466ee73c024 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56784 – drm/amd/display: Adding array index check to prevent memory corruption
https://notcve.org/view.php?id=CVE-2024-56784
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays ... • https://git.kernel.org/stable/c/dff526dc3e27f5484f5ba11471b9fbbe681467f2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56782 – ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
https://notcve.org/view.php?id=CVE-2024-56782
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL, dereferencing it unconditional. Add a check for adev being NULL before calling acpi_dev_hid_match(). At the moment acpi_quirk_skip_serdev_enumeration() is never called with a controller_parent without an ACPI companion, but better safe than sorry. In the Linux kernel, the following vulnerability has been resolved: ACP... • https://git.kernel.org/stable/c/e173bce05f7032a8b4964cfef82a4b7668f5f3af •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56781 – powerpc/prom_init: Fixup missing powermac #size-cells
https://notcve.org/view.php?id=CVE-2024-56781
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/prom_init: Fixup missing powermac #size-cells On some powermacs `escc` nodes are missing `#size-cells` properties, which is deprecated and now triggers a warning at boot since commit 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling"). For example: Missing '#size-cells' in /pci@f2000000/mac-io@c/escc@13000 WARNING: CPU: 0 PID: 0 at drivers/of/base.c:133 of_bus_n_size_cells+0x98/0x108 Hardware name: PowerMac3,... • https://git.kernel.org/stable/c/0b94d838018fb0a824e0cd3149034928c99fb1b7 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56779 – nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur
https://notcve.org/view.php?id=CVE-2024-56779
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server. NFS CLIENT thread1 thread2 open("file") ... nfs4_do_open _nfs4_do_open _nfs4_open_and_get_state _nfs4_proc_open nfs4_run_open_task /* rpc_t... • https://git.kernel.org/stable/c/a85364f0d30dee01c5d5b4afa55a9629a8f36d8e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56775 – drm/amd/display: Fix handling of plane refcount
https://notcve.org/view.php?id=CVE-2024-56775
08 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane changes in between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states... • https://git.kernel.org/stable/c/8cb2f6793845f135b28361ba8e96901cae3e5790 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56769 – media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
https://notcve.org/view.php?id=CVE-2024-56769
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bu... • https://git.kernel.org/stable/c/74340b0a8bc60b400c7e5fe4950303aa6f914d16 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56763 – tracing: Prevent bad count for tracing_cpumask_write
https://notcve.org/view.php?id=CVE-2024-56763
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing: Evitar recuento incorrecto para tracing_cpumask_write Si se proporciona un recuento alto, se activará una advertencia en bitmap_parse_user. También verifique que esté a cero. In the Linux kernel, the following vul... • https://git.kernel.org/stable/c/9e01c1b74c9531e301c900edaa92a99fcb7738f2 •