CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56565 – f2fs: fix to drop all discards after creating snapshot on lvm device
https://notcve.org/view.php?id=CVE-2024-56565
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can ... • https://git.kernel.org/stable/c/35ec7d5748849762008e8ae9f8ad2766229d5794 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56562 – i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
https://notcve.org/view.php?id=CVE-2024-56562
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c... • https://git.kernel.org/stable/c/3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-a... • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56557 – iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
https://notcve.org/view.php?id=CVE-2024-56557
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 chann... • https://git.kernel.org/stable/c/851644a60d200c9a294de5a5594004bcf13d34c7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56552 – drm/xe/guc_submit: fix race around suspend_pending
https://notcve.org/view.php?id=CVE-2024-56552
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed! .... WARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe] xe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57 Looking at a snippet of corresponding ftrace for this GuC id we can s... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56551 – drm/amdgpu: fix usage slab after free
https://notcve.org/view.php?id=CVE-2024-56551
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147 [ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008]
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56549 – cachefiles: Fix NULL pointer dereference in object->file
https://notcve.org/view.php?id=CVE-2024-56549
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_co... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-56548 – hfsplus: don't query the device logical block size multiple times
https://notcve.org/view.php?id=CVE-2024-56548
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a ne... • https://git.kernel.org/stable/c/6596528e391ad978a6a120142cba97a1d7324cb6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56546 – drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
https://notcve.org/view.php?id=CVE-2024-56546
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path. In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocati... • https://git.kernel.org/stable/c/05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56545 – HID: hyperv: streamline driver probe to avoid devres issues
https://notcve.org/view.php?id=CVE-2024-56545
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hid_hyperv' module results in a devres complaint: ... hv_vmbus: unregistering driver hid_hyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 ... Call Trace: <TASK> ? devres_release_group+0x1f2/0x2c0 ? __warn+0xd1/0x1c0 ? devres_release_group+0x1f2/0x2c0 ? • https://git.kernel.org/stable/c/62c68e7cee332e08e625af3bca3318814086490d •