CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56614 – xsk: fix OOB map writes when deleting elements
https://notcve.org/view.php?id=CVE-2024-56614
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xsk_map_delete_elem function an unsigned integer (map->max_entries) is compared with a user-controlled signed integer (k). Due to implicit type conversion, a large unsigned value for map->max_entries can bypass the intended bounds check: if (k >= map->max_entries) return -EINVAL; This allows k to hold a negative value (between -2147483648 and -2), which is then used... • https://git.kernel.org/stable/c/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56613 – sched/numa: fix memory leak due to the overwritten vma->numab_state
https://notcve.org/view.php?id=CVE-2024-56613
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bin/hackbench 20 thread 1000 Running with 20*40 (== 800) tasks. # dmesg | grep kmemleak ... kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 665 new suspected memory leaks (see /sys/kernel... • https://git.kernel.org/stable/c/ef6a22b70f6d90449a5c797b8968a682824e2011 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56611 – mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
https://notcve.org/view.php?id=CVE-2024-56611
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-... • https://git.kernel.org/stable/c/39743889aaf76725152f16aa90ca3c45f6d52da3 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56610 – kcsan: Turn report_filterlist_lock into a raw_spinlock
https://notcve.org/view.php?id=CVE-2024-56610
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hard... • https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56609 – wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
https://notcve.org/view.php?id=CVE-2024-56609
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb When removing kernel modules by: rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core Driver uses skb_queue_purge() to purge TX skb, but not report tx status causing "Have pending ack frames!" warning. Use ieee80211_purge_tx_queue() to correct this. Since ieee80211_purge_tx_queue() doesn't take locks, to prevent racing between TX work and purge TX queue, flush an... • https://git.kernel.org/stable/c/9bca6528f20325d30c22236b23116f161d418f6d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56608 – drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
https://notcve.org/view.php?id=CVE-2024-56608
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index i... • https://git.kernel.org/stable/c/f01ddd589e162979421e6914b1c74018633f01e0 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56607 – wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
https://notcve.org/view.php?id=CVE-2024-56607
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context error, see below. Fix that by switching to use recently introduced ieee80211_iterate_stations_mtx(). Do note that WCN6855 firmware is still crashing, I'm not sure if that firmware even supports bitrate WMI commands and should we consider disabling ath12k_mac_op_se... • https://git.kernel.org/stable/c/2093f062b26805789b73f2af214691475d9baa29 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56606 – af_packet: avoid erroring out after sock_init_data() in packet_create()
https://notcve.org/view.php?id=CVE-2024-56606
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. • https://git.kernel.org/stable/c/71b22837a5e55ac27d6a14b9cdf2326587405c4f •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56605 – Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
https://notcve.org/view.php?id=CVE-2024-56605
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. • https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56604 – Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
https://notcve.org/view.php?id=CVE-2024-56604
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). • https://git.kernel.org/stable/c/ac3eaac4cf142a15fe67be747a682b1416efeb6e •