CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57945 – riscv: mm: Fix the out of bound issue of vmemmap address
https://notcve.org/view.php?id=CVE-2024-57945
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as: ((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)). And the struct page's va can be calculated with an offset: (vmemmap + (pfn)). However, when initializing struct pages, kernel actually starts from the first page from the same section that phys_ram_base belongs to. If the first page's physical addre... • https://git.kernel.org/stable/c/a278d5c60f21aa15d540abb2f2da6e6d795c3e6e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57944 – iio: adc: ti-ads1298: Add NULL check in ads1298_init
https://notcve.org/view.php?id=CVE-2024-57944
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. Add it. In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1298: Add NULL check in ads1298_init devm_kasprintf() can return a NULL pointer on failure. A check on the return value of such a call in ads1298_init() is missing. • https://git.kernel.org/stable/c/00ef7708fa6073a84f6898fdcdfe965d903b0378 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57943 – exfat: fix the new buffer was not zeroed before writing
https://notcve.org/view.php?id=CVE-2024-57943
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head marked as new, its data must be zeroed, otherwise uninitialized data in the page cache will be written. So this commit uses folio_zero_new_buffers() to zero the new buffers before ->write_end(). In the Linux kernel, the following vulnerability has been resolved: exfat: fix the new buffer was not zeroed before writing Before writing, if a buffer_head mar... • https://git.kernel.org/stable/c/6630ea49103c3d45461e29b0f6eb0ce750aeb8f5 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57942 – netfs: Fix ceph copy to cache on write-begin
https://notcve.org/view.php?id=CVE-2024-57942
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix ceph copy to cache on write-begin At the end of netfs_unlock_read_folio() in which folios are marked appropriately for copying to the cache (either with by being marked dirty and having their private data set or by having PG_private_2 set) and then unlocked, the folio_queue struct has the entry pointing to the folio cleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(), which is used to write folios marked with ... • https://git.kernel.org/stable/c/796a4049640b54cb1daf9e7fe543292c5ca02c74 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57941 – netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled
https://notcve.org/view.php?id=CVE-2024-57941
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled (e.g. due to a DIO write on that file), future copying to the cache for that file is disabled until all fds open on that file are closed. However, if netfslib is using the deprecated PG_private_2 method (such as is currently used by ceph), and decides it wants to copy to the cache, netfs_advance_write() will jus... • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57940 – exfat: fix the infinite loop in exfat_readdir()
https://notcve.org/view.php?id=CVE-2024-57940
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will not be incremented, causing condition 'dentry < max_dentries' unable to prevent an infinite loop. This infinite loop causes s_lock not to be released, and other tasks will hang, such as exfat_sync_fs(). This commit stops traversing the... • https://git.kernel.org/stable/c/ca06197382bde0a3bc20215595d1c9ce20c6e341 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57939 – riscv: Fix sleeping in invalid context in die()
https://notcve.org/view.php?id=CVE-2024-57939
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex preempt_count: 110001, expected: 0 RCU nest depth: 0, expect... • https://git.kernel.org/stable/c/76d2a0493a17d4c8ecc781366850c3c4f8e1a446 •
CVSS: 9.0EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57938 – net/sctp: Prevent autoclose integer overflow in sctp_association_init()
https://notcve.org/view.php?id=CVE-2024-57938
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow. In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX... • https://git.kernel.org/stable/c/9f70f46bd4c7267d48ef461a1d613ec9ec0d520c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57936 – RDMA/bnxt_re: Fix max SGEs for the Work Request
https://notcve.org/view.php?id=CVE-2024-57936
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 SGEs. This is causing traffic failures and system crashes. Use the define for max SGE supported for variable size. • https://git.kernel.org/stable/c/227f51743b61fe3f6fc481f0fb8086bf8c49b8c9 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57935 – RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
https://notcve.org/view.php?id=CVE-2024-57935
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will... • https://git.kernel.org/stable/c/f48084857b9e3d73c1d290307b5a11f61e6f666a •