CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57896 – btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
https://notcve.org/view.php?id=CVE-2024-57896
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput... • https://git.kernel.org/stable/c/a2718ed1eb8c3611b63f8933c7e68c8821fe2808 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57894 – Bluetooth: hci_core: Fix sleeping function called from invalid context
https://notcve.org/view.php?id=CVE-2024-57894
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix sleeping function called from invalid context This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5070, name: kworker/u9:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u9:2/5070: #0: ffff888015be3948 ((wq_... • https://git.kernel.org/stable/c/028a68886ead0764f4b26adfcaebf9f1955e76ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57893 – ALSA: seq: oss: Fix races at processing SysEx messages
https://notcve.org/view.php?id=CVE-2024-57893
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. En el kernel de Linux, se ha resuelto la si... • https://git.kernel.org/stable/c/cff1de87ed14fc0f2332213d2367100e7ad0753a •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57892 – ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
https://notcve.org/view.php?id=CVE-2024-57892
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the ... • https://git.kernel.org/stable/c/8f9e8f5fcc059a3cba87ce837c88316797ef3645 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57890 – RDMA/uverbs: Prevent integer overflow issue
https://notcve.org/view.php?id=CVE-2024-57890
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two... • https://git.kernel.org/stable/c/67cdb40ca444c09853ab4d8a41cf547ac26a4de4 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57889 – pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking
https://notcve.org/view.php?id=CVE-2024-57889
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 r... • https://git.kernel.org/stable/c/8f38910ba4f662222157ce07a0d5becc4328c46a •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57888 – workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker
https://notcve.org/view.php?id=CVE-2024-57888
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") amdgpu started seeing the following warning: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] ... [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] ... [ ] Call T... • https://git.kernel.org/stable/c/fca839c00a12d682cb59b3b620d109a1d850b262 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57887 – drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
https://notcve.org/view.php?id=CVE-2024-57887
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: adv7511: Se corrige el use-after-free en adv7... • https://git.kernel.org/stable/c/1e4d58cd7f888522d16f221d628356befbb08468 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57884 – mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
https://notcve.org/view.php?id=CVE-2024-57884
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ff... • https://git.kernel.org/stable/c/5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57883 – mm: hugetlb: independent PMD page table shared count
https://notcve.org/view.php?id=CVE-2024-57883
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000... • https://git.kernel.org/stable/c/39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa •