CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53223 – clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs
https://notcve.org/view.php?id=CVE-2024-53223
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Base clocks are the first in being probed and are real dependencies of the rest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880, RT305x and RT3883 'xtal' must be defined first since in any other case, when fixed clocks are probed they are delayed until 'xtal' is probed so the following warning appears: WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mt... • https://git.kernel.org/stable/c/6f3b15586eef736831abe6a14f2a6906bc0dc074 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53222 – zram: fix NULL pointer in comp_algorithm_show()
https://notcve.org/view.php?id=CVE-2024-53222
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show() LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_strcmp+0x24/0x140 lr : zcomp_available_show+0x60/0x100 [zram] sp : ffff800088b93b90 x29: ffff800088b93b90 x28: 0000000000... • https://git.kernel.org/stable/c/7ac07a26dea79c3892436bce41cce03dcbd3c4c7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53221 – f2fs: fix null-ptr-deref in f2fs_submit_page_bio()
https://notcve.org/view.php?id=CVE-2024-53221
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_submit_page_bio() There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Call Trace:
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53220 – f2fs: fix to account dirty data in __get_secs_required()
https://notcve.org/view.php?id=CVE-2024-53220
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in __get_secs_required() It will trigger system panic w/ testcase in [1]: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:new_curseg+0xc81/0x2110 Call Trace: f2fs_allocate_data_block+0x1c91/0x4540 do_write_page+0x163/0xdf0 f2fs_outplace_write_data+0x1aa/0x340 f2fs_do_write_data_page+0x797/0x2280 f2fs_write_single_data_page+0x16cd/0x2190 f2fs_write_cache_pages+0x99... • https://git.kernel.org/stable/c/4354994f097d068a894aa1a0860da54571df3582 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53219 – virtiofs: use pages instead of pointer for kernel direct IO
https://notcve.org/view.php?id=CVE-2024-53219
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 404 at mm/page_alloc.c:4551 ...... Modules linked in: CPU: 1 PID: 404 Comm: insmod Not tainted 6.9.0-rc5+ #123 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:__alloc_p... • https://git.kernel.org/stable/c/a62a8ef9d97da23762a588592c8b8eb50a8deb6a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53218 – f2fs: fix race in concurrent f2fs_stop_gc_thread
https://notcve.org/view.php?id=CVE-2024-53218
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix race in concurrent f2fs_stop_gc_thread In my test case, concurrent calls to f2fs shutdown report the following stack trace: Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53217 – NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
https://notcve.org/view.php?id=CVE-2024-53217
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault. • https://git.kernel.org/stable/c/dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53216 – nfsd: release svc_expkey/svc_export with rcu_work
https://notcve.org/view.php?id=CVE-2024-53216
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: release svc_expkey/svc_export with rcu_work The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues: 1. The `svc_export_put` will directly free ex_uuid. However, `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can trigger a use-after-free issue, shown... • https://git.kernel.org/stable/c/9ceddd9da13434a5906255c0fc528c385aded283 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53215 – svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init()
https://notcve.org/view.php?id=CVE-2024-53215
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC: Unregistered rdma backchannel transport module. BUG: unable to handle page fault for address: fffffbfff80c609a PGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NO... • https://git.kernel.org/stable/c/1e7e55731628c90d8c701c45f9c3a3b8718840d6 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53214 – vfio/pci: Properly hide first-in-list PCIe extended capability
https://notcve.org/view.php?id=CVE-2024-53214
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally chosen to be hidden from the user. Hiding a capability is done by virtualizing and modifying the 'Next Capability Offset' field of the previous capability so it poin... • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 •