CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53068 – firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()
https://notcve.org/view.php?id=CVE-2024-53068
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(), which causes slab-use-after-free when accessing scmi_dev->name in scmi_bus_notifier(). So move the release of scmi_dev->name to scmi_device_release() to avoid slab-use-after-free. | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 | | CPU: ... • https://git.kernel.org/stable/c/ee7a9c9f67c59008b330deff2762bd8cf1407eec •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53067 – scsi: ufs: core: Start the RTC update work later
https://notcve.org/view.php?id=CVE-2024-53067
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence, only start the RTC update work after runtime power management in the UFS driver has been fully initialized. This patch fixes the following kernel crash: Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/... • https://git.kernel.org/stable/c/6bf999e0eb41850d5c857102535d5c53b2ede224 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53066 – nfs: Fix KMSAN warning in decode_getfattr_attrs()
https://notcve.org/view.php?id=CVE-2024-53066
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decode_getfattr_attrs() Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb0... • https://git.kernel.org/stable/c/88034c3d88c2c48b215f2cc5eb22e564aa817f9c •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53065 – mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create
https://notcve.org/view.php?id=CVE-2024-53065
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create Commit b035f5a6d852 ("mm: slab: reduce the kmalloc() minimum alignment if DMA bouncing possible") reduced ARCH_KMALLOC_MINALIGN to 8 on arm64. However, with KASAN_HW_TAGS enabled, arch_slab_minalign() becomes 16. This causes kmalloc_caches[*][8] to be aliased to kmalloc_caches[*][16], resulting in kmem_buckets_create() attempting to create a kmem_cache for s... • https://git.kernel.org/stable/c/b32801d1255be1da62ea8134df3ed9f3331fba12 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53064 – idpf: fix idpf_vc_core_init error path
https://notcve.org/view.php?id=CVE-2024-53064
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpf_vc_core_init error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset is done, it tries to build the resources back. At this time if the device control plane is not yet started, then the driver timeouts on the virtchnl message and retries to establish the mailbox again. In the retry... • https://git.kernel.org/stable/c/4930fbf419a72d7477426fd883bfc37e20a61a6e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53063 – media: dvbdev: prevent the risk of out of memory access
https://notcve.org/view.php?id=CVE-2024-53063
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did... • https://git.kernel.org/stable/c/5dd3f3071070f5a306bdf8d474c80062f5691cba •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53062 – media: mgb4: protect driver against spectre
https://notcve.org/view.php?id=CVE-2024-53062
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: mgb4: protect driver against spectre Frequency range is set from sysfs via frequency_range_store(), being vulnerable to spectre, as reported by smatch: drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r] drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half. 'reg_set' Fix it. In the Linux kernel, the following vulnerabilit... • https://git.kernel.org/stable/c/0ab13674a9bd10514486cf1670d71dbd8afec421 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53061 – media: s5p-jpeg: prevent buffer overflows
https://notcve.org/view.php?id=CVE-2024-53061
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment. In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. • https://git.kernel.org/stable/c/6c96dbbc2aa9f5b4aed8792989d69eae22bf77c4 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53060 – drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported
https://notcve.org/view.php?id=CVE-2024-53060
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointe... • https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53059 – wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()
https://notcve.org/view.php?id=CVE-2024-53059
19 Nov 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer. In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. • https://git.kernel.org/stable/c/f130bb75d8817c560b48c4d1a0e5279968a0859d •