CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2024-57937 – mm: reinstate ability to map write-sealed memfd mappings read-only
https://notcve.org/view.php?id=CVE-2024-57937
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: reinstate ability to map write-sealed memfd mappings read-only Patch series "mm: reinstate ability to map write-sealed memfd mappings read-only". In commit 158978945f31 ("mm: perform the mapping_map_writable() check after call_mmap()") (and preceding changes in the same series) it became possible to mmap() F_SEAL_WRITE sealed memfd mappings read-only. Commit 5de195060b2e ("mm: resolve faulty mmap_region() error path behaviour") unintent... • https://git.kernel.org/stable/c/5de195060b2e251a835f622759550e6202167641 •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2024-57931 – selinux: ignore unknown extended permissions
https://notcve.org/view.php?id=CVE-2024-57931
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This co... • https://git.kernel.org/stable/c/fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2024-57930 – tracing: Have process_string() also allow arrays
https://notcve.org/view.php?id=CVE-2024-57930
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases i... • https://git.kernel.org/stable/c/f3ff759ec636b4094b8eb2c3801e4e6c97a6b712 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21655 – io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
https://notcve.org/view.php?id=CVE-2025-21655
20 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctl... • https://git.kernel.org/stable/c/21a091b970cdbcf3e8ff829234b51be6f9192766 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52923 – netfilter: nf_tables: adapt set backend to use GC transaction API
https://notcve.org/view.php?id=CVE-2023-52923
20 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _... • https://git.kernel.org/stable/c/9d0982927e79049675cb6c6c04a0ebb3dad5a434 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57929 – dm array: fix releasing a faulty array block twice in dm_array_cursor_end
https://notcve.org/view.php?id=CVE-2024-57929
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty arra... • https://git.kernel.org/stable/c/fdd1315aa5f022fe6574efdc2d9535f75a0ee255 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57925 – ksmbd: fix a missing return value check bug
https://notcve.org/view.php?id=CVE-2024-57925
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function retu... • https://git.kernel.org/stable/c/f8cf1ebb7de62c7d807707ce4abb69d483629263 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57924 – fs: relax assertions on failure to encode file handles
https://notcve.org/view.php?id=CVE-2024-57924
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encod... • https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57922 – drm/amd/display: Add check for granularity in dml ceil/floor helpers
https://notcve.org/view.php?id=CVE-2024-57922
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granu... • https://git.kernel.org/stable/c/f3d1e4062ef251fa55ccfeca1e54a98b6818b3a1 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57917 – topology: Keep the cpumask unchanged when printing cpumap
https://notcve.org/view.php?id=CVE-2024-57917
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/... • https://git.kernel.org/stable/c/bb9ec13d156e85dfd6a8afd0bb61ccf5736ed257 •