CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56543 – wifi: ath12k: Skip Rx TID cleanup for self peer
https://notcve.org/view.php?id=CVE-2024-56543
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 a... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56539 – wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
https://notcve.org/view.php?id=CVE-2024-56539
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/mar... • https://git.kernel.org/stable/c/5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56538 – drm: zynqmp_kms: Unplug DRM device before removal
https://notcve.org/view.php?id=CVE-2024-56538
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an error without further calls into this driver's internals. • https://git.kernel.org/stable/c/d76271d22694e874ed70791702db9252ffe96a4c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56533 – ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
https://notcve.org/view.php?id=CVE-2024-56533
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). T... • https://git.kernel.org/stable/c/230cd5e24853ed4dd960461989b8ed0986d37a99 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56532 – ALSA: us122l: Use snd_card_free_when_closed() at disconnection
https://notcve.org/view.php?id=CVE-2024-56532
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). ... • https://git.kernel.org/stable/c/030a07e441296c372f946cd4065b5d831d8dc40c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56531 – ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
https://notcve.org/view.php?id=CVE-2024-56531
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). T... • https://git.kernel.org/stable/c/523f1dce37434a9a6623bf46e7893e2b4b10ac3c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53239 – ALSA: 6fire: Release resources at card release
https://notcve.org/view.php?id=CVE-2024-53239
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback. • https://git.kernel.org/stable/c/c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-53237 – Bluetooth: fix use-after-free in device_for_each_child()
https://notcve.org/view.php?id=CVE-2024-53237
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980 CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace:
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53234 – erofs: handle NONHEAD !delta[1] lclusters gracefully
https://notcve.org/view.php?id=CVE-2024-53234
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted... • https://git.kernel.org/stable/c/d95ae5e25326092d61613acf98280270dde22778 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53233 – unicode: Fix utf8_load() error path
https://notcve.org/view.php?id=CVE-2024-53233
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? • https://git.kernel.org/stable/c/2b3d047870120bcd46d7cc257d19ff49328fd585 •