CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57902 – af_packet: fix vlan_get_tci() vs MSG_PEEK
https://notcve.org/view.php?id=CVE-2024-57902
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57901 – af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
https://notcve.org/view.php?id=CVE-2024-57901
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57900 – ila: serialize calls to nf_register_net_hooks()
https://notcve.org/view.php?id=CVE-2024-57900
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands. Add a mutex to make sure at most one thread is calling nf_register_net_hooks(). [1] BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: K... • https://git.kernel.org/stable/c/7f00feaf107645d95a6d87e99b4d141ac0a08efd •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57899 – wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-57899
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adju... • https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57898 – wifi: cfg80211: clear link ID from bitmap during link delete after clean up
https://notcve.org/view.php?id=CVE-2024-57898
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() i... • https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57897 – drm/amdkfd: Correct the migration DMA map direction
https://notcve.org/view.php?id=CVE-2024-57897
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 -45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/. As there's no dma_sync_sing... • https://git.kernel.org/stable/c/22d36ad92e5703e2e9bdf228990c0999d5d53ea3 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57896 – btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
https://notcve.org/view.php?id=CVE-2024-57896
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput... • https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57895 – ksmbd: set ATTR_CTIME flags when setting mtime
https://notcve.org/view.php?id=CVE-2024-57895
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is coming like the following. [ 113.215316] ------------[ cut here ]------------ [ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200 [ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234 [ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478... • https://git.kernel.org/stable/c/0626e6641f6b467447c81dd7678a69c66f7746cf •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57894 – Bluetooth: hci_core: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2024-57894
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix sleeping function called from invalid context This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5070, name: kworker/u9:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u9:2/5070: #0: ffff888015be3948 ((wq_... • https://git.kernel.org/stable/c/028a68886ead0764f4b26adfcaebf9f1955e76ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57893 – ALSA: seq: oss: Fix races at processing SysEx messages
https://notcve.org/view.php?id=CVE-2024-57893
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. En el kernel de Linux, se ha resuelto la si... • https://git.kernel.org/stable/c/cff1de87ed14fc0f2332213d2367100e7ad0753a •