CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56568 – iommu/arm-smmu: Defer probe of clients after smmu device bound
https://notcve.org/view.php?id=CVE-2024-56568
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smm... • https://git.kernel.org/stable/c/021bb8420d44cf56102d44fca9af628625e75482 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56567 – ad7780: fix division by zero in ad7780_write_raw()
https://notcve.org/view.php?id=CVE-2024-56567
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero. In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_ra... • https://git.kernel.org/stable/c/9085daa4abcc3a1c19ae4eb00e609842ef28275a •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56566 – mm/slub: Avoid list corruption when removing a slab from the full list
https://notcve.org/view.php?id=CVE-2024-56566
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead ... • https://git.kernel.org/stable/c/643b113849d8faa68c9f01c3c9d929bfbffd50bd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56565 – f2fs: fix to drop all discards after creating snapshot on lvm device
https://notcve.org/view.php?id=CVE-2024-56565
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase... • https://git.kernel.org/stable/c/35ec7d5748849762008e8ae9f8ad2766229d5794 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56564 – ceph: pass cred pointer to ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2024-56564
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer. As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken. In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match(... • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56563 – ceph: fix cred leak in ceph_mds_check_access()
https://notcve.org/view.php?id=CVE-2024-56563
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56562 – i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
https://notcve.org/view.php?id=CVE-2024-56562
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". In the Linux kernel, the following vulnerability has been resol... • https://git.kernel.org/stable/c/3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56561 – PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()
https://notcve.org/view.php?id=CVE-2024-56561
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues: - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue. - Domain ID corresponds to the EPC device parent, so passing 'epc->dev' is also wrong. Fix these issues by passing 'ep... • https://git.kernel.org/stable/c/0328947c50324cf4b2d8b181bf948edb8101f59f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56559 – mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation
https://notcve.org/view.php?id=CVE-2024-56559
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: ... • https://git.kernel.org/stable/c/282631cb2447318e2a55b41a665dbe8571c46d70 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; us... • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 •