CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53188 – wifi: ath12k: fix crash when unbinding
https://notcve.org/view.php?id=CVE-2024-53188
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix crash when unbinding If there is an error during some initialization related to firmware, the function ath12k_dp_cc_cleanup is called to release resources. However this is released again when the device is unbinded (ath12k_pci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12k_dp_cc_cleanup ath12k_dp_free ath12k_cor... • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53187 – io_uring: check for overflows in io_pin_pages
https://notcve.org/view.php?id=CVE-2024-53187
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: check for overflows in io_pin_pages WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144 CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0 Call Trace:
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53186 – ksmbd: fix use-after-free in SMB request handling
https://notcve.org/view.php?id=CVE-2024-53186
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling in `ksmbd_conn_handler_loop()` and the freeing of `ksmbd_conn` in the workqueue handler `handle_ksmbd_work()`. This leads to a UAF. - KASAN: slab-use-after-free Read in handle_ksmbd_work - KASAN: slab-use-after-free in rtlock_slowlock_locked This race condition arises as follows: - `ksmbd_conn_handler_loop()` waits for `conn->r_count` t... • https://git.kernel.org/stable/c/18f06bacc197d4ac9b518ad1c69999bc3d83e7aa •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53185 – smb: client: fix NULL ptr deref in crypto_aead_setkey()
https://notcve.org/view.php?id=CVE-2024-53185
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. See MS-SMB2 3.3.5.4. Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added a @server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but that check would a... • https://git.kernel.org/stable/c/0809fb86ad13b29e1d6d491364fc7ea4fb545995 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53184 – um: ubd: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53184
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blk_mq_free_tag_set+0x1f/0xba RSP: 00000000e2083bf0 EFLAGS: 00010246 RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 RBP: 00000000e2083c10 R08: 0000000062... • https://git.kernel.org/stable/c/23d742a3fcd4781eed015a3a93e6a0e3ab1ef2a8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53183 – um: net: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53183
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the uml_net instance. Otherwise, removing a network device will result in a crash: RIP: 0033:net_device_release+0x10/0x6f RSP: 00000000e20c7c40 EFLAGS: 00010206 RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0 RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028 RBP: 00000000e20c7c50 R08: 000... • https://git.kernel.org/stable/c/b174ab33aaafd556a1ead72fa8e35d70b6fb1e39 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53181 – um: vector: Do not use drvdata in release
https://notcve.org/view.php?id=CVE-2024-53181
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the vector_device instance. Otherwise, removing a vector device will result in a crash: RIP: 0033:vector_device_release+0xf/0x50 RSP: 00000000e187bc40 EFLAGS: 00010202 RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0 RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000 RBP: 00000000e187bc5... • https://git.kernel.org/stable/c/8ed7793f6f589b4e1f0b38f8448578d2a48f9c82 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53180 – ALSA: pcm: Add sanity NULL check for the default mmap fault handler
https://notcve.org/view.php?id=CVE-2024-53180
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic. • https://git.kernel.org/stable/c/8799f4332a9fd812eadfbc32fc5104d6292f754f •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53179 – smb: client: fix use-after-free of signing key
https://notcve.org/view.php?id=CVE-2024-53179
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() ... • https://git.kernel.org/stable/c/0e2b654a3848bf9da3b0d54c1ccf3f1b8c635591 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53178 – smb: Don't leak cfid when reconnect races with open_cached_dir
https://notcve.org/view.php?id=CVE-2024-53178
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with open_cached_dir open_cached_dir() may either race with the tcon reconnection even before compound_send_recv() or directly trigger a reconnection via SMB2_open_init() or SMB_query_info_init(). The reconnection process invokes invalidate_all_cached_dirs() via cifs_mark_open_files_invalid(), which removes all cfids from the cfids->entries list but doesn't drop a ref if has_lease isn't true. Thi... • https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7 •