CVSS: 8.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56566 – mm/slub: Avoid list corruption when removing a slab from the full list
https://notcve.org/view.php?id=CVE-2024-56566
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a... • https://git.kernel.org/stable/c/643b113849d8faa68c9f01c3c9d929bfbffd50bd •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56565 – f2fs: fix to drop all discards after creating snapshot on lvm device
https://notcve.org/view.php?id=CVE-2024-56565
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can ... • https://git.kernel.org/stable/c/35ec7d5748849762008e8ae9f8ad2766229d5794 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56564 – ceph: pass cred pointer to ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2024-56564
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer. As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken. In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() T... • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56563 – ceph: fix cred leak in ceph_mds_check_access()
https://notcve.org/view.php?id=CVE-2024-56563
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56562 – i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
https://notcve.org/view.php?id=CVE-2024-56562
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c... • https://git.kernel.org/stable/c/3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56561 – PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()
https://notcve.org/view.php?id=CVE-2024-56561
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues: - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue. - Domain ID corresponds to the EPC device parent, so passing 'epc->dev' is also wrong. Fix these issues by passing 'epc->dev.parent' to... • https://git.kernel.org/stable/c/0328947c50324cf4b2d8b181bf948edb8101f59f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56559 – mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation
https://notcve.org/view.php?id=CVE-2024-56559
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: 001... • https://git.kernel.org/stable/c/282631cb2447318e2a55b41a665dbe8571c46d70 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-a... • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56557 – iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
https://notcve.org/view.php?id=CVE-2024-56557
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 chann... • https://git.kernel.org/stable/c/851644a60d200c9a294de5a5594004bcf13d34c7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56552 – drm/xe/guc_submit: fix race around suspend_pending
https://notcve.org/view.php?id=CVE-2024-56552
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed! .... WARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe] xe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57 Looking at a snippet of corresponding ftrace for this GuC id we can s... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •