CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56622 – scsi: ufs: core: sysfs: Prevent div by zero
https://notcve.org/view.php?id=CVE-2024-56622
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. • https://git.kernel.org/stable/c/1d8613a23f3c3b8f0101e453ff150e05a0d1cd4f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56621 – scsi: ufs: core: Cancel RTC work during ufshcd_remove()
https://notcve.org/view.php?id=CVE-2024-56621
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call tr... • https://git.kernel.org/stable/c/6bf999e0eb41850d5c857102535d5c53b2ede224 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56620 – scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
https://notcve.org/view.php?id=CVE-2024-56620
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus... • https://git.kernel.org/stable/c/519b6274a7775f5fe00a086f189efb8f063467d1 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56619 – nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()
https://notcve.org/view.php?id=CVE-2024-56619
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directo... • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56618 – pmdomain: imx: gpcv2: Adjust delay after power up handshake
https://notcve.org/view.php?id=CVE-2024-56618
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panic still be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm6... • https://git.kernel.org/stable/c/e8dc41afca161b988e6d462f4d0803d247e22250 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56617 – cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU
https://notcve.org/view.php?id=CVE-2024-56617
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed. If the early build functionali... • https://git.kernel.org/stable/c/6539cffa94957241c096099a57d05fa4d8c7db8a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56616 – drm/dp_mst: Fix MST sideband message body length check
https://notcve.org/view.php?id=CVE-2024-56616
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corrupti... • https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56615 – bpf: fix OOB devmap writes when deleting elements
https://notcve.org/view.php?id=CVE-2024-56615
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as changing the type from int to u32, however, when compared to XSKMAP case, one more thing needs to be addressed. When map is released from system via dev_map_free(), we iterate through all of the entries and an iterat... • https://git.kernel.org/stable/c/546ac1ffb70d25b56c1126940e5ec639c4dd7413 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56614 – xsk: fix OOB map writes when deleting elements
https://notcve.org/view.php?id=CVE-2024-56614
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xsk_map_delete_elem function an unsigned integer (map->max_entries) is compared with a user-controlled signed integer (k). Due to implicit type conversion, a large unsigned value for map->max_entries can bypass the intended bounds check: if (k >= map->max_entries) return -EINVAL; This allows k to hold a negative value (between -2147483648 and -2), which is then used as an a... • https://git.kernel.org/stable/c/fbfc504a24f53f7ebe128ab55cb5dba634f4ece8 •
CVSS: 6.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56613 – sched/numa: fix memory leak due to the overwritten vma->numab_state
https://notcve.org/view.php?id=CVE-2024-56613
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bin/hackbench 20 thread 1000 Running with 20*40 (== 800) tasks. # dmesg | grep kmemleak ... kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 665 new suspected memory leaks (see /sys/kernel/debug/kmemleak)... • https://git.kernel.org/stable/c/ef6a22b70f6d90449a5c797b8968a682824e2011 •