CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57898 – wifi: cfg80211: clear link ID from bitmap during link delete after clean up
https://notcve.org/view.php?id=CVE-2024-57898
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() i... • https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57897 – drm/amdkfd: Correct the migration DMA map direction
https://notcve.org/view.php?id=CVE-2024-57897
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 -45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/. As there's no dma_sync_sing... • https://git.kernel.org/stable/c/22d36ad92e5703e2e9bdf228990c0999d5d53ea3 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57896 – btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
https://notcve.org/view.php?id=CVE-2024-57896
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput... • https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57894 – Bluetooth: hci_core: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2024-57894
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix sleeping function called from invalid context This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5070, name: kworker/u9:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u9:2/5070: #0: ffff888015be3948 ((wq_... • https://git.kernel.org/stable/c/028a68886ead0764f4b26adfcaebf9f1955e76ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57893 – ALSA: seq: oss: Fix races at processing SysEx messages
https://notcve.org/view.php?id=CVE-2024-57893
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. En el kernel de Linux, se ha resuelto la si... • https://git.kernel.org/stable/c/cff1de87ed14fc0f2332213d2367100e7ad0753a •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57892 – ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
https://notcve.org/view.php?id=CVE-2024-57892
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the ... • https://git.kernel.org/stable/c/8f9e8f5fcc059a3cba87ce837c88316797ef3645 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57890 – RDMA/uverbs: Prevent integer overflow issue
https://notcve.org/view.php?id=CVE-2024-57890
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two... • https://git.kernel.org/stable/c/67cdb40ca444c09853ab4d8a41cf547ac26a4de4 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57889 – pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
https://notcve.org/view.php?id=CVE-2024-57889
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 r... • https://git.kernel.org/stable/c/8f38910ba4f662222157ce07a0d5becc4328c46a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57888 – workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker
https://notcve.org/view.php?id=CVE-2024-57888
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") amdgpu started seeing the following warning: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] ... [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] ... [ ] Call T... • https://git.kernel.org/stable/c/fca839c00a12d682cb59b3b620d109a1d850b262 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57887 – drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
https://notcve.org/view.php?id=CVE-2024-57887
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: adv7511: Se corrige el use-after-free en adv7... • https://git.kernel.org/stable/c/1e4d58cd7f888522d16f221d628356befbb08468 •