CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-53237 – Bluetooth: fix use-after-free in device_for_each_child()
https://notcve.org/view.php?id=CVE-2024-53237
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980 CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x100/0x190 ? device_for_each_child+0x18f/0x1a0 print_report+0x13a/0x4cb ? __virt_addr_valid+0x5e/0x590 ? __phys_addr+0xc6/0x150 ? device_for_each_child+0x18f/0x1a0 kasan_report+0xda/0x110 ? • https://git.kernel.org/stable/c/53d61daf35b1bbf3ae06e852ee107aa2f05b3776 https://git.kernel.org/stable/c/ba7088769800d9892a7e4f35c3137a5b3e65410b https://git.kernel.org/stable/c/87624b1f9b781549e69f92db7ede012a21cec275 https://git.kernel.org/stable/c/56a4fdde95ed98d864611155f6728983e199e198 https://git.kernel.org/stable/c/a85fb91e3d728bdfc80833167e8162cce8bc7004 https://git.kernel.org/stable/c/5c53afc766e07098429520b7677eaa164b593451 https://git.kernel.org/stable/c/3c4236f1b2a715e878a06599fa8b0cc21f165d28 https://git.kernel.org/stable/c/fc666d1b47518a18519241cae213de1ba •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53236 – xsk: Free skb when TX metadata options are invalid
https://notcve.org/view.php?id=CVE-2024-53236
In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. This can leak skbs until the send buffer is full which makes sending more packets impossible. Fix this by freeing the skb in the error path if we are currently dealing with the first frag, i.e., an skb allocated in this iteration of xsk_build_skb. • https://git.kernel.org/stable/c/48eb03dd26304c24f03bdbb9382e89c8564e71df https://git.kernel.org/stable/c/7f0d0dd5a7f437d83cff954bc321f1a9b181efd5 https://git.kernel.org/stable/c/d5d346deb65efa8453f8481bcea75c1a590439e7 https://git.kernel.org/stable/c/0c0d0f42ffa6ac94cd79893b7ed419c15e1b45de •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53235 – erofs: fix file-backed mounts over FUSE
https://notcve.org/view.php?id=CVE-2024-53235
In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 Unlike most filesystems, some network filesystems and FUSE need unavoidable valid `file` pointers for their read I/Os [1]. Anyway, those use cases need to be supported too. [1] https://docs.kernel.org/filesystems/vfs.html • https://git.kernel.org/stable/c/fb176750266a3d7f42ebdcf28e8ba40350b27847 https://git.kernel.org/stable/c/5036f2f024cac40a02ea6ea70de2c3a4407d16bc https://git.kernel.org/stable/c/3a23787ca8756920d65fda39f41353a4be1d1642 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53234 – erofs: handle NONHEAD !delta[1] lclusters gracefully
https://notcve.org/view.php?id=CVE-2024-53234
In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as delta[1]=1 to work around these legacy mkfs versions. `lclusterbits > 14` is illegal for compact indexes, error out too. • https://git.kernel.org/stable/c/d95ae5e25326092d61613acf98280270dde22778 https://git.kernel.org/stable/c/96a85becb811ca2ce21a21721f1544d342ae431e https://git.kernel.org/stable/c/8c723eef989bc419585237daa467b787ddca5415 https://git.kernel.org/stable/c/0e1854f87be8fa237198d407a1347476dbead3f5 https://git.kernel.org/stable/c/f466641debcbea8bdf78d1b63a6270aadf9301bf https://git.kernel.org/stable/c/480c6c7b55aeacac800bc2a0d321ff53273045e5 https://git.kernel.org/stable/c/daaf68fef4b2ff97928227630021d37b27a96655 https://git.kernel.org/stable/c/0bc8061ffc733a0a246b8689b2d32a3e9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53233 – unicode: Fix utf8_load() error path
https://notcve.org/view.php?id=CVE-2024-53233
In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? • https://git.kernel.org/stable/c/2b3d047870120bcd46d7cc257d19ff49328fd585 https://git.kernel.org/stable/c/4387cef540f36c2c9297460758cc2438305a24a0 https://git.kernel.org/stable/c/c4b6c1781f6cc4e2283120ac8d873864b8056f21 https://git.kernel.org/stable/c/6504dd27123966dc455494cb55217c04ca479121 https://git.kernel.org/stable/c/89933f8ab3b4cad5ac14ea56a39947d1ffe7d0e3 https://git.kernel.org/stable/c/156bb2c569cd869583c593d27a5bd69e7b2a4264 •