CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0NotCVE-2024-0001 – Linux ASLR Weakness: Improper Bit-Mask Manipulation Reducing mmap Entropy by Half
https://notcve.org/view.php?id=NotCVE-2024-0001
03 Jan 2025 — A flaw in the Linux kernel's Address Space Layout Randomization (ASLR) implementation affects certain architectures, including PowerPC, Sparc64, and ARM. Due to improper bit-mask manipulation during the randomization of the mmap base address, the entropy is reduced by half, decreasing from 18 bits to 17 bits. This reduction significantly lowers the effectiveness of ASLR, making it easier for attackers to predict memory allocation and potentially exploit vulnerabilities that rely on memory address randomizat... • https://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html • CWE-331: Insufficient Entropy •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57946 – virtio-blk: don't keep queue frozen during system suspend
https://notcve.org/view.php?id=CVE-2024-57946
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer's queue freeze looks very handy, but it is also easy to cause deadlock, such as, any attempt to call into bio_queue_enter() may run into deadlock if t... • https://git.kernel.org/stable/c/d738f3215bb4f88911ff4579780a44960c8e0ca5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57924 – fs: relax assertions on failure to encode file handles
https://notcve.org/view.php?id=CVE-2024-57924
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encod... • https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57922 – drm/amd/display: Add check for granularity in dml ceil/floor helpers
https://notcve.org/view.php?id=CVE-2024-57922
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granu... • https://git.kernel.org/stable/c/f3d1e4062ef251fa55ccfeca1e54a98b6818b3a1 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57915 – usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
https://notcve.org/view.php?id=CVE-2024-57915
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Considering that in some extreme cases, when performing the unbinding operation, gserial_disconnect has cleared gser->ioport, which triggers gadget reconfiguration, and then calls gs_read_complete, resulting in access to a null pointer. Therefore, ep is disabled before gserial_disconnect sets port to null to prevent this from happening. ... • https://git.kernel.org/stable/c/c1dca562be8ada614ef193aa246c6f8705bcd6b9 •
CVSS: 6.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57913 – usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
https://notcve.org/view.php?id=CVE-2024-57913
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->ga... • https://git.kernel.org/stable/c/ddf8abd2599491cbad959c700b90ba72a5dce8d0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21653 – net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
https://notcve.org/view.php?id=CVE-2025-21653
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/e5dfb815181fcb186d6080ac3a091eadff2d98fe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57899 – wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-57899
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adju... • https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57898 – wifi: cfg80211: clear link ID from bitmap during link delete after clean up
https://notcve.org/view.php?id=CVE-2024-57898
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() i... • https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd •