CVE-2024-56718 – net/smc: protect link down work from execute after lgr freed
https://notcve.org/view.php?id=CVE-2024-56718
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work, and put the reference after work executed or canceled. The relevant crash call stack as follows: list_del corruption. prev->next should be ffffb638c9c0fe20, but was 0000000000000000 ------------[ cut here... • https://git.kernel.org/stable/c/541afa10c126b6c22c2a805a559c70cc41fd156e •
CVE-2024-56717 – net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic()
https://notcve.org/view.php?id=CVE-2024-56717
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic() Packets injected by the CPU should have a SRC_PORT field equal to the CPU port module index in the Analyzer block (ocelot->num_phys_ports). The blamed commit copied the ocelot_ifh_set_basic() call incorrectly from ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling with "x", it calls with BIT_ULL(x), but the field is not a port mask, but rather a s... • https://git.kernel.org/stable/c/06bcb9032e05ad717f9fd0a6e2fd3ae7f430fa31 •
CVE-2024-56716 – netdevsim: prevent bad user input in nsim_dev_health_break_write()
https://notcve.org/view.php?id=CVE-2024-56716
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. • https://git.kernel.org/stable/c/82c93a87bf8bc0cdb5ec2ab99da7d87715ff889f •
CVE-2024-56715 – ionic: Fix netdev notifier unregister on failure
https://notcve.org/view.php?id=CVE-2024-56715
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() failure. This will also call ionic_lif_unregister_phc() if it has already been registered. • https://git.kernel.org/stable/c/30b87ab4c0b30e0f681cb7dfaab6c642dd17e454 •
CVE-2024-56714 – ionic: no double destroy workqueue
https://notcve.org/view.php?id=CVE-2024-56714
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ionic: no double destroy workqueue There are some FW error handling paths that can cause us to try to destroy the workqueue more than once, so let's be sure we're checking for that. The case where this popped up was in an AER event where the handlers got called in such a way that ionic_reset_prepare() and thus ionic_dev_teardown() got called twice in a row. The second time through the workqueue was already destroyed, and destroy_workqueu... • https://git.kernel.org/stable/c/9e25450da7006cd6f425248a5b38dad4adb3c981 •
CVE-2024-56713 – net: netdevsim: fix nsim_pp_hold_write()
https://notcve.org/view.php?id=CVE-2024-56713
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: fix nsim_pp_hold_write() nsim_pp_hold_write() has two problems: 1) It may return with rtnl held, as found by syzbot. 2) Its return value does not propagate an error if any. • https://git.kernel.org/stable/c/1580cbcbfe770b0a7fb76735c1a601483335c1c2 •
CVE-2024-56712 – udmabuf: fix memory leak on last export_udmabuf() error path
https://notcve.org/view.php?id=CVE-2024-56712
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memor... • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •
CVE-2024-56711 – drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-56711
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference drm_mode_duplicate() could return NULL due to lack of memory, which will then call NULL pointer dereference. Add a check to prevent it. • https://git.kernel.org/stable/c/0ef94554dc40fbdb7e57ff90cd1e7fa71e1e89fd •
CVE-2024-56710 – ceph: fix memory leak in ceph_direct_read_write()
https://notcve.org/view.php?id=CVE-2024-56710
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked and pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of sparse_ext map until after the bvecs array is set up, so fix this by moving sparse_ext allocation a bit earlier. Also, make a similar adjustment in __ceph_sync_read() for consistency (a leak of the same kind in __... • https://git.kernel.org/stable/c/03bc06c7b0bd8d86b9f17f459acaeb1283ba2700 •
CVE-2024-56709 – io_uring: check if iowq is killed before queuing
https://notcve.org/view.php?id=CVE-2024-56709
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, whether it's the final task_work run or the fallback path. In this case, task work will find ->io_wq being already killed and null'ed, which is a problem if it then tries to forward the request to io_queue_iowq(). Make io_queue_iowq() fail requests in this case. Note that it also checks PF_KTHREAD, because the ... • https://git.kernel.org/stable/c/773af69121ecc6c53d192661af8d53bb3db028ae •