CVE-2024-56575 – media: imx-jpeg: Ensure power suppliers be suspended before detach them
https://notcve.org/view.php?id=CVE-2024-56575
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, dev_pm_domain_detach() requires the caller to ensure proper synchronization of this function with power management callbacks. otherwise the detach may led to kernel panic, like below: [ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 1457.116777] Mem a... • https://git.kernel.org/stable/c/2db16c6ed72ce644d5639b3ed15e5817442db4ba •
CVE-2024-56574 – media: ts2020: fix null-ptr-deref in ts2020_probe()
https://notcve.org/view.php?id=CVE-2024-56574
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000a... • https://git.kernel.org/stable/c/dc245a5f9b5163511e0c164c8aa47848f07b75a9 •
CVE-2024-56572 – media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()
https://notcve.org/view.php?id=CVE-2024-56572
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer when allegro_alloc_buffer fails. In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop sho... • https://git.kernel.org/stable/c/f20387dfd065693ba7ea2788a2f893bf653c9cb8 •
CVE-2024-56571 – media: uvcvideo: Require entities to have a non-zero unique ID
https://notcve.org/view.php?id=CVE-2024-56571
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or a... • https://git.kernel.org/stable/c/a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b •
CVE-2024-56570 – ovl: Filter invalid inodes with missing lookup function
https://notcve.org/view.php?id=CVE-2024-56570
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() fun... • https://git.kernel.org/stable/c/f9248e2f73fb4afe08324485e98c815ac084d166 •
CVE-2024-56569 – ftrace: Fix regression with module command in stack_trace_filter
https://notcve.org/view.php?id=CVE-2024-56569
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. In the Linux ke... • https://git.kernel.org/stable/c/04ec7bb642b77374b53731b795b5654b5aff1c00 •
CVE-2024-56568 – iommu/arm-smmu: Defer probe of clients after smmu device bound
https://notcve.org/view.php?id=CVE-2024-56568
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_devi... • https://git.kernel.org/stable/c/021bb8420d44cf56102d44fca9af628625e75482 •
CVE-2024-56567 – ad7780: fix division by zero in ad7780_write_raw()
https://notcve.org/view.php?id=CVE-2024-56567
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero. In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw(... • https://git.kernel.org/stable/c/9085daa4abcc3a1c19ae4eb00e609842ef28275a •
CVE-2024-56566 – mm/slub: Avoid list corruption when removing a slab from the full list
https://notcve.org/view.php?id=CVE-2024-56566
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a... • https://git.kernel.org/stable/c/643b113849d8faa68c9f01c3c9d929bfbffd50bd •
CVE-2024-56565 – f2fs: fix to drop all discards after creating snapshot on lvm device
https://notcve.org/view.php?id=CVE-2024-56565
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can ... • https://git.kernel.org/stable/c/35ec7d5748849762008e8ae9f8ad2766229d5794 •