CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2024-50051 – spi: mpc52xx: Add cancel_work_sync before module remove
https://notcve.org/view.php?id=CVE-2024-50051
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove. In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx... • https://git.kernel.org/stable/c/ca632f556697d45d67ed5cada7cedf3ddfe0db4b •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2024-49569 – nvme-rdma: unquiesce admin_q before destroy it
https://notcve.org/view.php?id=CVE-2024-49569
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260... • https://git.kernel.org/stable/c/958dc1d32c80566f58d18f05ef1f05bd32d172c1 •
CVSS: 7.2EPSS: %CPEs: 9EXPL: 0CVE-2024-48881 – bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again
https://notcve.org/view.php?id=CVE-2024-48881
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized... • https://git.kernel.org/stable/c/0729029e647234fa1a94376b6edffec5c2cd75f6 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-48875 – btrfs: don't take dev_replace rwsem on task already holding it
https://notcve.org/view.php?id=CVE-2024-48875
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take dev_replace rwsem on task already holding it Running fstests btrfs/011 with MKFS_OPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info (device sdd): dev_replace from /dev/sdd (devid 1) to /dev/sdb started ============================================ WARNING: possible recursive locking detected 6.11.0-rc3-btrfs-for-next #599 Not tainted -----------------------------... • https://git.kernel.org/stable/c/a5bc4e030f50fdbb1fbc69acc1e0c5f57c79d044 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-48873 – wifi: rtw89: check return value of ieee80211_probereq_get() for RNR
https://notcve.org/view.php?id=CVE-2024-48873
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, so check it before using to avoid NULL pointer access. Addresses-Coverity-ID: 1529805 ("Dereference null return value") In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, ... • https://git.kernel.org/stable/c/1a0f54cb3fea5d087440b2bae03202c445156a8d •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-47809 – dlm: fix possible lkb_resource null dereference
https://notcve.org/view.php?id=CVE-2024-47809
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way a... • https://git.kernel.org/stable/c/6fbdc3980b70e9c1c86eccea7d5ee68108008fa7 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2024-47794 – bpf: Prevent tailcall infinite loop caused by freplace
https://notcve.org/view.php?id=CVE-2024-47794
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entry_freplace of tailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in entry_freplace leads to entry_tc. This results in an infinite loop: entry_tc -> subprog_tc -> entry_freplace --tailcall-> entry_tc. The probl... • https://git.kernel.org/stable/c/987aa730bad3e1ef66d9f30182294daa78f6387d •
CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2024-47143 – dma-debug: fix a possible deadlock on radix_lock
https://notcve.org/view.php?id=CVE-2024-47143
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one ... • https://git.kernel.org/stable/c/3ccce34a5c3f5c9541108a451657ade621524b32 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-47141 – pinmux: Use sequential access to access desc->pinmux data
https://notcve.org/view.php?id=CVE-2024-47141
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for the same functionality, we are seeing NULL pointer issue while accessing desc->mux_owner. Let's say two processes A, B executing in pin_request() for the same pin and process A updates the desc->mux_usecount but not yet updated the desc->mux_owner while process B see the desc->mux_usecount which got updated by A path an... • https://git.kernel.org/stable/c/2da32aed4a97ca1d70fb8b77926f72f30ce5fb4b •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2024-45828 – i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request
https://notcve.org/view.php?id=CVE-2024-45828
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when the ring is being stopped. Depending on timing between ring stop request completion, interrupt handler removal and code execution this may lead to a NULL pointer dereference in hci_dma_irq_handler() if it gets to run after the io_data pointer is set to NULL in hci_dma_cleanup(). Prevent this my masking the ... • https://git.kernel.org/stable/c/a6cddf68b3405b272b5a3cad9657be0b02b34bf4 •