CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53170 – block: fix uaf for flush rq while iterating tags
https://notcve.org/view.php?id=CVE-2024-53170
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is cleared in del_gendisk by commit aec89dc5d421 ("block: keep q_usage_counter in atomic mode after del_gendisk"), hence for disk like scsi, following blk_mq_destroy_queue() will not clear flush rq from tags->rqs[] as well, cause following uaf that is found by ou... • https://git.kernel.org/stable/c/6cfeadbff3f8905f2854735ebb88e581402c16c4 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53168 – sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
https://notcve.org/view.php?id=CVE-2024-53168
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace:
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53166 – block, bfq: fix bfqq uaf in bfq_limit_depth()
https://notcve.org/view.php?id=CVE-2024-53166
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-... • https://git.kernel.org/stable/c/76f1df88bbc2f984eb0418cc90de0a8384e63604 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53165 – sh: intc: Fix use-after-free bug in register_intc_controller()
https://notcve.org/view.php?id=CVE-2024-53165
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded. • https://git.kernel.org/stable/c/2dcec7a988a1895540460a0bf5603bab63d5a3ed •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49034 – sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK
https://notcve.org/view.php?id=CVE-2022-49034
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0... • https://git.kernel.org/stable/c/8fbb57eabfc8ae67115cb47f904614c99d626a89 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53164 – net: sched: fix ordering of qlen adjustment
https://notcve.org/view.php?id=CVE-2024-53164
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. • https://git.kernel.org/stable/c/489422e2befff88a1de52b2acebe7b333bded025 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53161 – EDAC/bluefield: Fix potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53161
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. l... • https://git.kernel.org/stable/c/82413e562ea6eadfb6de946dcc6f74af31d64e7f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53160 – rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
https://notcve.org/view.php?id=CVE-2024-53160
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function:
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53159 – hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-53159
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/c3963bc0a0cf9ecb205a9d4976eb92b6df2fa3fd •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53158 – soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
https://notcve.org/view.php?id=CVE-2024-53158
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. • https://git.kernel.org/stable/c/eddac5af06546d2e7a0730e3dc02dde3dc91098a •