CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56564 – ceph: pass cred pointer to ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2024-56564
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer. As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken. In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() T... • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56563 – ceph: fix cred leak in ceph_mds_check_access()
https://notcve.org/view.php?id=CVE-2024-56563
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56562 – i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
https://notcve.org/view.php?id=CVE-2024-56562
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c... • https://git.kernel.org/stable/c/3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56559 – mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation
https://notcve.org/view.php?id=CVE-2024-56559
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: 001... • https://git.kernel.org/stable/c/282631cb2447318e2a55b41a665dbe8571c46d70 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-a... • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56557 – iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
https://notcve.org/view.php?id=CVE-2024-56557
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 chann... • https://git.kernel.org/stable/c/851644a60d200c9a294de5a5594004bcf13d34c7 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56552 – drm/xe/guc_submit: fix race around suspend_pending
https://notcve.org/view.php?id=CVE-2024-56552
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed! .... WARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe] xe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57 Looking at a snippet of corresponding ftrace for this GuC id we can s... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56551 – drm/amdgpu: fix usage slab after free
https://notcve.org/view.php?id=CVE-2024-56551
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147 [ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008]
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56550 – s390/stacktrace: Use break instead of return statement
https://notcve.org/view.php?id=CVE-2024-56550
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement arch_stack_walk_user_common() contains a return statement instead of a break statement in case store_ip() fails while trying to store a callchain entry of a user space process. This may lead to a missing pagefault_enable() call. If this happens any subsequent page fault of the process won't be resolved by the page fault handler and this in turn will lead to the process being killed. Use... • https://git.kernel.org/stable/c/ebd912ff9919a10609511383d94942362234c077 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56549 – cachefiles: Fix NULL pointer dereference in object->file
https://notcve.org/view.php?id=CVE-2024-56549
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_co... • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •