CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53195 – KVM: arm64: Get rid of userspace_irqchip_in_use
https://notcve.org/view.php?id=CVE-2024-53195
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Get rid of userspace_irqchip_in_use Improper use of userspace_irqchip_in_use led to syzbot hitting the following WARN_ON() in kvm_timer_update_irq(): WARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394 Call trace: kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459 kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968 kvm_reset_vcpu+0x3b4/0x560 arch/arm64... • https://git.kernel.org/stable/c/dd2f9861f27571d47998d71e7516bf7216db0b52 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53194 – PCI: Fix use-after-free of slot->bus on hot remove
https://notcve.org/view.php?id=CVE-2024-53194
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot firmware"), USB4 v2 and v1 Host Routers are reset on probe of the thunderbolt driver. The reset clears the Presence Detect State and Data Link Layer Link Active bits at the US... • https://git.kernel.org/stable/c/50473dd3b2a08601a078f852ea05572de9b1f86c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53191 – wifi: ath12k: fix warning when unbinding
https://notcve.org/view.php?id=CVE-2024-53191
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix warning when unbinding If there is an error during some initialization related to firmware, the buffers dp->tx_ring[i].tx_status are released. However this is released again when the device is unbinded (ath12k_pci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80 Call Trace: free_large_kmalloc ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible fr... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53190 – wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures
https://notcve.org/view.php?id=CVE-2024-53190
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Syzkaller reported a hung task with uevent_show() on stack trace. That specific issue was addressed by another commit [0], but even with that fix applied (for example, running v6.12-rc5) we face another type of hung task that comes from the same reproducer [1]. By investigating that, we could narrow it to the following path: (a) Syzkaller emulates a Realtek ... • https://git.kernel.org/stable/c/c386fb76f01794f1023d01a6ec5f5c93d00acd3b •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53188 – wifi: ath12k: fix crash when unbinding
https://notcve.org/view.php?id=CVE-2024-53188
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix crash when unbinding If there is an error during some initialization related to firmware, the function ath12k_dp_cc_cleanup is called to release resources. However this is released again when the device is unbinded (ath12k_pci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12k_dp_cc_cleanup ath12k_dp_free ath12k_cor... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53187 – io_uring: check for overflows in io_pin_pages
https://notcve.org/view.php?id=CVE-2024-53187
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: check for overflows in io_pin_pages WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144 CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0 Call Trace:
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53186 – ksmbd: fix use-after-free in SMB request handling
https://notcve.org/view.php?id=CVE-2024-53186
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling in `ksmbd_conn_handler_loop()` and the freeing of `ksmbd_conn` in the workqueue handler `handle_ksmbd_work()`. This leads to a UAF. - KASAN: slab-use-after-free Read in handle_ksmbd_work - KASAN: slab-use-after-free in rtlock_slowlock_locked This race condition arises as follows: - `ksmbd_conn_handler_loop()` waits for `conn->r_count` t... • https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53185 – smb: client: fix NULL ptr deref in crypto_aead_setkey()
https://notcve.org/view.php?id=CVE-2024-53185
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. See MS-SMB2 3.3.5.4. Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added a @server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but that check would a... • https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53184 – um: ubd: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53184
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blk_mq_free_tag_set+0x1f/0xba RSP: 00000000e2083bf0 EFLAGS: 00010246 RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 RBP: 00000000e2083c10 R08: 0000000062... • https://git.kernel.org/stable/c/23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53183 – um: net: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53183
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the uml_net instance. Otherwise, removing a network device will result in a crash: RIP: 0033:net_device_release+0x10/0x6f RSP: 00000000e20c7c40 EFLAGS: 00010206 RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0 RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028 RBP: 00000000e20c7c50 R08: 000... • https://git.kernel.org/stable/c/b174ab33aaafd556a1ead72fa8e35d70b6fb1e39 •