CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56602 – net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
https://notcve.org/view.php?id=CVE-2024-56602
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. A user-after-free vulnerability was found in the linux kernel. sock_init_dat... • https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56601 – net: inet: do not leave a dangling sk pointer in inet_create()
https://notcve.org/view.php?id=CVE-2024-56601
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error. In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk poi... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56600 – net: inet6: do not leave a dangling sk pointer in inet6_create()
https://notcve.org/view.php?id=CVE-2024-56600
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error. In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56599 – wifi: ath10k: avoid NULL pointer error during sdio remove
https://notcve.org/view.php?id=CVE-2024-56599
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c This is because during 'rmmod ath10k'... • https://git.kernel.org/stable/c/5e3dd157d7e70f0e3cea3f2573ed69fb156a19d5 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56598 – jfs: array-index-out-of-bounds fix in dtReadFirst
https://notcve.org/view.php?id=CVE-2024-56598
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case... • https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948 • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56597 – jfs: fix shift-out-of-bounds in dbSplit
https://notcve.org/view.php?id=CVE-2024-56597
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself. In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself. Ziming Zhang disco... • https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56596 – jfs: fix array-index-out-of-bounds in jfs_readdir
https://notcve.org/view.php?id=CVE-2024-56596
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case. Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle... • https://git.kernel.org/stable/c/b62f41aeec9d250144c53875b507c1d45ae8c8fc • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56595 – jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
https://notcve.org/view.php?id=CVE-2024-56595
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out. In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and ... • https://git.kernel.org/stable/c/b15000bcbecf27e0f7c0f149a409e5b865e28ca2 • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56594 – drm/amdgpu: set the right AMDGPU sg segment limitation
https://notcve.org/view.php?id=CVE-2024-56594
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length as following: WARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370 [ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper dr... • https://git.kernel.org/stable/c/d38ceaf99ed015f2a0b9af3499791bd3a3daae21 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56593 – wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()
https://notcve.org/view.php?id=CVE-2024-56593
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. The problem is the number of entries in the pre-allocated sgtable, it is nents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1. Given the default [rt]xgl... • https://git.kernel.org/stable/c/342f87d263462c2670b77ea9a32074cab2ac6fa1 • CWE-476: NULL Pointer Dereference •