CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57999 – powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW
https://notcve.org/view.php?id=CVE-2024-57999
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMIO pages needs to be marked as reserved so that IOMMU doesn't map DMA buffers in this range. The current code is not marking these pages correctly which is resulting in LPAR to OOPS while booting. The stack is at below BUG: Unable to ha... • https://git.kernel.org/stable/c/3c33066a21903076722a2881556a92aa3cd7d359 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57998 – OPP: add index check to assert to avoid buffer overflow in _read_freq()
https://notcve.org/view.php?id=CVE-2024-57998
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed variants: dev_pm_opp_find_freq_exact_indexed() or dev_pm_opp_find_freq_ceil/floor_indexed(). Add a secondary parameter to the assert function, unused for assert_single_clk() then add assert_clk_index() which will check for the clock in... • https://git.kernel.org/stable/c/142e17c1c2b48e3fb4f024e62ab6dee18f268694 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57997 – wifi: wcn36xx: fix channel survey memory allocation size
https://notcve.org/view.php?id=CVE-2024-57997
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memory allocation size KASAN reported a memory allocation issue in wcn->chan_survey due to incorrect size calculation. This commit uses kcalloc to allocate memory for wcn->chan_survey, ensuring proper initialization and preventing the use of uninitialized values when there are no frames on the channel. In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memo... • https://git.kernel.org/stable/c/29696e0aa413b9d56558731aae3806d7cff48d36 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57996 – net_sched: sch_sfq: don't allow 1 packet limit
https://notcve.org/view.php?id=CVE-2024-57996
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following syzkaller reported crash: UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6 index 65535 is out of range for type 'struct sfq_head[128]' CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1 Ha... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57995 – wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev()
https://notcve.org/view.php?id=CVE-2024-57995
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12k_mac_unassign_link_vif(). This action frees the arvif pointer. Subsequently, there is a check involving arvif, which will result in a read-after-free scenario. Fix this by moving this check after arvif is again assigned via call to a... • https://git.kernel.org/stable/c/b5068bc9180d06a5ac242b0f9263047c14f86211 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57994 – ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
https://notcve.org/view.php?id=CVE-2024-57994
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() Jakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page() to increase test coverage. syzbot found a splat caused by hard irq blocking in ptr_ring_resize_multiple() [1] As current users of ptr_ring_resize_multiple() do not require hard irqs being masked, replace it to only block BH. Rename helpers to better reflect they are safe against BH only. - ptr_ring_r... • https://git.kernel.org/stable/c/ff4e538c8c3e675a15e1e49509c55951832e0451 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57993 – HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check
https://notcve.org/view.php?id=CVE-2024-57993
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check syzbot has found a type mismatch between a USB pipe and the transfer endpoint, which is triggered by the hid-thrustmaster driver[1]. There is a number of similar, already fixed issues [2]. In this case as in others, implementing check for endpoint type fixes the issue. [1] https://syzkaller.appspot.com/bug?extid=040e8b3db6a96908d470 [2] https://syzkaller.appsp... • https://git.kernel.org/stable/c/c49c33637802a2c6957a78119eb8be3b055dd9e9 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57992 – wifi: wilc1000: unregister wiphy only if it has been registered
https://notcve.org/view.php?id=CVE-2024-57992
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers (both sdio and spi) which can lead to kernel panic, as this one for example when using SPI: Unable to handle kernel paging request at virtual address 9f000000 when read [9f000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_gene... • https://git.kernel.org/stable/c/fbdf0c5248dce4b55181e9aff8f1b61819ba6bd7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57991 – wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
https://notcve.org/view.php?id=CVE-2024-57991
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, should have aborted the list_for_each_entry. But, `break` just aborted the inner for-loop. The outer list_for_each_entry still continues. Normally, only the first entry will match the target pattern, and the... • https://git.kernel.org/stable/c/68ec751b288178de7d19b71ea61648269a35b8cd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57990 – wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
https://notcve.org/view.php?id=CVE-2024-57990
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write. • https://git.kernel.org/stable/c/9679ca7326e52282cc923c4d71d81c999cb6cd55 •