CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57924 – fs: relax assertions on failure to encode file handles
https://notcve.org/view.php?id=CVE-2024-57924
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encod... • https://git.kernel.org/stable/c/f47c834a9131ae64bee3c462f4e610c67b0a000f •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57922 – drm/amd/display: Add check for granularity in dml ceil/floor helpers
https://notcve.org/view.php?id=CVE-2024-57922
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granu... • https://git.kernel.org/stable/c/8a9315e6f7b2d94c65a1ba476481deddb20fc3ae •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57913 – usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
https://notcve.org/view.php?id=CVE-2024-57913
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->ga... • https://git.kernel.org/stable/c/ddf8abd2599491cbad959c700b90ba72a5dce8d0 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21653 – net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
https://notcve.org/view.php?id=CVE-2025-21653
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/e5dfb815181fcb186d6080ac3a091eadff2d98fe •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21640 – sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21640
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using... • https://git.kernel.org/stable/c/3c68198e75111a905ac2412be12bf7b29099729b •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21639 – sctp: sysctl: rto_min/max: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21639
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acc... • https://git.kernel.org/stable/c/4f3fdf3bc59cafd14c3bc2c2369efad34c7aa8b5 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2025-21638 – sctp: sysctl: auth_enable: avoid using current->nsproxy
https://notcve.org/view.php?id=CVE-2025-21638
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acc... • https://git.kernel.org/stable/c/b14878ccb7fac0242db82720b784ab62c467c0dc •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57899 – wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-57899
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adju... • https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57898 – wifi: cfg80211: clear link ID from bitmap during link delete after clean up
https://notcve.org/view.php?id=CVE-2024-57898
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() i... • https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd •