CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56621 – scsi: ufs: core: Cancel RTC work during ufshcd_remove()
https://notcve.org/view.php?id=CVE-2024-56621
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call... • https://git.kernel.org/stable/c/6bf999e0eb41850d5c857102535d5c53b2ede224 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56620 – scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
https://notcve.org/view.php?id=CVE-2024-56620
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x5... • https://git.kernel.org/stable/c/519b6274a7775f5fe00a086f189efb8f063467d1 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56619 – nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
https://notcve.org/view.php?id=CVE-2024-56619
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of dire... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56617 – cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
https://notcve.org/view.php?id=CVE-2024-56617
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed. If the early build ... • https://git.kernel.org/stable/c/6539cffa94957241c096099a57d05fa4d8c7db8a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56616 – drm/dp_mst: Fix MST sideband message body length check
https://notcve.org/view.php?id=CVE-2024-56616
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corru... • https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56615 – bpf: fix OOB devmap writes when deleting elements
https://notcve.org/view.php?id=CVE-2024-56615
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as changing the type from int to u32, however, when compared to XSKMAP case, one more thing needs to be addressed. When map is released from system via dev_map_free(), we iterate through all of the entries and an ite... • https://git.kernel.org/stable/c/546ac1ffb70d25b56c1126940e5ec639c4dd7413 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56614 – xsk: fix OOB map writes when deleting elements
https://notcve.org/view.php?id=CVE-2024-56614
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xsk_map_delete_elem function an unsigned integer (map->max_entries) is compared with a user-controlled signed integer (k). Due to implicit type conversion, a large unsigned value for map->max_entries can bypass the intended bounds check: if (k >= map->max_entries) return -EINVAL; This allows k to hold a negative value (between -2147483648 and -2), which is then used... • https://git.kernel.org/stable/c/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56613 – sched/numa: fix memory leak due to the overwritten vma->numab_state
https://notcve.org/view.php?id=CVE-2024-56613
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bin/hackbench 20 thread 1000 Running with 20*40 (== 800) tasks. # dmesg | grep kmemleak ... kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 665 new suspected memory leaks (see /sys/kernel... • https://git.kernel.org/stable/c/ef6a22b70f6d90449a5c797b8968a682824e2011 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56611 – mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM
https://notcve.org/view.php?id=CVE-2024-56611
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-... • https://git.kernel.org/stable/c/39743889aaf76725152f16aa90ca3c45f6d52da3 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56610 – kcsan: Turn report_filterlist_lock into a raw_spinlock
https://notcve.org/view.php?id=CVE-2024-56610
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hard... • https://git.kernel.org/stable/c/f4f2ef66d288ea796ddb8ecbdc2df074ab2d5f4d •