CVE-2024-57885 – mm/kmemleak: fix sleeping function called from invalid context at print message
https://notcve.org/view.php?id=CVE-2024-57885
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under specific conditions: - CONFIG_PREEMPT_RT=y - Set SELinux as the LSM for the system - Set kptr_restrict to 1 - kmemleak buffer contains at least one item BUG: sleeping function called from invalid context at kernel/l... • https://git.kernel.org/stable/c/3a6f33d86baa8103c80f62edd9393e9f7bf25d72 •
CVE-2024-57884 – mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()
https://notcve.org/view.php?id=CVE-2024-57884
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ff... • https://git.kernel.org/stable/c/5a1c84b404a7176b8b36e2a0041b6f0adb3151a3 •
CVE-2024-57883 – mm: hugetlb: independent PMD page table shared count
https://notcve.org/view.php?id=CVE-2024-57883
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000... • https://git.kernel.org/stable/c/39dde65c9940c97fcd178a3d2b1c57ed8b7b68aa •
CVE-2024-57882 – mptcp: fix TCP options overflow.
https://notcve.org/view.php?id=CVE-2024-57882
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:_compound_hea... • https://git.kernel.org/stable/c/1bff1e43a30e2f7500a49d47fd26a425643a6a37 •
CVE-2024-57881 – mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy()
https://notcve.org/view.php?id=CVE-2024-57881
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix... • https://git.kernel.org/stable/c/fd919a85cd55be5d00a6a7372071f44c8eafb825 •
CVE-2024-57880 – ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array
https://notcve.org/view.php?id=CVE-2024-57880
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator. In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw:... • https://git.kernel.org/stable/c/27fd36aefa0013bea1cf6948e2e825e9b8cff97a •
CVE-2024-57879 – Bluetooth: iso: Always release hdev at the end of iso_listen_bis
https://notcve.org/view.php?id=CVE-2024-57879
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be... • https://git.kernel.org/stable/c/02171da6e86a73e1b343b36722f5d9d5c04b3539 •
CVE-2024-57878 – arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR
https://notcve.org/view.php?id=CVE-2024-57878
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechani... • https://git.kernel.org/stable/c/4035c22ef7d43a6c00d6a6584c60e902b95b46af •
CVE-2024-57877 – arm64: ptrace: fix partial SETREGSET for NT_ARM_POE
https://notcve.org/view.php?id=CVE-2024-57877
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.por_el0, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism... • https://git.kernel.org/stable/c/17519819926211e6b2834e00e4554bec0daf22ac •
CVE-2024-57876 – drm/dp_mst: Fix resetting msg rx state after topology removal
https://notcve.org/view.php?id=CVE-2024-57876
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The r... • https://git.kernel.org/stable/c/b30fcedeba643ca16eaa6212c1245598b7cd830d •