CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53148 – comedi: Flush partial mappings in error case
https://notcve.org/view.php?id=CVE-2024-53148
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mapp... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53147 – exfat: fix out-of-bounds access of directory entries
https://notcve.org/view.php?id=CVE-2024-53147
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an in... • https://git.kernel.org/stable/c/a0120d6463368378539ef928cf067d02372efb8c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53146 – NFSD: Prevent a potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53146
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. • https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53145 – um: Fix potential integer overflow during physmem setup
https://notcve.org/view.php?id=CVE-2024-53145
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. • https://git.kernel.org/stable/c/fe205bdd1321f95f8f3c35d243ea7cb22af8fbe1 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53241 – x86/xen: don't do PV iret hypercall through hypercall page
https://notcve.org/view.php?id=CVE-2024-53241
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/xen: no r... • https://git.kernel.org/stable/c/05df6e6cd9a76b778aee33c3c18c9f3b3566d4a5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53240 – xen/netfront: fix crash when removing device
https://notcve.org/view.php?id=CVE-2024-53240
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xen/netfront: se corrige... • https://git.kernel.org/stable/c/ed773dd798bf720756d20021b8d8a4a3d7184bda •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2024-53144 – Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE
https://notcve.org/view.php?id=CVE-2024-53144
17 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 • https://git.kernel.org/stable/c/ba15a58b179ed76a7e887177f2b06de12c58ec8f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53142 – initramfs: avoid filename buffer overrun
https://notcve.org/view.php?id=CVE-2024-53142
06 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Leng... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53141 – netfilter: ipset: add missing range check in bitmap_ip_uadt
https://notcve.org/view.php?id=CVE-2024-53141
06 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. • https://git.kernel.org/stable/c/72205fc68bd13109576aa6c4c12c740962d28a6c •
CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-53140 – netlink: terminate outstanding dump on socket close
https://notcve.org/view.php?id=CVE-2024-53140
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual dump helper, keeps getting called until it returns 0 - done - (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don't actually happen in a tight loop, but rathe... • https://git.kernel.org/stable/c/ed5d7788a934a4b6d6d025e948ed4da496b4f12e •