CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53690 – nilfs2: prevent use of deleted inode
https://notcve.org/view.php?id=CVE-2024-53690
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trig... • https://git.kernel.org/stable/c/d25006523d0b9e49fd097b2e974e7c8c05bd7f54 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53685 – ceph: give up on paths longer than PATH_MAX
https://notcve.org/view.php?id=CVE-2024-53685
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and... • https://git.kernel.org/stable/c/0f2b2d9e881c90402dbe28f9ba831775b7992e1f •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52319 – mm: use aligned address in clear_gigantic_page()
https://notcve.org/view.php?id=CVE-2024-52319
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then, folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious nami... • https://git.kernel.org/stable/c/78fefd04c123493bbf28434768fa577b2153c79b •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-51729 – mm: use aligned address in copy_user_gigantic_page()
https://notcve.org/view.php?id=CVE-2024-51729
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the fault address may be not aligned with the huge page size. Then, copy_user_large_folio() may call copy_user_gigantic_page() with the address, while copy_user_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, us... • https://git.kernel.org/stable/c/530dd9926dc16220d2fae0997f45cda94f5f0864 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49571 – net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg
https://notcve.org/view.php?id=CVE-2024-49571
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field iparea_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks iparea_offset and ipv6_prefixes_cnt before using... • https://git.kernel.org/stable/c/e7b7a64a8493d47433fd003efbe6543e3f676294 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49568 – net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
https://notcve.org/view.php?id=CVE-2024-49568
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2_ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt before using th... • https://git.kernel.org/stable/c/8c3dca341aea885249e08856c4380300b75d2cf5 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47408 – net/smc: check smcd_v2_ext_offset when receiving proposal msg
https://notcve.org/view.php?id=CVE-2024-47408
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/5c21c4ccafe85906db809de3af391fd434df8a27 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46896 – drm/amdgpu: don't access invalid sched
https://notcve.org/view.php?id=CVE-2024-46896
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...) will be called... • https://git.kernel.org/stable/c/166df51487f46b6e997dfeea7ca0c2a970853f07 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55642 – block: Prevent potential deadlocks in zone write plug error recovery
https://notcve.org/view.php?id=CVE-2024-55642
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned block device always execute a zone report whenever a write BIO to a zone fails. The intent of this is to ensure that the tracking of a zone write pointer is always correct to ensure that the alignment to a zone write pointer of write BIOs can be checked on submission and that we can always correctly emulate zone a... • https://git.kernel.org/stable/c/dd291d77cc90eb6a86e9860ba8e6e38eebd57d12 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-55641 – xfs: unlock inodes when erroring out of xfs_trans_alloc_dir
https://notcve.org/view.php?id=CVE-2024-55641
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0... • https://git.kernel.org/stable/c/bd5562111d58392298a3c3b93caad71dff681b4b •