CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56609 – wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb
https://notcve.org/view.php?id=CVE-2024-56609
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb When removing kernel modules by: rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core Driver uses skb_queue_purge() to purge TX skb, but not report tx status causing "Have pending ack frames!" warning. Use ieee80211_purge_tx_queue() to correct this. Since ieee80211_purge_tx_queue() doesn't take locks, to prevent racing between TX work and purge TX queue, flush an... • https://git.kernel.org/stable/c/9bca6528f20325d30c22236b23116f161d418f6d •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56608 – drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
https://notcve.org/view.php?id=CVE-2024-56608
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index i... • https://git.kernel.org/stable/c/f01ddd589e162979421e6914b1c74018633f01e0 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56607 – wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask()
https://notcve.org/view.php?id=CVE-2024-56607
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context error, see below. Fix that by switching to use recently introduced ieee80211_iterate_stations_mtx(). Do note that WCN6855 firmware is still crashing, I'm not sure if that firmware even supports bitrate WMI commands and should we consider disabling ath12k_mac_op_se... • https://git.kernel.org/stable/c/2093f062b26805789b73f2af214691475d9baa29 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56606 – af_packet: avoid erroring out after sock_init_data() in packet_create()
https://notcve.org/view.php?id=CVE-2024-56606
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. • https://git.kernel.org/stable/c/71b22837a5e55ac27d6a14b9cdf2326587405c4f •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56605 – Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
https://notcve.org/view.php?id=CVE-2024-56605
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. • https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56604 – Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
https://notcve.org/view.php?id=CVE-2024-56604
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). • https://git.kernel.org/stable/c/ac3eaac4cf142a15fe67be747a682b1416efeb6e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56603 – net: af_can: do not leave a dangling sk pointer in can_create()
https://notcve.org/view.php?id=CVE-2024-56603
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later. • https://git.kernel.org/stable/c/884ae8bcee749be43a071d6ed2d89058dbd2425c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56602 – net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
https://notcve.org/view.php?id=CVE-2024-56602
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. • https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56601 – net: inet: do not leave a dangling sk pointer in inet_create()
https://notcve.org/view.php?id=CVE-2024-56601
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error. • https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56600 – net: inet6: do not leave a dangling sk pointer in inet6_create()
https://notcve.org/view.php?id=CVE-2024-56600
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error. • https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7 •