CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56709 – io_uring: check if iowq is killed before queuing
https://notcve.org/view.php?id=CVE-2024-56709
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, whether it's the final task_work run or the fallback path. In this case, task work will find ->io_wq being already killed and null'ed, which is a problem if it then tries to forward the request to io_queue_iowq(). Make io_queue_iowq() fail requests in this case. Note that it also checks PF_KTHREAD, because the ... • https://git.kernel.org/stable/c/773af69121ecc6c53d192661af8d53bb3db028ae •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56708 – EDAC/igen6: Avoid segmentation fault on module unload
https://notcve.org/view.php?id=CVE-2024-56708
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc] During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt); Fix this issue by setting mci->pvt_info to NULL to avoid the... • https://git.kernel.org/stable/c/10590a9d4f23e0a519730d79d39331df60ad2079 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56707 – octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
https://notcve.org/view.php?id=CVE-2024-56707
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Add error pointer checks after calling otx2_mbox_get_rsp(). • https://git.kernel.org/stable/c/79d2be385e9eabe4403eb85bcc7d3efc6b936a76 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56705 – media: atomisp: Add check for rgby_data memory allocation failure
https://notcve.org/view.php?id=CVE-2024-56705
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgby_data memory allocation failure In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue. • https://git.kernel.org/stable/c/a49d25364dfb9f8a64037488a39ab1f56c5fa419 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56704 – 9p/xen: fix release of IRQ
https://notcve.org/view.php?id=CVE-2024-56704
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fix release of IRQ Kernel logs indicate an IRQ was double-freed. Pass correct device ID during IRQ release. [Dominique: remove confusing variable reset to 0] • https://git.kernel.org/stable/c/71ebd71921e451f0f942ddfe85d01e31ddc6eb88 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56703 – ipv6: Fix soft lockups in fib6_select_path under high next hop churn
https://notcve.org/view.php?id=CVE-2024-56703
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, these routers continuously update BGP-advertised routes due to frequently changing nexthop destinations, while also managing significant IPv6 traffic. The lockups occur during the traversal of the multipath circular linked-list in th... • https://git.kernel.org/stable/c/66f5d6ce53e665477d2a33e8f539d4fa4ca81c83 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56702 – bpf: Mark raw_tp arguments with PTR_MAYBE_NULL
https://notcve.org/view.php?id=CVE-2024-56702
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being NULL. More context about this issue is available in [0]. Thus, there is a discrepancy between the reality, that raw_tp arguments can actually be NULL, and the verifier's knowledge, that they are never NULL, ... • https://git.kernel.org/stable/c/3f00c52393445ed49aadc1a567aa502c6333b1a1 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56701 – powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
https://notcve.org/view.php?id=CVE-2024-56701
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc/powerpc/vcpudispatch_stats BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh preempt_count: 1, expected: 0 3 locks held b... • https://git.kernel.org/stable/c/06220d78f24a20549757be1014e57c382406cc92 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56700 – media: wl128x: Fix atomicity violation in fmc_send_cmd()
https://notcve.org/view.php?id=CVE-2024-56700
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later pa... • https://git.kernel.org/stable/c/e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56698 – usb: dwc3: gadget: Fix looping of queued SG entries
https://notcve.org/view.php?id=CVE-2024-56698
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent ... • https://git.kernel.org/stable/c/c96e6725db9d6a04ac1bee881e3034b636d9f71c •