CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57887 – drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
https://notcve.org/view.php?id=CVE-2024-57887
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: adv7511: Se corrige el use-after-free en adv7... • https://git.kernel.org/stable/c/1e4d58cd7f888522d16f221d628356befbb08468 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57884 – mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
https://notcve.org/view.php?id=CVE-2024-57884
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ff... • https://git.kernel.org/stable/c/5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57883 – mm: hugetlb: independent PMD page table shared count
https://notcve.org/view.php?id=CVE-2024-57883
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000... • https://git.kernel.org/stable/c/39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57876 – drm/dp_mst: Fix resetting msg rx state after topology removal
https://notcve.org/view.php?id=CVE-2024-57876
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The r... • https://git.kernel.org/stable/c/b30fcedeba643ca16eaa6212c1245598b7cd830d •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57875 – block: RCU protect disk->conv_zones_bitmap
https://notcve.org/view.php?id=CVE-2024-57875
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace... • https://git.kernel.org/stable/c/493326c4f10cc71a42c27fdc97ce112182ee4cbc •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57874 – arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL
https://notcve.org/view.php?id=CVE-2024-57874
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a ... • https://git.kernel.org/stable/c/2200aa7154cb7ef76bac93e98326883ba64bfa2e •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57872 – scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
https://notcve.org/view.php?id=CVE-2024-57872
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memo... • https://git.kernel.org/stable/c/03b1781aa978aab345b5a85d8596f8615281ba89 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57850 – jffs2: Prevent rtime decompress memory corruption
https://notcve.org/view.php?id=CVE-2024-57850
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompre... • https://git.kernel.org/stable/c/421f9e9f0fae9f8e721ffa07f22d9765fa1214d5 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57849 – s390/cpum_sf: Handle CPU hotplug remove during sampling
https://notcve.org/view.php?id=CVE-2024-57849
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the following function call sequence: CPUHP_AP_PERF_S390_SF_ONLINE --> s390_pmu_sf_offline_cpu() ... CPUHP_AP_PERF_ONLINE --> perf_event_exit_cpu() The s390 CPUMF sampling CPU hotplug handler invokes: s390_pmu_sf_offline_cpu() +--> cpusf_pmu_setup() +--> setup_pmc_cpu() +--> deallocate_buffers() This function de-allocates all sampling data buffers (... • https://git.kernel.org/stable/c/238e3af849dfdcb1faed544349f7025e533f9aab •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57843 – virtio-net: fix overflow inside virtnet_rq_alloc
https://notcve.org/view.php?id=CVE-2024-57843
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc When the frag just got a page, then may lead to regression on VM. Specially if the sysctl net.core.high_order_alloc_disable value is 1, then the frag always get a page when do refill. Which could see reliable crashes or scp failure (scp a file 100M in size to VM). The issue is that the virtnet_rq_dma takes up 16 bytes at the beginning of a new frag. When the frag size is larger than PAGE_SIZE... • https://git.kernel.org/stable/c/a8f7d6963768b114ec9644ff0148dde4c104e84b •