CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53174 – SUNRPC: make sure cache entry active before cache_show
https://notcve.org/view.php?id=CVE-2024-53174
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cache_show The function `c_show` was called with protection from RCU. This only ensures that `cp` will not be freed. Therefore, the reference count for `cp` can drop to zero, which will trigger a refcount use-after-free warning when `cache_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `cp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0... • https://git.kernel.org/stable/c/e9be26735d055c42543a4d047a769cc6d0fb1504 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53173 – NFSv4.0: Fix a use-after-free problem in the asynchronous open()
https://notcve.org/view.php?id=CVE-2024-53173
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is co... • https://git.kernel.org/stable/c/24ac23ab88df5b21b5b2df8cde748bf99b289099 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53172 – ubi: fastmap: Fix duplicate slab cache names while attaching
https://notcve.org/view.php?id=CVE-2024-53172
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already ex... • https://git.kernel.org/stable/c/d2158f69a7d469c21c37f7028c18aa8c54707de3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53171 – ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
https://notcve.org/view.php?id=CVE-2024-53171
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node's `znode->cparent` could still point to a freed node. This `znode->cparent` may not be updated when getting nodes to commit in `ubifs_tnc_start_commit()`. This could then trig... • https://git.kernel.org/stable/c/16a26b20d2afd0cf063816725b45b12e78d5bb31 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53168 – sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
https://notcve.org/view.php?id=CVE-2024-53168
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53165 – sh: intc: Fix use-after-free bug in register_intc_controller()
https://notcve.org/view.php?id=CVE-2024-53165
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded. • https://git.kernel.org/stable/c/2dcec7a988a1895540460a0bf5603bab63d5a3ed •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49034 – sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-49034
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0... • https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53164 – net: sched: fix ordering of qlen adjustment
https://notcve.org/view.php?id=CVE-2024-53164
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. • https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53161 – EDAC/bluefield: Fix potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53161
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. l... • https://git.kernel.org/stable/c/82413e562ea6eadfb6de946dcc6f74af31d64e7f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53158 – soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
https://notcve.org/view.php?id=CVE-2024-53158
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. • https://git.kernel.org/stable/c/eddac5af06546d2e7a0730e3dc02dde3dc91098a •