CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57992 – wifi: wilc1000: unregister wiphy only if it has been registered
https://notcve.org/view.php?id=CVE-2024-57992
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers (both sdio and spi) which can lead to kernel panic, as this one for example when using SPI: Unable to handle kernel paging request at virtual address 9f000000 when read [9f000000] *pgd=00000000 Internal error: Oops: 5 [#1] ARM Modules linked in: wilc1000_spi(+) crc_itu_t crc7 wilc1000 cfg80211 bluetooth ecdh_gene... • https://git.kernel.org/stable/c/fbdf0c5248dce4b55181e9aff8f1b61819ba6bd7 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57991 – wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles()
https://notcve.org/view.php?id=CVE-2024-57991
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: chan: fix soft lockup in rtw89_entity_recalc_mgnt_roles() During rtw89_entity_recalc_mgnt_roles(), there is a normalizing process which will re-order the list if an entry with target pattern is found. And once one is found, should have aborted the list_for_each_entry. But, `break` just aborted the inner for-loop. The outer list_for_each_entry still continues. Normally, only the first entry will match the target pattern, and the... • https://git.kernel.org/stable/c/68ec751b288178de7d19b71ea61648269a35b8cd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57990 – wifi: mt76: mt7925: fix off by one in mt7925_load_clc()
https://notcve.org/view.php?id=CVE-2024-57990
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() This comparison should be >= instead of > to prevent an out of bounds read and write. • https://git.kernel.org/stable/c/9679ca7326e52282cc923c4d71d81c999cb6cd55 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57989 – wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links
https://notcve.org/view.php?id=CVE-2024-57989
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but this returned value is not checked. In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links In mt7925_change_vif_links() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/69acd6d910b0c83842bd45c36224d4f8fe59d1d4 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57988 – Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name()
https://notcve.org/view.php?id=CVE-2024-57988
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned value in btbcm_get_board_name() is not checked. Add NULL check in btbcm_get_board_name(), to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failu... • https://git.kernel.org/stable/c/f9183eaad91521ba1c04a19e5606ae61560a735e •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57987 – Bluetooth: btrtl: check for NULL in btrtl_setup_realtek()
https://notcve.org/view.php?id=CVE-2024-57987
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oops. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed.... • https://git.kernel.org/stable/c/b39910bb54d9ff696caaed4e83ae92a798cd8bf8 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57986 – HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
https://notcve.org/view.php?id=CVE-2024-57986
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections A report in 2019 by the syzbot fuzzer was found to be connected to two errors in the HID core associated with Resolution Multipliers. One of the errors was fixed by commit ea427a222d8b ("HID: core: Fix deadloop in hid_apply_multiplier."), but the other has not been fixed. This error arises because hid_apply_multipler() assumes that every Resolution Multipli... • https://git.kernel.org/stable/c/5a4abb36f312cf83206b1b7d1308ba47cba0b3cc •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57985 – firmware: qcom: scm: Cleanup global '__scm' on probe failures
https://notcve.org/view.php?id=CVE-2024-57985
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: Cleanup global '__scm' on probe failures If SCM driver fails the probe, it should not leave global '__scm' variable assigned, because external users of this driver will assume the probe finished successfully. For example TZMEM parts ('__scm->mempool') are initialized later in the probe, but users of it (__scm_smc_call()) rely on the '__scm' variable. This fixes theoretical NULL pointer exception, triggered via introduci... • https://git.kernel.org/stable/c/40289e35ca525f29a03989352ab207b6a9675475 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57984 – i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition
https://notcve.org/view.php?id=CVE-2024-57984
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition In dw_i3c_common_probe, &master->hj_work is bound with dw_i3c_hj_work. And dw_i3c_master_irq_handler can call dw_i3c_master_irq_handle_ibis function to start the work. If we remove the module which will call dw_i3c_common_remove to make cleanup, it will free master->base through i3c_master_unregister while the work mentioned above will be used. The sequence of operati... • https://git.kernel.org/stable/c/1dd728f5d4d4b8b53196c1e0fcf86bbaaee39cef • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57983 – mailbox: th1520: Fix memory corruption due to incorrect array size
https://notcve.org/view.php?id=CVE-2024-57983
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix memory corruption due to incorrect array size The functions th1520_mbox_suspend_noirq and th1520_mbox_resume_noirq are intended to save and restore the interrupt mask registers in the MBOX ICU0. However, the array used to store these registers was incorrectly sized, leading to memory corruption when accessing all four registers. This commit corrects the array size to accommodate all four interrupt mask registers, preven... • https://git.kernel.org/stable/c/5d4d263e1c6b6b18acb4d67fd3b9af71b7404924 •