CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56647 – net: Fix icmp host relookup triggering ip_rt_bug
https://notcve.org/view.php?id=CVE-2024-56647
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Call Tra... • https://git.kernel.org/stable/c/8b7817f3a959ed99d7443afc12f78a7e1fcc2063 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56644 – net/ipv6: release expired exception dst cached in socket
https://notcve.org/view.php?id=CVE-2024-56644
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must be fulfilled for the leak to occur: * an ICMPv6 packet indicating a change of the MTU for the path is received, resulting in an exception dst being created * a TCP connection that uses the exception dst for rout... • https://git.kernel.org/stable/c/54c1a859efd9fd6cda05bc700315ba2519c14eba •
CVSS: 8.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56643 – dccp: Fix memory leak in dccp_feat_change_recv
https://notcve.org/view.php?id=CVE-2024-56643
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 8... • https://git.kernel.org/stable/c/e77b8363b2ea7c0d89919547c1a8b0562f298b57 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56637 – netfilter: ipset: Hold module reference while requesting a module
https://notcve.org/view.php?id=CVE-2024-56637
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko ... • https://git.kernel.org/stable/c/a7b4f989a629493bb4ec4a354def784d440b32c4 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56631 – scsi: sg: Fix slab-use-after-free read in sg_release()
https://notcve.org/view.php?id=CVE-2024-56631
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5838 __mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912 sg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407 In sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is called before releasing the open_rel_lock mutex. ... • https://git.kernel.org/stable/c/cc833acbee9db5ca8c6162b015b4c93863c6f821 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56627 – ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
https://notcve.org/view.php?id=CVE-2024-56627
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could ... • https://git.kernel.org/stable/c/de4d790dcf53be41736239d7ee63849a16ff5d10 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56626 – ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
https://notcve.org/view.php?id=CVE-2024-56626
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negativ... • https://git.kernel.org/stable/c/8cd7490fc0f268883e86e840cda5311257af69ca •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56623 – scsi: qla2xxx: Fix use after free on unload
https://notcve.org/view.php?id=CVE-2024-56623
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal t... • https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56619 – nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
https://notcve.org/view.php?id=CVE-2024-56619
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directo... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56616 – drm/dp_mst: Fix MST sideband message body length check
https://notcve.org/view.php?id=CVE-2024-56616
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corrupti... • https://git.kernel.org/stable/c/780fa184d4dc38ad6c4fded345ab8f9be7a63e96 •