CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53155 – ocfs2: fix uninitialized value in ocfs2_file_read_iter()
https://notcve.org/view.php?id=CVE-2024-53155
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages... • https://git.kernel.org/stable/c/7cdfc3a1c3971c9125c317cb8c2525745851798e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53154 – clk: clk-apple-nco: Add NULL check in applnco_probe
https://notcve.org/view.php?id=CVE-2024-53154
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. • https://git.kernel.org/stable/c/6641057d5dba87338780cf3e0d0ae8389ef1125c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53153 – PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
https://notcve.org/view.php?id=CVE-2024-53153
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of qcom_pcie_perst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the Qcom endpoint SoCs supported as of now depend on the refclk from the host f... • https://git.kernel.org/stable/c/570d7715eed8a29ac5bd96c7694f060a991e5a31 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53152 – PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
https://notcve.org/view.php?id=CVE-2024-53152
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the tegra194 endpoint SoCs supported as of now depend on the refclk ... • https://git.kernel.org/stable/c/570d7715eed8a29ac5bd96c7694f060a991e5a31 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53151 – svcrdma: Address an integer overflow
https://notcve.org/view.php?id=CVE-2024-53151
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > warn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write... • https://git.kernel.org/stable/c/78147ca8b4a9b6cf0e597ddd6bf17959e08376c2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources
https://notcve.org/view.php?id=CVE-2024-53150
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is short... • https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53149 – usb: typec: ucsi: glink: fix off-by-one in connector_status
https://notcve.org/view.php?id=CVE-2024-53149
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing Type-C orientation reporting for the third USB-C connector. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3,... • https://git.kernel.org/stable/c/76716fd5bf09725c2c6825264147f16c21e56853 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53148 – comedi: Flush partial mappings in error case
https://notcve.org/view.php?id=CVE-2024-53148
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53147 – exfat: fix out-of-bounds access of directory entries
https://notcve.org/view.php?id=CVE-2024-53147
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an inval... • https://git.kernel.org/stable/c/1acf1a564b6034b5af1e7fb23cb98cb3bb4f6003 •
CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53146 – NFSD: Prevent a potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53146
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX -... • https://git.kernel.org/stable/c/745f7ce5a95e783ba62fe774325829466aec2aa8 •