CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57872 – scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
https://notcve.org/view.php?id=CVE-2024-57872
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memo... • https://git.kernel.org/stable/c/03b1781aa978aab345b5a85d8596f8615281ba89 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57850 – jffs2: Prevent rtime decompress memory corruption
https://notcve.org/view.php?id=CVE-2024-57850
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompre... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53690 – nilfs2: prevent use of deleted inode
https://notcve.org/view.php?id=CVE-2024-53690
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trig... • https://git.kernel.org/stable/c/d25006523d0b9e49fd097b2e974e7c8c05bd7f54 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53685 – ceph: give up on paths longer than PATH_MAX
https://notcve.org/view.php?id=CVE-2024-53685
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and... • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54683 – netfilter: IDLETIMER: Fix for possible ABBA deadlock
https://notcve.org/view.php?id=CVE-2024-54683
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== | WARNING: possible circular locking dependency detected | 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted | ------------------------------------------------------ | iptables/3303 is trying to acquire lock: | fff... • https://git.kernel.org/stable/c/0902b469bd25065aa0688c3cee6f11744c817e7c • CWE-667: Improper Locking •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53680 – ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
https://notcve.org/view.php?id=CVE-2024-53680
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time: vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6() At run... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-457: Use of Uninitialized Variable •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52332 – igb: Fix potential invalid memory access in igb_init_module()
https://notcve.org/view.php?id=CVE-2024-52332
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access. In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when th... • https://git.kernel.org/stable/c/bbd98fe48a43464b4a044bc4cbeefad284d6aa80 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-50051 – spi: mpc52xx: Add cancel_work_sync before module remove
https://notcve.org/view.php?id=CVE-2024-50051
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove. In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx... • https://git.kernel.org/stable/c/ca632f556697d45d67ed5cada7cedf3ddfe0db4b • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47809 – dlm: fix possible lkb_resource null dereference
https://notcve.org/view.php?id=CVE-2024-47809
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way a... • https://git.kernel.org/stable/c/43279e5376017c40b4be9af5bc79cbb4ef6f53d7 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47143 – dma-debug: fix a possible deadlock on radix_lock
https://notcve.org/view.php?id=CVE-2024-47143
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one ... • https://git.kernel.org/stable/c/0abdd7a81b7e3fd781d7fabcca49501852bba17e • CWE-667: Improper Locking •