CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56597 – jfs: fix shift-out-of-bounds in dbSplit
https://notcve.org/view.php?id=CVE-2024-56597
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself. • https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56596 – jfs: fix array-index-out-of-bounds in jfs_readdir
https://notcve.org/view.php?id=CVE-2024-56596
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case. • https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56595 – jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
https://notcve.org/view.php?id=CVE-2024-56595
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out. • https://git.kernel.org/stable/c/b15000bcbecf27e0f7c0f149a409e5b865e28ca2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56594 – drm/amdgpu: set the right AMDGPU sg segment limitation
https://notcve.org/view.php?id=CVE-2024-56594
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length as following: WARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370 [ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helpe... • https://git.kernel.org/stable/c/b5807a08954fdf914ef80b49aaa6cda965ecc95c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56593 – wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
https://notcve.org/view.php?id=CVE-2024-56593
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. The problem is the number of entries in the pre-allocated sgtable, it is nents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1. Given the default [rt]... • https://git.kernel.org/stable/c/342f87d263462c2670b77ea9a32074cab2ac6fa1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56592 – bpf: Call free_htab_elem() after htab_unlock_bucket()
https://notcve.org/view.php?id=CVE-2024-56592
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Call free_htab_elem() after htab_unlock_bucket() For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpf_map_fd_put_ptr() will invoke bpf_map_free_id() to free the id of the removed map element. However, bpf_map_fd_put_ptr() is invoked while holding a bucket lock (raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock (spinlock_t), triggering the following lockdep warn... • https://git.kernel.org/stable/c/10e8a2dec9ff1b81de8e892b0850924038adbc6d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56591 – Bluetooth: hci_conn: Use disable_delayed_work_sync
https://notcve.org/view.php?id=CVE-2024-56591
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Use disable_delayed_work_sync This makes use of disable_delayed_work_sync instead cancel_delayed_work_sync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding the work is about to be freed. • https://git.kernel.org/stable/c/c55a4c5a04bae40dcdc1e1c19d8eb79a06fb3397 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56590 – Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet
https://notcve.org/view.php?id=CVE-2024-56590
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet This fixes not checking if skb really contains an ACL header otherwise the code may attempt to access some uninitilized/invalid memory past the valid skb->data. • https://git.kernel.org/stable/c/219960a48771b35a3857a491b955c31d6c33d581 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56589 – scsi: hisi_sas: Add cond_resched() for no forced preemption model
https://notcve.org/view.php?id=CVE-2024-56589
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0x... • https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56588 – scsi: hisi_sas: Create all dump files during debugfs initialization
https://notcve.org/view.php?id=CVE-2024-56588
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to display the saved information. In this process, the debugfs files created after each dump. Therefore, when the dump is triggered while the driver is unbind, the following hang occurs: [67840.853907] Unable to handle... • https://git.kernel.org/stable/c/6c55f99123075e5429850b41b06f7dfffcb708eb •