CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53212 – netlink: fix false positive warning in extack during dumps
https://notcve.org/view.php?id=CVE-2024-53212
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netlink: fix false positive warning in extack during dumps Commit under fixes extended extack reporting to dumps. It works under normal conditions, because extack errors are usually reported during ->start() or the first ->dump(), it's quite rare that the dump starts okay but fails later. If the dump does fail later, however, the input skb will already have the initiating message pulled, so checking if bad attr falls within skb->data will f... • https://git.kernel.org/stable/c/8af4f60472fce1f22db5068107b37bcc1a65eabd •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53210 – s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
https://notcve.org/view.php?id=CVE-2024-53210
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID... • https://git.kernel.org/stable/c/eac3731bd04c7131478722a3c148b78774553116 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53209 – bnxt_en: Fix receive ring space parameters when XDP is active
https://notcve.org/view.php?id=CVE-2024-53209
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring setting may need to be changed and it may become out-of-sync with the settings initially done in bnxt_set_rx_skb_mode(). This may result in random mem... • https://git.kernel.org/stable/c/08450ea98ae98d5a35145b675b76db616046ea11 •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53208 – Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
https://notcve.org/view.php?id=CVE-2024-53208
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Google C... • https://git.kernel.org/stable/c/275f3f64870245b06188f24bdf917e55a813d294 •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53207 – Bluetooth: MGMT: Fix possible deadlocks
https://notcve.org/view.php?id=CVE-2024-53207
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000 Workqueue: hci0 ... • https://git.kernel.org/stable/c/4883296505aa7e4863c6869b689afb6005633b23 •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53206 – tcp: Fix use-after-free of nreq in reqsk_timer_handler().
https://notcve.org/view.php?id=CVE-2024-53206
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). In the Linux kernel, the following ... • https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53205 – phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe
https://notcve.org/view.php?id=CVE-2024-53205
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/134e6d25f6bd06071e5aac0a7eefcea6f7713955 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53204 – phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe
https://notcve.org/view.php?id=CVE-2024-53204
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. • https://git.kernel.org/stable/c/adda6e82a7de7d6d478f6c8ef127f0ac51c510a1 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53203 – usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
https://notcve.org/view.php?id=CVE-2024-53203
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debu... • https://git.kernel.org/stable/c/170a6726d0e266f2c8f306e3d61715c32f4ee41e •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53202 – firmware_loader: Fix possible resource leak in fw_log_firmware_info()
https://notcve.org/view.php?id=CVE-2024-53202
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the ex... • https://git.kernel.org/stable/c/02fe26f25325b547b7a31a65deb0326c04bb5174 •