CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57882 – mptcp: fix TCP options overflow.
https://notcve.org/view.php?id=CVE-2024-57882
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:_compound_hea... • https://git.kernel.org/stable/c/1bff1e43a30e2f7500a49d47fd26a425643a6a37 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57881 – mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()
https://notcve.org/view.php?id=CVE-2024-57881
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix... • https://git.kernel.org/stable/c/fd919a85cd55be5d00a6a7372071f44c8eafb825 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57880 – ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array
https://notcve.org/view.php?id=CVE-2024-57880
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw:... • https://git.kernel.org/stable/c/27fd36aefa0013bea1cf6948e2e825e9b8cff97a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57879 – Bluetooth: iso: Always release hdev at the end of iso_listen_bis
https://notcve.org/view.php?id=CVE-2024-57879
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be... • https://git.kernel.org/stable/c/02171da6e86a73e1b343b36722f5d9d5c04b3539 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57878 – arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
https://notcve.org/view.php?id=CVE-2024-57878
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechani... • https://git.kernel.org/stable/c/4035c22ef7d43a6c00d6a6584c60e902b95b46af •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57877 – arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
https://notcve.org/view.php?id=CVE-2024-57877
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.por_el0, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism... • https://git.kernel.org/stable/c/17519819926211e6b2834e00e4554bec0daf22ac •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57876 – drm/dp_mst: Fix resetting msg rx state after topology removal
https://notcve.org/view.php?id=CVE-2024-57876
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The r... • https://git.kernel.org/stable/c/b30fcedeba643ca16eaa6212c1245598b7cd830d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57875 – block: RCU protect disk->conv_zones_bitmap
https://notcve.org/view.php?id=CVE-2024-57875
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace... • https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57874 – arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
https://notcve.org/view.php?id=CVE-2024-57874
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a ... • https://git.kernel.org/stable/c/2200aa7154cb7ef76bac93e98326883ba64bfa2e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57872 – scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
https://notcve.org/view.php?id=CVE-2024-57872
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memo... • https://git.kernel.org/stable/c/03b1781aa978aab345b5a85d8596f8615281ba89 •