CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53185 – smb: client: fix NULL ptr deref in crypto_aead_setkey()
https://notcve.org/view.php?id=CVE-2024-53185
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. See MS-SMB2 3.3.5.4. Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added a @server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but that check would a... • https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53184 – um: ubd: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53184
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blk_mq_free_tag_set+0x1f/0xba RSP: 00000000e2083bf0 EFLAGS: 00010246 RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 RBP: 00000000e2083c10 R08: 0000000062... • https://git.kernel.org/stable/c/23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53183 – um: net: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53183
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the uml_net instance. Otherwise, removing a network device will result in a crash: RIP: 0033:net_device_release+0x10/0x6f RSP: 00000000e20c7c40 EFLAGS: 00010206 RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0 RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028 RBP: 00000000e20c7c50 R08: 000... • https://git.kernel.org/stable/c/b174ab33aaafd556a1ead72fa8e35d70b6fb1e39 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53181 – um: vector: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53181
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the vector_device instance. Otherwise, removing a vector device will result in a crash: RIP: 0033:vector_device_release+0xf/0x50 RSP: 00000000e187bc40 EFLAGS: 00010202 RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0 RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000 RBP: 00000000e187bc5... • https://git.kernel.org/stable/c/8ed7793f6f589b4e1f0b38f8448578d2a48f9c82 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53180 – ALSA: pcm: Add sanity NULL check for the default mmap fault handler
https://notcve.org/view.php?id=CVE-2024-53180
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic. • https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53179 – smb: client: fix use-after-free of signing key
https://notcve.org/view.php?id=CVE-2024-53179
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() ... • https://git.kernel.org/stable/c/0e2b654a3848bf9da3b0d54c1ccf3f1b8c635591 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53178 – smb: Don't leak cfid when reconnect races with open_cached_dir
https://notcve.org/view.php?id=CVE-2024-53178
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with open_cached_dir open_cached_dir() may either race with the tcon reconnection even before compound_send_recv() or directly trigger a reconnection via SMB2_open_init() or SMB_query_info_init(). The reconnection process invokes invalidate_all_cached_dirs() via cifs_mark_open_files_invalid(), which removes all cfids from the cfids->entries list but doesn't drop a ref if has_lease isn't true. Thi... • https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53177 – smb: prevent use-after-free due to open_cached_dir error paths
https://notcve.org/view.php?id=CVE-2024-53177
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to open_cached_dir error paths If open_cached_dir() encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in open_cached_dir() freeing the cfid while the queued work is pending. Update open_cached_dir() to drop refs rather than directly freeing the cfid. Have cached_dir_lease_break(), cfids_laundromat_worker(), and invalidate_all_cached_... • https://git.kernel.org/stable/c/791f833053578b9fd24252ebb7162a61bc3f805b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53176 – smb: During unmount, ensure all cached dir instances drop their dentry
https://notcve.org/view.php?id=CVE-2024-53176
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can race with various cached directory operations, which ultimately results in dentries not being dropped and these kernel BUGs: BUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs] VFS: Busy inodes after unmount of cifs (cifs) ------------[ cut here ]-----------... • https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53175 – ipc: fix memleak if msg_init_ns failed in create_ipc_ns
https://notcve.org/view.php?id=CVE-2024-53175
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msg_init_ns failed in create_ipc_ns Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure. Here is the kmemleak stack when percpu failed: unreferenced object 0xffff88819de2a600 (size 512): comm "shmem_2nstest", pid 120711, jiffies 4300542254 hex dump (first 32... • https://git.kernel.org/stable/c/72d1e611082eda18689106a0c192f2827072713c •