CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2024-57804 – scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
https://notcve.org/view.php?id=CVE-2024-57804
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and enabled in rapid succession, the persistent and current config pages related to SAS IO unit/SAS Expander pages could get corrupted. Use separate memory for each config request. In the Linux kernel, the following vulner... • https://git.kernel.org/stable/c/869fdc6f0606060301aef648231e186c7c542f5a •
CVSS: 5.5EPSS: %CPEs: 4EXPL: 0CVE-2024-57798 – drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()
https://notcve.org/view.php?id=CVE-2024-57798
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req(). Avoid th... • https://git.kernel.org/stable/c/f61b2e5e7821f868d6afc22382a66a30ee780ba0 •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2024-57792 – power: supply: gpio-charger: Fix set charge current limits
https://notcve.org/view.php?id=CVE-2024-57792
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for devices which allow to set the lowest charge current limit to be greater zero. If requested charge current limit is below lowest limit, the index equals current_limit_map_size which leads to accessing memory beyond allocated memory. In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge curren... • https://git.kernel.org/stable/c/be2919d8355e4651386ad2fb61ddb6efe4533b1b •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2024-57791 – net/smc: check return value of sock_recvmsg when draining clc data
https://notcve.org/view.php?id=CVE-2024-57791
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should not be fully trusted as it is from the network. Once the value of length exceeds the value of buflen in function smc_clc_wait_msg it may run into deadloop when trying to drain the remaining data exceeding buflen. This patch checks the r... • https://git.kernel.org/stable/c/fb4f79264c0fc6fd5a68ffe3e31bfff97311e1f1 •
CVSS: 6.8EPSS: %CPEs: 3EXPL: 0CVE-2024-56372 – net: tun: fix tun_napi_alloc_frags()
https://notcve.org/view.php?id=CVE-2024-56372
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Instead of going through all the iov components, we keep using the first one and end up with a malformed skb. [1] kernel BUG at net/core/skbuff.c:2849 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0 Hardware name: Google G... • https://git.kernel.org/stable/c/de4f5fed3f231a8ff4790bf52975f847b95b85ea •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2024-56369 – drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()
https://notcve.org/view.php?id=CVE-2024-56369
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotal*htotal*... In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vto... • https://git.kernel.org/stable/c/e7c7b48a0fc5ed83baae400a1b15e33978c25d7f •
CVSS: 4.7EPSS: %CPEs: 7EXPL: 0CVE-2024-55916 – Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet
https://notcve.org/view.php?id=CVE-2024-55916
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hv_utils: Registering HyperV Utility Driver hv_vmbus: registering driver hv_utils ... BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1 RIP: 0010:hv_pkt_iter_first+0x1... • https://git.kernel.org/stable/c/e0fa3e5e7df61eb2c339c9f0067c202c0cdeec2c •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2024-55881 – KVM: x86: Play nice with protected guests in complete_hypercall_exit()
https://notcve.org/view.php?id=CVE-2024-55881
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall vi... • https://git.kernel.org/stable/c/5969e2435cbd7f0ce8c28d717bfc39987ee8d8f1 •
CVSS: 9.4EPSS: %CPEs: 4EXPL: 0CVE-2024-54680 – smb: client: fix TCP timers deadlock after rmmod
https://notcve.org/view.php?id=CVE-2024-54680
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix TCP timers deadlock after rmmod Commit ef7134c7fc48 ("smb: client: Fix use-after-free of network namespace.") fixed a netns UAF by manually enabled socket refcounting (sk->sk_net_refcnt=1 and sock_inuse_add(net, 1)). The reason the patch worked for that bug was because we now hold references to the netns (get_net_track() gets a ref internally) and they're properly released (internally, on __sk_destruct()), but only because ... • https://git.kernel.org/stable/c/e8c71494181153a134c96da28766a57bd1eac8cb •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2024-53690 – nilfs2: prevent use of deleted inode
https://notcve.org/view.php?id=CVE-2024-53690
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trig... • https://git.kernel.org/stable/c/d25006523d0b9e49fd097b2e974e7c8c05bd7f54 •