CVE-2024-56544 – udmabuf: change folios array from kmalloc to kvmalloc
https://notcve.org/view.php?id=CVE-2024-56544
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: change folios array from kmalloc to kvmalloc When PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine, page_alloc only support 4MB. If above this, trigger this warn and return NULL. udmabuf can change size limit, if change it to 3072(3GB), and then alloc 3GB udmabuf, will fail create. [ 4080.876581] ------------[ cut here ]------------ [ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350 [ 4080.87... • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •
CVE-2024-56543 – wifi: ath12k: Skip Rx TID cleanup for self peer
https://notcve.org/view.php?id=CVE-2024-56543
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 ath12... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVE-2024-56541 – wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()
https://notcve.org/view.php?id=CVE-2024-56541
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees the ah->hw as well as all the ar's in it. After this ath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup() tries to access one of the freed ar's from pending skb. This is because during mac destroy, driver failed to flush few data packets, which wer... • https://git.kernel.org/stable/c/24de1b7b231cf01d08d12db26e66b0c46253a7da •
CVE-2024-56540 – accel/ivpu: Prevent recovery invocation during probe and resume
https://notcve.org/view.php?id=CVE-2024-56540
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correct handling of operations that should not trigger a recovery process. Expose ivpu_send_receive_internal(), which is now utilized by the D0i3 entry, DCT initialization, and HWS initialization functions. These functions have been modified to return error codes gracefully, rather than initiating recovery. The updated functions ... • https://git.kernel.org/stable/c/45e45362e0955fc3b0b622e8a0d788097f3de902 •
CVE-2024-56539 – wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
https://notcve.org/view.php?id=CVE-2024-56539
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/... • https://git.kernel.org/stable/c/5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e •
CVE-2024-56538 – drm: zynqmp_kms: Unplug DRM device before removal
https://notcve.org/view.php?id=CVE-2024-56538
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an error without further calls into this driver's internals. In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM d... • https://git.kernel.org/stable/c/d76271d22694e874ed70791702db9252ffe96a4c •
CVE-2024-56537 – drm: xlnx: zynqmp_disp: layer may be null while releasing
https://notcve.org/view.php?id=CVE-2024-56537
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer in zynqmp_disp_create_layers In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer in zynqmp_disp_create_layers • https://git.kernel.org/stable/c/1836fd5ed98db85f249bf755978c964c2607a25d •
CVE-2024-56536 – wifi: cw1200: Fix potential NULL dereference
https://notcve.org/view.php?id=CVE-2024-56536
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis to cause a potential NULL dereference, fix this! In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis to cause a potential NULL dereference, fix this! • https://git.kernel.org/stable/c/2719a9e7156c4b3983b43db467c1ff96801bda99 •
CVE-2024-56535 – wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg()
https://notcve.org/view.php?id=CVE-2024-56535
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() kmalloc may fail, return value might be NULL and will cause NULL pointer dereference. Add check NULL return of kmalloc in btc_fw_set_monreg(). In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() kmalloc may fail, return value might be NULL and will cause NULL pointer dereference. Add c... • https://git.kernel.org/stable/c/b952cb0a6e2d2e6942de3f8c6a1bd985815b9550 •
CVE-2024-56534 – isofs: avoid memory leak in iocharset
https://notcve.org/view.php?id=CVE-2024-56534
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: isofs: avoid memory leak in iocharset A memleak was found as below: unreferenced object 0xffff0000d10164d8 (size 8): comm "pool-udisksd", pid 108217, jiffies 4295408555 hex dump (first 8 bytes): 75 74 66 38 00 cc cc cc utf8.... backtrace (crc de430d31): [