CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53206 – tcp: Fix use-after-free of nreq in reqsk_timer_handler().
https://notcve.org/view.php?id=CVE-2024-53206
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). • https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53205 – phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
https://notcve.org/view.php?id=CVE-2024-53205
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/134e6d25f6bd06071e5aac0a7eefcea6f7713955 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53204 – phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
https://notcve.org/view.php?id=CVE-2024-53204
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/adda6e82a7de7d6d478f6c8ef127f0ac51c510a1 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53203 – usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
https://notcve.org/view.php?id=CVE-2024-53203
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. • https://git.kernel.org/stable/c/170a6726d0e266f2c8f306e3d61715c32f4ee41e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53202 – firmware_loader: Fix possible resource leak in fw_log_firmware_info()
https://notcve.org/view.php?id=CVE-2024-53202
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. • https://git.kernel.org/stable/c/02fe26f25325b547b7a31a65deb0326c04bb5174 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53201 – drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
https://notcve.org/view.php?id=CVE-2024-53201
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again throu... • https://git.kernel.org/stable/c/65a6fee22d5cfa645cb05489892dc9cd3d142fc2 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53200 – drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
https://notcve.org/view.php?id=CVE-2024-53200
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. • https://git.kernel.org/stable/c/0baae624630788862bbd654741929007971e9d5b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53198 – xen: Fix the issue of resource not being properly released in xenbus_dev_probe()
https://notcve.org/view.php?id=CVE-2024-53198
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() This patch fixes an issue in the function xenbus_dev_probe(). In the xenbus_dev_probe() function, within the if (err) branch at line 313, the program incorrectly returns err directly without releasing the resources allocated by err = drv->probe(dev, id). As the return value is non-zero, the upper layers assume the processing logic has failed. However, the pro... • https://git.kernel.org/stable/c/4bac07c993d03434ea902d3d4290d9e45944b66c •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53197 – ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
https://notcve.org/view.php?id=CVE-2024-53197
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53196 – KVM: arm64: Don't retire aborted MMIO instruction
https://notcve.org/view.php?id=CVE-2024-53196
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. Nevertheless, it's clear that this plumbing has seen limited testing, since userspace can trivially cause a WARN in the MMIO return: WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536 Cal... • https://git.kernel.org/stable/c/da345174ceca052469e4775e4ae263b5f27a9355 •