CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56564 – ceph: pass cred pointer to ceph_mds_auth_match()
https://notcve.org/view.php?id=CVE-2024-56564
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer. As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken. In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() T... • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56563 – ceph: fix cred leak in ceph_mds_check_access()
https://notcve.org/view.php?id=CVE-2024-56563
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. • https://git.kernel.org/stable/c/596afb0b8933ba6ed7227adcc538db26feb25c74 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56562 – i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()
https://notcve.org/view.php?id=CVE-2024-56562
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c... • https://git.kernel.org/stable/c/3a379bbcea0af6280e1ca0d1edfcf4e68cde6ee0 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56561 – PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy()
https://notcve.org/view.php?id=CVE-2024-56561
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues: - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue. - Domain ID corresponds to the EPC device parent, so passing 'epc->dev' is also wrong. Fix these issues by passing 'epc->dev.parent' to... • https://git.kernel.org/stable/c/0328947c50324cf4b2d8b181bf948edb8101f59f •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56560 – slab: Fix too strict alignment check in create_cache()
https://notcve.org/view.php?id=CVE-2024-56560
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: slab: Fix too strict alignment check in create_cache() On m68k, where the minimum alignment of unsigned long is 2 bytes: Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22 CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783 Stack from 0102fe5c: 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b 0041eb74 ffffffea 00000310 0051f5ed ffffffea f... • https://git.kernel.org/stable/c/d345bd2e9834e2da505977e154a1c179c793b7b2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56559 – mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation
https://notcve.org/view.php?id=CVE-2024-56559
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: 001... • https://git.kernel.org/stable/c/282631cb2447318e2a55b41a665dbe8571c46d70 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-a... • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56557 – iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
https://notcve.org/view.php?id=CVE-2024-56557
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 chann... • https://git.kernel.org/stable/c/851644a60d200c9a294de5a5594004bcf13d34c7 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56556 – binder: fix node UAF in binder_add_freeze_work()
https://notcve.org/view.php?id=CVE-2024-56556
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix node UAF in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped in order to acquire the node->lock first (lock nesting order). This can race with binder_node_release() and trigger a use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c... • https://git.kernel.org/stable/c/d579b04a52a183db47dfcb7a44304d7747d551e1 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56555 – binder: fix OOB in binder_add_freeze_work()
https://notcve.org/view.php?id=CVE-2024-56555
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix OOB in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped to acquire the node->lock first (lock nesting order). This can race with binder_deferred_release() which removes the nodes from the proc->nodes rbtree and adds them into binder_dead_nodes list. This leads to a broken iteration in binder_add_freeze_work() as rb_next(... • https://git.kernel.org/stable/c/d579b04a52a183db47dfcb7a44304d7747d551e1 •