CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53236 – xsk: Free skb when TX metadata options are invalid
https://notcve.org/view.php?id=CVE-2024-53236
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid W... • https://git.kernel.org/stable/c/48eb03dd26304c24f03bdbb9382e89c8564e71df •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53235 – erofs: fix file-backed mounts over FUSE
https://notcve.org/view.php?id=CVE-2024-53235
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/e... • https://git.kernel.org/stable/c/fb176750266a3d7f42ebdcf28e8ba40350b27847 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53234 – erofs: handle NONHEAD !delta[1] lclusters gracefully
https://notcve.org/view.php?id=CVE-2024-53234
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !... In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !... Attila Szász discovered that the HFS+ file system implementation in the Linux Kernel contained a heap overflow vulnerability. ... Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/d95ae5e25326092d61613acf98280270dde22778 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53233 – unicode: Fix utf8_load() error path
https://notcve.org/view.php?id=CVE-2024-53233
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. ... • https://git.kernel.org/stable/c/2b3d047870120bcd46d7cc257d19ff49328fd585 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53232 – iommu/s390: Implement blocking domain
https://notcve.org/view.php?id=CVE-2024-53232
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. ... • https://git.kernel.org/stable/c/c76c067e488ccd55734c3e750799caf2c5956db6 • CWE-416: Use After Free CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53231 – cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
https://notcve.org/view.php?id=CVE-2024-53231
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause ... • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53230 – cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
https://notcve.org/view.php?id=CVE-2024-53230
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference, so check NULL for cppc_get_cpu_cost(). In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in polic... • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53229 – RDMA/rxe: Fix the qp flush warnings in req
https://notcve.org/view.php?id=CVE-2024-53229
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. ... kthread_complete_and_exit+0x20/0x20 [ 920.628709] ret_from_fork+0x1f/0x30 [ 920.628892] In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. • https://git.kernel.org/stable/c/ae720bdb703b295fed4ded28e14dd06a534a3012 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53228 – riscv: kvm: Fix out-of-bounds array access
https://notcve.org/view.php?id=CVE-2024-53228
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an out-of-bound index. In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an out-of-bound index. ... • https://git.kernel.org/stable/c/56d8a385b60556019ecb45d6098830c9ef6a13e0 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53227 – scsi: bfa: Fix use-after-free in bfad_im_module_exit()
https://notcve.org/view.php?id=CVE-2024-53227
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: