CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2024-57935 – RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
https://notcve.org/view.php?id=CVE-2024-57935
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed. In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will... • https://git.kernel.org/stable/c/f48084857b9e3d73c1d290307b5a11f61e6f666a •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-57934 – fgraph: Add READ_ONCE() when accessing fgraph_array[]
https://notcve.org/view.php?id=CVE-2024-57934
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: fgraph: Add READ_ONCE() when accessing fgraph_array[] In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[] elements, which are fgraph_ops. The loop checks if an element is a fgraph_stub to prevent using a fgraph_stub afterward. However, if the compiler reloads fgraph_array[] after this check, it might race with an update to fgraph_array[] that introduces a fgraph_stub. This could result in the stub being processed, but t... • https://git.kernel.org/stable/c/37238abe3cb47b8daaa8706c9949f67b2a705cf1 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-57933 – gve: guard XSK operations on the existence of queues
https://notcve.org/view.php?id=CVE-2024-57933
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK pools would result in a crash, as the RX queue pointer would be NULL. XSK pool registration will occur as part of the next interface up. Similarly, xsk_wakeup needs be guarded against queues disappearing while the function is executing... • https://git.kernel.org/stable/c/fd8e40321a12391e6f554cc637d0c4b6109682a9 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-57932 – gve: guard XDP xmit NDO on existence of xdp queues
https://notcve.org/view.php?id=CVE-2024-57932
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these conditions are false. In the case of no loaded XDP program, priv->num_xdp_queues=0 which can cause a divide-by-zero error, and in the case of interface down, num_xdp_queues remains untouched to persist XDP queue count for... • https://git.kernel.org/stable/c/39a7f4aa3e4a7947614cf1d5c27abba3300adb1e •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2024-57931 – selinux: ignore unknown extended permissions
https://notcve.org/view.php?id=CVE-2024-57931
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This co... • https://git.kernel.org/stable/c/fa1aa143ac4a682c7f5fd52a3cf05f5a6fe44a0a •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2024-57930 – tracing: Have process_string() also allow arrays
https://notcve.org/view.php?id=CVE-2024-57930
21 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an address of an allocated string to the ring buffer and then references it in TP_printk(), which can be executed hours later when the string is free, the function test_event_printk() runs on all events as they are registered to make sure there's no unwanted dereferencing. It calls process_string() to handle cases i... • https://git.kernel.org/stable/c/f3ff759ec636b4094b8eb2c3801e4e6c97a6b712 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21655 – io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period
https://notcve.org/view.php?id=CVE-2025-21655
20 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directly if the refcount drops to zero. This isn't correct, as any potential freeing of the io_ev_fd should be deferred another RCU grace period. Just call io_eventfd_put() rather than open-code the dec-and-test and free, which will correctl... • https://git.kernel.org/stable/c/21a091b970cdbcf3e8ff829234b51be6f9192766 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52923 – netfilter: nf_tables: adapt set backend to use GC transaction API
https://notcve.org/view.php?id=CVE-2023-52923
20 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage collection anymore, instead the _DEAD bit is set on so the set element is not visible from lookup path anymore. Async GC enqueues transaction work that might be aborted and retried later. rbtree and pipapo set backends does not set on the _... • https://git.kernel.org/stable/c/9d0982927e79049675cb6c6c04a0ebb3dad5a434 •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57929 – dm array: fix releasing a faulty array block twice in dm_array_cursor_end
https://notcve.org/view.php?id=CVE-2024-57929
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty arra... • https://git.kernel.org/stable/c/fdd1315aa5f022fe6574efdc2d9535f75a0ee255 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57928 – netfs: Fix enomem handling in buffered reads
https://notcve.org/view.php?id=CVE-2024-57928
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfs: Fix enomem handling in buffered reads If netfs_read_to_pagecache() gets an error from either ->prepare_read() or from netfs_prepare_read_iterator(), it needs to decrement ->nr_outstanding, cancel the subrequest and break out of the issuing loop. Currently, it only does this for two of the cases, but there are two more that aren't handled. Fix this by moving the handling to a common place and jumping to it from all four places. This i... • https://git.kernel.org/stable/c/ee4cdf7ba857a894ad1650d6ab77669cbbfa329e •