CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53136 – mm: revert "mm: shmem: fix data-race in shmem_getattr()"
https://notcve.org/view.php?id=CVE-2024-53136
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: revert "mm: shmem: fix data-race in s... • https://git.kernel.org/stable/c/9fb9703cd43ee20a6de8ccdef991677b7274cec0 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53135 – KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN
https://notcve.org/view.php?id=CVE-2024-53135
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure t... • https://git.kernel.org/stable/c/f99e3daf94ff35dd4a878d32ff66e1fd35223ad6 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53133 – drm/amd/display: Handle dml allocation failure to avoid crash
https://notcve.org/view.php?id=CVE-2024-53133
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6... • https://git.kernel.org/stable/c/874ff59cde8fc525112dda26b501a1bac17dde9f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53131 – nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint
https://notcve.org/view.php?id=CVE-2024-53131
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general p... • https://git.kernel.org/stable/c/5305cb830834549b9203ad4d009ad5483c5e293f •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53130 – nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint
https://notcve.org/view.php?id=CVE-2024-53130
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the ... • https://git.kernel.org/stable/c/5305cb830834549b9203ad4d009ad5483c5e293f •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53128 – sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers
https://notcve.org/view.php?id=CVE-2024-53128
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepancy can lead to incorrect stack object detection and subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled. Example of the w... • https://git.kernel.org/stable/c/2d2b19ed4169c38dc6c61a186c5f7bdafc709691 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53127 – Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"
https://notcve.org/view.php?id=CVE-2024-53127
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this sta... • https://git.kernel.org/stable/c/32bd402f6760d57127d58a9888553b2db574bba6 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53125 – bpf: sync_linked_regs() must preserve subreg_def
https://notcve.org/view.php?id=CVE-2024-53125
04 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = ... • https://git.kernel.org/stable/c/75748837b7e56919679e02163f45d5818c644d03 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53124 – net: fix data-races around sk->sk_forward_alloc
https://notcve.org/view.php?id=CVE-2024-53124
02 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7... • https://git.kernel.org/stable/c/e994b2f0fb9229aeff5eea9541320bd7b2ca8714 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53122 – mptcp: cope racing subflow creation in mptcp_rcv_space_adjust
https://notcve.org/view.php?id=CVE-2024-53122
02 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that ... • https://git.kernel.org/stable/c/c76c6956566f974bac2470bd72fc22fb923e04a1 •