CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56578 – media: imx-jpeg: Set video drvdata before register video device
https://notcve.org/view.php?id=CVE-2024-56578
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops. In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise... • https://git.kernel.org/stable/c/2db16c6ed72ce644d5639b3ed15e5817442db4ba •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56577 – media: mtk-jpeg: Fix null-ptr-deref during unload module
https://notcve.org/view.php?id=CVE-2024-56577
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtk_jpeg_core.c since commit 09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwise the below calltrace can be easily triggered. [ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023 [ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] ... • https://git.kernel.org/stable/c/09aea13ecf6f89ed7f18114953695563f64f461c •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56576 – media: i2c: tc358743: Fix crash in the probe error path when using polling
https://notcve.org/view.php?id=CVE-2024-56576
27 Dec 2024 — ------------[ cut here ]------------ WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268 Modules linked in: CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __run_timers+0x244/0x268 lr : __run_timers+0x1d4/0x268 sp : ffffff80eff2baf0 x29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00 x26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2b... • https://git.kernel.org/stable/c/4e66a52a2e4c832dfa35a39204d0f7ce717d4a4a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56575 – media: imx-jpeg: Ensure power suppliers be suspended before detach them
https://notcve.org/view.php?id=CVE-2024-56575
27 Dec 2024 — otherwise the detach may led to kernel panic, like below: [ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 1457.116777] Mem abort info: [ 1457.119589] ESR = 0x0000000096000004 [ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits [ 1457.128692] SET = 0, FnV = 0 [ 1457.131764] EA = 0, S1PTW = 0 [ 1457.134920] FSC = 0x04: level 0 translation fault [ 1457.139812] Data abort info: [ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1457.148196] ... • https://git.kernel.org/stable/c/2db16c6ed72ce644d5639b3ed15e5817442db4ba •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56574 – media: ts2020: fix null-ptr-deref in ts2020_probe()
https://notcve.org/view.php?id=CVE-2024-56574
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:fff... • https://git.kernel.org/stable/c/dc245a5f9b5163511e0c164c8aa47848f07b75a9 •
CVSS: 5.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56573 – efi/libstub: Free correct pointer on failure
https://notcve.org/view.php?id=CVE-2024-56573
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. • https://git.kernel.org/stable/c/42c8ea3dca094ab82776ca706fb7a9cbe8ac3dc9 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56572 – media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()
https://notcve.org/view.php?id=CVE-2024-56572
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise t... • https://git.kernel.org/stable/c/f20387dfd065693ba7ea2788a2f893bf653c9cb8 •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56571 – media: uvcvideo: Require entities to have a non-zero unique ID
https://notcve.org/view.php?id=CVE-2024-56571
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ... usb_match_dy ---truncated--- In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. • https://git.kernel.org/stable/c/a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b •
CVSS: 6.4EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56570 – ovl: Filter invalid inodes with missing lookup function
https://notcve.org/view.php?id=CVE-2024-56570
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. • https://git.kernel.org/stable/c/f9248e2f73fb4afe08324485e98c815ac084d166 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56569 – ftrace: Fix regression with module command in stack_trace_filter
https://notcve.org/view.php?id=CVE-2024-56569
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys... • https://git.kernel.org/stable/c/04ec7bb642b77374b53731b795b5654b5aff1c00 •