CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53209 – bnxt_en: Fix receive ring space parameters when XDP is active
https://notcve.org/view.php?id=CVE-2024-53209
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring setting may need to be changed and it may become out-of-sync with the settings initially done in bnxt_set_rx_skb_mode(). This may result in rando... • https://git.kernel.org/stable/c/08450ea98ae98d5a35145b675b76db616046ea11 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53208 – Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
https://notcve.org/view.php?id=CVE-2024-53208
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/275f3f64870245b06188f24bdf917e55a813d294 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53207 – Bluetooth: MGMT: Fix possible deadlocks
https://notcve.org/view.php?id=CVE-2024-53207
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 pp... • https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53206 – tcp: Fix use-after-free of nreq in reqsk_timer_handler().
https://notcve.org/view.php?id=CVE-2024-53206
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). • https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53205 – phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
https://notcve.org/view.php?id=CVE-2024-53205
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/134e6d25f6bd06071e5aac0a7eefcea6f7713955 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53204 – phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
https://notcve.org/view.php?id=CVE-2024-53204
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/adda6e82a7de7d6d478f6c8ef127f0ac51c510a1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53203 – usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
https://notcve.org/view.php?id=CVE-2024-53203
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. • https://git.kernel.org/stable/c/170a6726d0e266f2c8f306e3d61715c32f4ee41e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53202 – firmware_loader: Fix possible resource leak in fw_log_firmware_info()
https://notcve.org/view.php?id=CVE-2024-53202
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. • https://git.kernel.org/stable/c/02fe26f25325b547b7a31a65deb0326c04bb5174 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53201 – drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
https://notcve.org/view.php?id=CVE-2024-53201
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again throu... • https://git.kernel.org/stable/c/65a6fee22d5cfa645cb05489892dc9cd3d142fc2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53200 – drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
https://notcve.org/view.php?id=CVE-2024-53200
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. • https://git.kernel.org/stable/c/0baae624630788862bbd654741929007971e9d5b •