CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57892 – ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
https://notcve.org/view.php?id=CVE-2024-57892
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the ... • https://git.kernel.org/stable/c/8f9e8f5fcc059a3cba87ce837c88316797ef3645 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57891 – sched_ext: Fix invalid irq restore in scx_ops_bypass()
https://notcve.org/view.php?id=CVE-2024-57891
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix invalid irq restore in scx_ops_bypass() While adding outer irqsave/restore locking, 0e7ffff1b811 ("scx: Fix raciness in scx_ops_bypass()") forgot to convert an inner rq_unlock_irqrestore() to rq_unlock() which could re-enable IRQ prematurely leading to the following warning: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 96 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Sched_... • https://git.kernel.org/stable/c/0e7ffff1b8117b05635c87d3c9099f6aa9c9b689 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57890 – RDMA/uverbs: Prevent integer overflow issue
https://notcve.org/view.php?id=CVE-2024-57890
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two... • https://git.kernel.org/stable/c/67cdb40ca444c09853ab4d8a41cf547ac26a4de4 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57889 – pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
https://notcve.org/view.php?id=CVE-2024-57889
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 r... • https://git.kernel.org/stable/c/8f38910ba4f662222157ce07a0d5becc4328c46a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57888 – workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker
https://notcve.org/view.php?id=CVE-2024-57888
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") amdgpu started seeing the following warning: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] ... [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] ... [ ] Call T... • https://git.kernel.org/stable/c/fca839c00a12d682cb59b3b620d109a1d850b262 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57887 – drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
https://notcve.org/view.php?id=CVE-2024-57887
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: adv7511: Se corrige el use-after-free en adv7... • https://git.kernel.org/stable/c/1e4d58cd7f888522d16f221d628356befbb08468 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57886 – mm/damon/core: fix new damon_target objects leaks on damon_commit_targets()
https://notcve.org/view.php?id=CVE-2024-57886
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series "mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()". Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core API user... • https://git.kernel.org/stable/c/9cb3d0b9dfce6a3258d91e6d69e418d0b4cce46a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57885 – mm/kmemleak: fix sleeping function called from invalid context at print message
https://notcve.org/view.php?id=CVE-2024-57885
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under specific conditions: - CONFIG_PREEMPT_RT=y - Set SELinux as the LSM for the system - Set kptr_restrict to 1 - kmemleak buffer contains at least one item BUG: sleeping function called from invalid context at kernel/l... • https://git.kernel.org/stable/c/3a6f33d86baa8103c80f62edd9393e9f7bf25d72 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57884 – mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
https://notcve.org/view.php?id=CVE-2024-57884
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ff... • https://git.kernel.org/stable/c/5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57883 – mm: hugetlb: independent PMD page table shared count
https://notcve.org/view.php?id=CVE-2024-57883
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000... • https://git.kernel.org/stable/c/39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa •