CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-53237 – Bluetooth: fix use-after-free in device_for_each_child()
https://notcve.org/view.php?id=CVE-2024-53237
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980 CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace:
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53236 – xsk: Free skb when TX metadata options are invalid
https://notcve.org/view.php?id=CVE-2024-53236
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. This can leak skbs until the send buffer is full which makes sending more packets impossible. Fix this by freeing the skb in the er... • https://git.kernel.org/stable/c/48eb03dd26304c24f03bdbb9382e89c8564e71df •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53234 – erofs: handle NONHEAD !delta[1] lclusters gracefully
https://notcve.org/view.php?id=CVE-2024-53234
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted... • https://git.kernel.org/stable/c/d95ae5e25326092d61613acf98280270dde22778 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53233 – unicode: Fix utf8_load() error path
https://notcve.org/view.php?id=CVE-2024-53233
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? • https://git.kernel.org/stable/c/2b3d047870120bcd46d7cc257d19ff49328fd585 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53232 – iommu/s390: Implement blocking domain
https://notcve.org/view.php?id=CVE-2024-53232
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain_nofail() attaching the default domain fails when the platform no longer recognizes the device as it has already been removed and we end up with a NULL domain pointer and UAF. This is exactly the case referred to in the second comment in __iommu_device_set_domain() and jus... • https://git.kernel.org/stable/c/c76c067e488ccd55734c3e750799caf2c5956db6 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53231 – cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
https://notcve.org/view.php?id=CVE-2024-53231
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53230 – cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
https://notcve.org/view.php?id=CVE-2024-53230
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference, so check NULL for cppc_get_cpu_cost(). • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53229 – RDMA/rxe: Fix the qp flush warnings in req
https://notcve.org/view.php?id=CVE-2024-53229
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. [ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel i... • https://git.kernel.org/stable/c/ae720bdb703b295fed4ded28e14dd06a534a3012 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53228 – riscv: kvm: Fix out-of-bounds array access
https://notcve.org/view.php?id=CVE-2024-53228
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the extensions, that special marker is not checked prior indexing the array. Add an out-of-bounds check to the function. • https://git.kernel.org/stable/c/56d8a385b60556019ecb45d6098830c9ef6a13e0 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53227 – scsi: bfa: Fix use-after-free in bfad_im_module_exit()
https://notcve.org/view.php?id=CVE-2024-53227
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: