CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56698 – usb: dwc3: gadget: Fix looping of queued SG entries
https://notcve.org/view.php?id=CVE-2024-56698
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG ... • https://git.kernel.org/stable/c/c96e6725db9d6a04ac1bee881e3034b636d9f71c •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56692 – f2fs: fix to do sanity check on node blkaddr in truncate_node()
https://notcve.org/view.php?id=CVE-2024-56692
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncate_node() syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 Call Trace: truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909 f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288 f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856 evict+0x4e8/0x9b0 fs/inode.c:723 f2fs_h... • https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56691 – mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
https://notcve.org/view.php?id=CVE-2024-56691
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not... • https://git.kernel.org/stable/c/9c6235c8633210cc2da0882e2e9d6ff90aa37503 •
CVSS: 5.6EPSS: 0%CPEs: 11EXPL: 0CVE-2024-56690 – crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY
https://notcve.org/view.php?id=CVE-2024-56690
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by c... • https://git.kernel.org/stable/c/039fec48e062504f14845124a1a25eb199b2ddc0 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56688 – sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
https://notcve.org/view.php?id=CVE-2024-56688
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL. In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport... • https://git.kernel.org/stable/c/7196dbb02ea05835b9ee56910ee82cb55422c7f1 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56681 – crypto: bcm - add error check in the ahash_hmac_init function
https://notcve.org/view.php?id=CVE-2024-56681
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac... • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56672 – blk-cgroup: Fix UAF in blkcg_unpin_online()
https://notcve.org/view.php?id=CVE-2024-56672
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the following UAF: ================================================================== BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 Read of size 8 at addr ffff8881057678c... • https://git.kernel.org/stable/c/4308a434e5e08c78676aa66bc626ef78cbef0883 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56670 – usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer
https://notcve.org/view.php?id=CVE-2024-56670
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver... • https://git.kernel.org/stable/c/c1dca562be8ada614ef193aa246c6f8705bcd6b9 •
CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56664 – bpf, sockmap: Fix race between element replace and close()
https://notcve.org/view.php?id=CVE-2024-56664
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_del... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56662 – acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl
https://notcve.org/view.php?id=CVE-2024-56662
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inline] BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 The issue occurs in cmd_to_func when the call_pkg->nd_reserved2 array is accessed without verifying that call_pkg points to a buffer that is appropriately sized a... • https://git.kernel.org/stable/c/ebe9f6f19d80d8978d16078dff3d5bd93ad8d102 •