CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57929 – dm array: fix releasing a faulty array block twice in dm_array_cursor_end
https://notcve.org/view.php?id=CVE-2024-57929
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty arra... • https://git.kernel.org/stable/c/fdd1315aa5f022fe6574efdc2d9535f75a0ee255 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57926 – drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err
https://notcve.org/view.php?id=CVE-2024-57926
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private's drm are set as follows. private->all_drm_private[i]->drm = drm; And drm will be released by drm_dev_put in case mtk_drm_kms_init returns failure. However, the shutdown path still accesses the previous allocated memory in drm_atomic_he... • https://git.kernel.org/stable/c/1ef7ed48356cd5f9af2b7671956991b658d8c2ba •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57925 – ksmbd: fix a missing return value check bug
https://notcve.org/view.php?id=CVE-2024-57925
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function retu... • https://git.kernel.org/stable/c/f8cf1ebb7de62c7d807707ce4abb69d483629263 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57924 – fs: relax assertions on failure to encode file handles
https://notcve.org/view.php?id=CVE-2024-57924
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encod... • https://git.kernel.org/stable/c/adcde2872f8fc399b249758ae1990dcd53b694ea •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57922 – drm/amd/display: Add check for granularity in dml ceil/floor helpers
https://notcve.org/view.php?id=CVE-2024-57922
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granu... • https://git.kernel.org/stable/c/f3d1e4062ef251fa55ccfeca1e54a98b6818b3a1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57921 – drm/amdgpu: Add a lock when accessing the buddy trim function
https://notcve.org/view.php?id=CVE-2024-57921
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously, the tester found a system hang / race condition issue with the multi-display configuration setting. Adding a lock to the buddy allocator's trim function would be the solution.
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57919 – drm/amd/display: fix divide error in DM plane scale calcs
https://notcve.org/view.php?id=CVE-2024-57919
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix divide error in DM plane scale calcs dm_get_plane_scale doesn't take into account plane scaled size equal to zero, leading to a kernel oops due to division by zero. Fix by setting out-scale size as zero when the dst size is zero, similar to what is done by drm_calc_scale(). This issue started with the introduction of cursor ovelay mode that uses this function to assess cursor mode changes via dm_crtc_get_cursor_mode() b... • https://git.kernel.org/stable/c/1b04dcca4fb10dd3834893a60de74edd99f2bfaf •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57918 – drm/amd/display: fix page fault due to max surface definition mismatch
https://notcve.org/view.php?id=CVE-2024-57918
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix page fault due to max surface definition mismatch DC driver is using two different values to define the maximum number of surfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as the unique definition for surface updates across DC. It fixes page fault faced by Cosmic users on AMD display versions that support two overlay planes, since the introduction of cursor overlay mode. [Nov26 21:33] BUG: unable to h... • https://git.kernel.org/stable/c/1b04dcca4fb10dd3834893a60de74edd99f2bfaf •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57917 – topology: Keep the cpumask unchanged when printing cpumap
https://notcve.org/view.php?id=CVE-2024-57917
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/... • https://git.kernel.org/stable/c/bb9ec13d156e85dfd6a8afd0bb61ccf5736ed257 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-57916 – misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling
https://notcve.org/view.php?id=CVE-2024-57916
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generic_handle_irq with handle_nested_irq. In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GP... • https://git.kernel.org/stable/c/1f4d8ae231f47c7d890198cd847055a96482a443 •