CVE-2024-56549 – cachefiles: Fix NULL pointer dereference in object->file
https://notcve.org/view.php?id=CVE-2024-56549
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_co... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVE-2024-56548 – hfsplus: don't query the device logical block size multiple times
https://notcve.org/view.php?id=CVE-2024-56548
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a ne... • https://git.kernel.org/stable/c/6596528e391ad978a6a120142cba97a1d7324cb6 •
CVE-2024-56547 – rcu/nocb: Fix missed RCU barrier on deoffloading
https://notcve.org/view.php?id=CVE-2024-56547
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60 test_boost=2, will trigger the following warning: WARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0 RIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0 Call Trace:
CVE-2024-56546 – drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
https://notcve.org/view.php?id=CVE-2024-56546
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path. In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocati... • https://git.kernel.org/stable/c/05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700 •
CVE-2024-56545 – HID: hyperv: streamline driver probe to avoid devres issues
https://notcve.org/view.php?id=CVE-2024-56545
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hid_hyperv' module results in a devres complaint: ... hv_vmbus: unregistering driver hid_hyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 ... Call Trace: <TASK> ? devres_release_group+0x1f2/0x2c0 ? __warn+0xd1/0x1c0 ? devres_release_group+0x1f2/0x2c0 ? • https://git.kernel.org/stable/c/62c68e7cee332e08e625af3bca3318814086490d •
CVE-2024-56544 – udmabuf: change folios array from kmalloc to kvmalloc
https://notcve.org/view.php?id=CVE-2024-56544
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: change folios array from kmalloc to kvmalloc When PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine, page_alloc only support 4MB. If above this, trigger this warn and return NULL. udmabuf can change size limit, if change it to 3072(3GB), and then alloc 3GB udmabuf, will fail create. [ 4080.876581] ------------[ cut here ]------------ [ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350 [ 4080.87... • https://git.kernel.org/stable/c/2acc6192aa8570661ed37868c02c03002b1dc290 •
CVE-2024-56543 – wifi: ath12k: Skip Rx TID cleanup for self peer
https://notcve.org/view.php?id=CVE-2024-56543
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 ath12... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVE-2024-56542 – drm/amd/display: fix a memleak issue when driver is removed
https://notcve.org/view.php?id=CVE-2024-56542
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a memleak issue when driver is removed Running "modprobe amdgpu" the second time (followed by a modprobe -r amdgpu) causes a call trace like: [ 845.212163] Memory manager not clean during takedown. [ 845.212170] WARNING: CPU: 4 PID: 2481 at drivers/gpu/drm/drm_mm.c:999 drm_mm_takedown+0x2b/0x40 [ 845.212177] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amddrm_buddy(OE) amdxcp(OE) amd_sched(OE) drm_exec drm_subal... • https://git.kernel.org/stable/c/43ebd0faec24652cb529ceefd594c61897059f90 •
CVE-2024-56541 – wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()
https://notcve.org/view.php?id=CVE-2024-56541
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees the ah->hw as well as all the ar's in it. After this ath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup() tries to access one of the freed ar's from pending skb. This is because during mac destroy, driver failed to flush few data packets, which wer... • https://git.kernel.org/stable/c/24de1b7b231cf01d08d12db26e66b0c46253a7da •
CVE-2024-56540 – accel/ivpu: Prevent recovery invocation during probe and resume
https://notcve.org/view.php?id=CVE-2024-56540
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correct handling of operations that should not trigger a recovery process. Expose ivpu_send_receive_internal(), which is now utilized by the D0i3 entry, DCT initialization, and HWS initialization functions. These functions have been modified to return error codes gracefully, rather than initiating recovery. The updated functions ... • https://git.kernel.org/stable/c/45e45362e0955fc3b0b622e8a0d788097f3de902 •