CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57988 – Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
https://notcve.org/view.php?id=CVE-2024-57988
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned value in btbcm_get_board_name() is not checked. Add NULL check in btbcm_get_board_name(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failu... • https://git.kernel.org/stable/c/f9183eaad91521ba1c04a19e5606ae61560a735e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57987 – Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
https://notcve.org/view.php?id=CVE-2024-57987
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oops. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed.... • https://git.kernel.org/stable/c/b39910bb54d9ff696caaed4e83ae92a798cd8bf8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57986 – HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
https://notcve.org/view.php?id=CVE-2024-57986
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was found to be connected to two errors in the HID core associated with Resolution Multipliers. One of the errors was fixed by commit ea427a222d8b ("HID: core: Fix deadloop in hid_apply_multiplier."), but the other has not been fixed. This error arises because hid_apply_multipler() assumes that every Resolution Multipli... • https://git.kernel.org/stable/c/5a4abb36f312cf83206b1b7d1308ba47cba0b3cc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57985 – firmware: qcom: scm: Cleanup global '__scm' on probe failures
https://notcve.org/view.php?id=CVE-2024-57985
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global '__scm' on probe failures If SCM driver fails the probe, it should not leave global '__scm' variable assigned, because external users of this driver will assume the probe finished successfully. For example TZMEM parts ('__scm->mempool') are initialized later in the probe, but users of it (__scm_smc_call()) rely on the '__scm' variable. This fixes theoretical NULL pointer exception, triggered via introduci... • https://git.kernel.org/stable/c/40289e35ca525f29a03989352ab207b6a9675475 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57984 – i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
https://notcve.org/view.php?id=CVE-2024-57984
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_ibis function to start the work. If we remove the module which will call dw_i3c_common_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operati... • https://git.kernel.org/stable/c/1dd728f5d4d4b8b53196c1e0fcf86bbaaee39cef • CWE-416: Use After Free •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57982 – xfrm: state: fix out-of-bounds read during lookup
https://notcve.org/view.php?id=CVE-2024-57982
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The xfrm_state_hash_generation seqlock ensures a retry, but the hash functions can observe a hmask value that is too large for the new hlist array. rehash does: rcu_assign_pointer(net->xfrm.state_bydst, ndst) [..] net->xfrm.state_hmask = nhashmask; While state lookup does: h = xfrm_dst_hash(net, daddr, saddr, tmpl->reqid, encap_family); hlist_for_each_e... • https://git.kernel.org/stable/c/c2f672fc94642bae96821a393f342edcfa9794a6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57981 – usb: xhci: Fix NULL pointer dereference on certain command aborts
https://notcve.org/view.php?id=CVE-2024-57981
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is advanced to the first TRB of the next segment. If no further commands are queued, xhci_handle_stopped_cmd_ring() sees the ring pointers unequal ... • https://git.kernel.org/stable/c/c311e391a7efd101250c0e123286709b7e736249 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57980 – media: uvcvideo: Fix double free in error path
https://notcve.org/view.php?id=CVE-2024-57980
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix double free in error path If the uvc_status_init() function fails to allocate the int_urb, it will free the dev->status pointer but doesn't reset the pointer to NULL. This results in the kfree() call in uvc_status_cleanup() trying to double-free the memory. Fix it by resetting the dev->status pointer to NULL after freeing it. Reviewed by: Ricardo Ribalda
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-57979 – pps: Fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-57979
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: pps: Fix a use-after-free On a board running ntpd and gpsd, I'm seeing a consistent use-after-free in sys_exit() from gpsd when rebooting: pps pps1: removed ------------[ cut here ]------------ kobject: '(null)' (00000000db4bec24): is not initialized, yet kobject_put() is being called. WARNING: CPU: 2 PID: 440 at lib/kobject.c:734 kobject_put+0x120/0x150 CPU: 2 UID: 299 PID: 440 Comm: gpsd Not tainted 6.11.0-rc6-00308-gb31c44928842 #1 Hardw... • https://git.kernel.org/stable/c/d953e0e837e65ecc1ddaa4f9560f7925878a0de6 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57978 – media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
https://notcve.org/view.php?id=CVE-2024-57978
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Fix potential error pointer dereference in detach_pm() The proble is on the first line: if (jpeg->pd_dev[i] && !pm_runtime_suspended(jpeg->pd_dev[i])) If jpeg->pd_dev[i] is an error pointer, then passing it to pm_runtime_suspended() will lead to an Oops. The other conditions check for both error pointers and NULL, but it would be more clear to use the IS_ERR_OR_NULL() check for that. In the Linux kernel, the following vulne... • https://git.kernel.org/stable/c/12914fd765ba4f9d6a9a50439e8dd2e9f91423f2 •