CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56589 – scsi: hisi_sas: Add cond_resched() for no forced preemption model
https://notcve.org/view.php?id=CVE-2024-56589
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0x... • https://git.kernel.org/stable/c/3dd2c5cb2c698a02a4ed2ea0acb7c9909374a8bf •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56588 – scsi: hisi_sas: Create all dump files during debugfs initialization
https://notcve.org/view.php?id=CVE-2024-56588
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to display the saved information. In this process, the debugfs files created after each dump. Therefore, when the dump is triggered while the driver is unbind, the following hang occurs: [67840.853907] Unable to handle... • https://git.kernel.org/stable/c/6c55f99123075e5429850b41b06f7dfffcb708eb •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56587 – leds: class: Protect brightness_show() with led_cdev->led_access mutex
https://notcve.org/view.php?id=CVE-2024-56587
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer issue. Use mutex led_cdev->led_access to protect access to led->cdev and its attribute inside brightness_show() and max_brightness_show() and a... • https://git.kernel.org/stable/c/84b42d5b5fcd767c9b7f30b0b32065ed949fe804 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56586 – f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.
https://notcve.org/view.php?id=CVE-2024-56586
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inode.c:896! CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360 Oops: invalid opcode... • https://git.kernel.org/stable/c/ac8aaf78bd039fa1be0acaa8e84a56499f79d721 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56585 – LoongArch: Fix sleeping in atomic context for PREEMPT_RT
https://notcve.org/view.php?id=CVE-2024-56585
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPT_RT Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error: [ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 0.372266] in_atomic()... • https://git.kernel.org/stable/c/08715b741f9b2a925d6485491e4907f3b29bac70 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56584 – io_uring/tctx: work around xa_store() allocation error issue
https://notcve.org/view.php?id=CVE-2024-56584
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring/tctx: work around xa_store() allocation error issue syzbot triggered the following WARN_ON: WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51 which is the WARN_ON_ONCE(!xa_empty(&tctx->xa)); sanity check in __io_uring_free() when a io_uring_task is going through its final put. The syzbot test case includes injecting memory allocation failures, and it very much looks like xa_store() ca... • https://git.kernel.org/stable/c/94ad56f61b873ffeebcc620d451eacfbdf9d40f0 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56583 – sched/deadline: Fix warning in migrate_enable for boosted tasks
https://notcve.org/view.php?id=CVE-2024-56583
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix warning in migrate_enable for boosted tasks When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace:
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56582 – btrfs: fix use-after-free in btrfs_encoded_read_endio()
https://notcve.org/view.php?id=CVE-2024-56582
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfs_encoded_read_endio() Shinichiro reported the following use-after free that sometimes is happening in our CI system when running fstests' btrfs/284 on a TCMU runner device: BUG: KASAN: slab-use-after-free in lock_release+0x708/0x780 Read of size 8 at addr ffff888106a83f18 by task kworker/u80:6/219 CPU: 8 UID: 0 PID: 219 Comm: kworker/u80:6 Not tainted 6.12.0-rc6-kts+ #15 Hardware name: Supermicr... • https://git.kernel.org/stable/c/1881fba89bd5dcd364d2e1bf561912a90a11c21a •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56581 – btrfs: ref-verify: fix use-after-free after invalid ref action
https://notcve.org/view.php?id=CVE-2024-56581
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable 'ref') into the respective block entry's rbtree (local variable 'be'), if we find an unexpected action of BTRFS_DROP_DELAYED_REF, we error out and free the ref entry without removing it from the block entry's rbtree. Then in the error path of btrfs_ref_tree_mod() we call btrfs_free_ref_cac... • https://git.kernel.org/stable/c/fd708b81d972a0714b02a60eb4792fdbf15868c4 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56580 – media: qcom: camss: fix error path on configuration of power domains
https://notcve.org/view.php?id=CVE-2024-56580
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: fix error path on configuration of power domains There is a chance to meet runtime issues during configuration of CAMSS power domains, because on the error path dev_pm_domain_detach() is unexpectedly called with NULL or error pointer. One of the simplest ways to reproduce the problem is to probe CAMSS driver before registration of CAMSS power domains, for instance if a platform CAMCC driver is simply not built. Warni... • https://git.kernel.org/stable/c/23aa4f0cd3273b269560a9236c48b43a3982ac13 •