CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56761 – x86/fred: Clear WFE in missing-ENDBRANCH #CPs
https://notcve.org/view.php?id=CVE-2024-56761
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the "kernel IBT no ENDBR" selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to ... • https://git.kernel.org/stable/c/a5f6c2ace9974adf92ce65dacca8126d90adabfe •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56760 – PCI/MSI: Handle lack of irqdomain gracefully
https://notcve.org/view.php?id=CVE-2024-56760
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement th... • https://git.kernel.org/stable/c/d2a463b297415ca6dd4d60bb1c867dd7c931587b •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56759 – btrfs: fix use-after-free when COWing tree bock and tracing is enabled
https://notcve.org/view.php?id=CVE-2024-56759
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last referenc... • https://git.kernel.org/stable/c/c3a403d8ce36f5a809a492581de5ad17843e4701 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56758 – btrfs: check folio mapping after unlock in relocate_one_folio()
https://notcve.org/view.php?id=CVE-2024-56758
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like t... • https://git.kernel.org/stable/c/e7f1326cc24e22b38afc3acd328480a1183f9e79 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56757 – Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
https://notcve.org/view.php?id=CVE-2024-56757
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btusb: mediatek: agre... • https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49035 – media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
https://notcve.org/view.php?id=CVE-2022-49035
02 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. • https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56756 – nvme-pci: fix freeing of the HMB descriptor table
https://notcve.org/view.php?id=CVE-2024-56756
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to ... • https://git.kernel.org/stable/c/87ad72a59a38d1df217cfd95bc222a2edfe5d399 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56755 – netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
https://notcve.org/view.php?id=CVE-2024-56755
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading to an indefinite wait. The triggering process is as follows: [cookie1] [cookie2] [volume_work] fscache_perform_lookup fscache_create_volume fsca... • https://git.kernel.org/stable/c/bfa22da3ed652aa15acd4246fa13a0de6dbe4a59 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56754 – crypto: caam - Fix the pointer passed to caam_qi_shutdown()
https://notcve.org/view.php?id=CVE-2024-56754
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_shutdown() The type of the last parameter given to devm_add_action_or_reset() is "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to "struct device *". Pass the correct parameter to devm_add_action_or_reset() so that the resources are released as expected. In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_s... • https://git.kernel.org/stable/c/f414de2e2fffd89c8a4e5b5e06b0eba5f9d8b1eb •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56752 – drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new()
https://notcve.org/view.php?id=CVE-2024-56752
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() When the call to gf100_grctx_generate() fails, unlock gr->fecs.mutex before returning the error. Fixes smatch warning: drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480 gf100_gr_chan_new() warn: inconsistent returns '&gr->fecs.mutex'. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() When the cal... • https://git.kernel.org/stable/c/ca081fff6ecc63c86a99918230cc9b947bebae8a •