CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53146 – NFSD: Prevent a potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53146
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. • https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53145 – um: Fix potential integer overflow during physmem setup
https://notcve.org/view.php?id=CVE-2024-53145
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. • https://git.kernel.org/stable/c/fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53241 – x86/xen: don't do PV iret hypercall through hypercall page
https://notcve.org/view.php?id=CVE-2024-53241
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/xen: no r... • https://git.kernel.org/stable/c/05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53240 – xen/netfront: fix crash when removing device
https://notcve.org/view.php?id=CVE-2024-53240
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/netfront: se corrige... • https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2024-53144 – Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
https://notcve.org/view.php?id=CVE-2024-53144
17 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 • https://git.kernel.org/stable/c/ba15a58b179ed76a7e887177f2b06de12c58ec8f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53142 – initramfs: avoid filename buffer overrun
https://notcve.org/view.php?id=CVE-2024-53142
06 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Leng... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53141 – netfilter: ipset: add missing range check in bitmap_ip_uadt
https://notcve.org/view.php?id=CVE-2024-53141
06 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. • https://git.kernel.org/stable/c/72205fc68bd13109576aa6c4c12c740962d28a6c •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-53140 – netlink: terminate outstanding dump on socket close
https://notcve.org/view.php?id=CVE-2024-53140
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual dump helper, keeps getting called until it returns 0 - done - (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don't actually happen in a tight loop, but rathe... • https://git.kernel.org/stable/c/ed5d7788a934a4b6d6d025e948ed4da496b4f12e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53138 – net/mlx5e: kTLS, Fix incorrect page refcounting
https://notcve.org/view.php?id=CVE-2024-53138
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used. This is an issue when using pages from large folios: the get_page() references are stored on the folio page while the page_ref_inc() references are stored directly in the given page. On rel... • https://git.kernel.org/stable/c/84d1bb2b139e0184b1754aa1b5776186b475fce8 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53136 – mm: revert "mm: shmem: fix data-race in shmem_getattr()"
https://notcve.org/view.php?id=CVE-2024-53136
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: revert "mm: shmem: fix data-race in s... • https://git.kernel.org/stable/c/9fb9703cd43ee20a6de8ccdef991677b7274cec0 •