CVE-2024-43833 – media: v4l: async: Fix NULL pointer dereference in adding ancillary links
https://notcve.org/view.php?id=CVE-2024-43833
In the Linux kernel, the following vulnerability has been resolved: media: v4l: async: Fix NULL pointer dereference in adding ancillary links In v4l2_async_create_ancillary_links(), ancillary links are created for lens and flash sub-devices. These are sub-device to sub-device links and if the async notifier is related to a V4L2 device, the source sub-device of the ancillary link is NULL, leading to a NULL pointer dereference. Check the notifier's sd field is non-NULL in v4l2_async_create_ancillary_links(). [Sakari Ailus: Reword the subject and commit messages slightly.] • https://git.kernel.org/stable/c/aa4faf6eb27132532d5a133d9241254c16d4bafa https://git.kernel.org/stable/c/fe0f92fd5320b393e44ca210805e653ea90cc982 https://git.kernel.org/stable/c/249212ceb4187783af3801c57b92a5a25d410621 https://git.kernel.org/stable/c/b87e28050d9b0959de24574d587825cfab2f13fb https://git.kernel.org/stable/c/9b4667ea67854f0b116fe22ad11ef5628c5b5b5f •
CVE-2024-43832 – s390/uv: Don't call folio_wait_writeback() without a folio reference
https://notcve.org/view.php?id=CVE-2024-43832
In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After we dropped the PTL, the folio could get freed concurrently. So grab a temporary reference. • https://git.kernel.org/stable/c/214d9bbcd3a67230b932f6cea83c078ab34d9e70 https://git.kernel.org/stable/c/1a1eb2f3fc453dcd52726d13e863938561489cb7 https://git.kernel.org/stable/c/8736604ef53359a718c246087cd21dcec232d2fb https://git.kernel.org/stable/c/b21aba72aadd94bdac275deab021fc84d6c72b16 https://git.kernel.org/stable/c/3f29f6537f54d74e64bac0a390fb2e26da25800d •
CVE-2024-43831 – media: mediatek: vcodec: Handle invalid decoder vsi
https://notcve.org/view.php?id=CVE-2024-43831
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. • https://git.kernel.org/stable/c/590577a4e5257ac3ed72999a94666ad6ba8f24bc https://git.kernel.org/stable/c/1c109f23b271a02b9bb195c173fab41e3285a8db https://git.kernel.org/stable/c/cdf05ae76198c513836bde4eb55f099c44773280 https://git.kernel.org/stable/c/59d438f8e02ca641c58d77e1feffa000ff809e9f •
CVE-2024-43830 – leds: trigger: Unregister sysfs attributes before calling deactivate()
https://notcve.org/view.php?id=CVE-2024-43830
In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate() Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate() callback and freed by the deactivate() callback. Calling device_remove_groups() after calling deactivate() leaves a window where the sysfs attributes show/store functions could be called after deactivation and then operate on the just freed trigger-data. Move the device_remove_groups() call to before deactivate() to close this race window. This also makes the deactivation path properly do things in reverse order of the activation path which calls the activate() callback before calling device_add_groups(). • https://git.kernel.org/stable/c/a7e7a3156300a7e1982b03cc9cb8fb0c86434c49 https://git.kernel.org/stable/c/c3b7a650c8717aa89df318364609c86cbc040156 https://git.kernel.org/stable/c/d1415125b701ef13370e2761f691ec632a5eb93a https://git.kernel.org/stable/c/09c1583f0e10c918855d6e7540a79461a353e5d6 https://git.kernel.org/stable/c/3fb6a9d67cfd812a547ac73ec02e1077c26c640d https://git.kernel.org/stable/c/734ba6437e80dfc780e9ee9d95f912392d12b5ea https://git.kernel.org/stable/c/cb8aa9d2a4c8a15d6a43ccf901ef3d094aa60374 https://git.kernel.org/stable/c/0788a6f3523d3686a9eed5ea1e6fcce68 • CWE-416: Use After Free •
CVE-2024-43829 – drm/qxl: Add check for drm_cvt_mode
https://notcve.org/view.php?id=CVE-2024-43829
In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference. • https://git.kernel.org/stable/c/1b043677d4be206c96b51811855502e50057f343 https://git.kernel.org/stable/c/62ef8d7816c8e4a6088275553818b9afc0ffaa03 https://git.kernel.org/stable/c/4e87f592a46bb804d8f833da6ce702ae4b55053f https://git.kernel.org/stable/c/3efe34f95b1ac8c138a46b14ce75956db0d6ee7c https://git.kernel.org/stable/c/f28b353c0c6c7831a70ccca881bf2db5e6785cdd https://git.kernel.org/stable/c/4b1f303bdeceac049e56e4b20eb5280bd9e02f4f https://git.kernel.org/stable/c/d4c57354a06cb4a77998ff8aa40af89eee30e07b https://git.kernel.org/stable/c/7bd09a2db0f617377027a2bb0b9179e69 •