CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53214 – vfio/pci: Properly hide first-in-list PCIe extended capability
https://notcve.org/view.php?id=CVE-2024-53214
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally chosen to be hidden from the user. Hiding a capability is done by virtualizing and modifying the 'Next Capability Offset' field of the previous capability so it poin... • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53213 – net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
https://notcve.org/view.php?id=CVE-2024-53213
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. No... • https://git.kernel.org/stable/c/a6df95cae40bee555e01a37b4023ce8e97ffa249 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53210 – s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
https://notcve.org/view.php?id=CVE-2024-53210
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 ... • https://git.kernel.org/stable/c/eac3731bd04c7131478722a3c148b78774553116 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53209 – bnxt_en: Fix receive ring space parameters when XDP is active
https://notcve.org/view.php?id=CVE-2024-53209
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring setting may need to be changed and it may become out-of-sync with the settings initially done in bnxt_set_rx_skb_mode(). This may result in rando... • https://git.kernel.org/stable/c/08450ea98ae98d5a35145b675b76db616046ea11 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53208 – Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
https://notcve.org/view.php?id=CVE-2024-53208
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/275f3f64870245b06188f24bdf917e55a813d294 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53207 – Bluetooth: MGMT: Fix possible deadlocks
https://notcve.org/view.php?id=CVE-2024-53207
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 pp... • https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53206 – tcp: Fix use-after-free of nreq in reqsk_timer_handler().
https://notcve.org/view.php?id=CVE-2024-53206
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). • https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53205 – phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
https://notcve.org/view.php?id=CVE-2024-53205
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/134e6d25f6bd06071e5aac0a7eefcea6f7713955 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53204 – phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
https://notcve.org/view.php?id=CVE-2024-53204
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/adda6e82a7de7d6d478f6c8ef127f0ac51c510a1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53203 – usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
https://notcve.org/view.php?id=CVE-2024-53203
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. • https://git.kernel.org/stable/c/170a6726d0e266f2c8f306e3d61715c32f4ee41e •