CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53160 – rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
https://notcve.org/view.php?id=CVE-2024-53160
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function:
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53159 – hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-53159
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/c3963bc0a0cf9ecb205a9d4976eb92b6df2fa3fd •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53158 – soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
https://notcve.org/view.php?id=CVE-2024-53158
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. • https://git.kernel.org/stable/c/eddac5af06546d2e7a0730e3dc02dde3dc91098a •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53157 – firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
https://notcve.org/view.php?id=CVE-2024-53157
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 ... • https://git.kernel.org/stable/c/8cb7cf56c9fe5412de238465b27ef35b4d2801aa •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53156 – wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
https://notcve.org/view.php?id=CVE-2024-53156
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_fir... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53155 – ocfs2: fix uninitialized value in ocfs2_file_read_iter()
https://notcve.org/view.php?id=CVE-2024-53155
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: ... • https://git.kernel.org/stable/c/7cdfc3a1c3971c9125c317cb8c2525745851798e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53154 – clk: clk-apple-nco: Add NULL check in applnco_probe
https://notcve.org/view.php?id=CVE-2024-53154
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. • https://git.kernel.org/stable/c/6641057d5dba87338780cf3e0d0ae8389ef1125c •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53151 – svcrdma: Address an integer overflow
https://notcve.org/view.php?id=CVE-2024-53151
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > warn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check... • https://git.kernel.org/stable/c/78147ca8b4a9b6cf0e597ddd6bf17959e08376c2 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources
https://notcve.org/view.php?id=CVE-2024-53150
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is ... • https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53148 – comedi: Flush partial mappings in error case
https://notcve.org/view.php?id=CVE-2024-53148
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mapp... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •