CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. ... To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56557 – iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer
https://notcve.org/view.php?id=CVE-2024-56557
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support device... • https://git.kernel.org/stable/c/851644a60d200c9a294de5a5594004bcf13d34c7 •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56556 – binder: fix node UAF in binder_add_freeze_work()
https://notcve.org/view.php?id=CVE-2024-56556
27 Dec 2024 — This can race with binder_node_release() and trigger a use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff53c04c29dd04 by task freeze/640 CPU: 5 UID: 0 PID: 640 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #17 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_add_freeze_work+0x148/0x478 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 ... • https://git.kernel.org/stable/c/d579b04a52a183db47dfcb7a44304d7747d551e1 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56555 – binder: fix OOB in binder_add_freeze_work()
https://notcve.org/view.php?id=CVE-2024-56555
27 Dec 2024 — This leads to a broken iteration in binder_add_freeze_work() as rb_next() will use data from binder_dead_nodes, triggering an out-of-bounds access: ================================================================== BUG: KASAN: global-out-of-bounds in rb_next+0xfc/0x124 Read of size 8 at addr ffffcb84285f7170 by task freeze/660 CPU: 8 UID: 0 PID: 660 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #18 Hardware name: linux,dummy-virt (DT) Call trace: rb_next+0xfc/0x124 binder_add_freeze_work+0x344/... • https://git.kernel.org/stable/c/d579b04a52a183db47dfcb7a44304d7747d551e1 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56554 – binder: fix freeze UAF in binder_release_work()
https://notcve.org/view.php?id=CVE-2024-56554
27 Dec 2024 — Otherwise, the reference is freed while its ref->freeze.work is still queued in proc->work leading to a use-after-free issue as shown by the following KASAN report: ================================================================== BUG: KASAN: slab-use-after-free in binder_release_work+0x398/0x3d0 Read of size 8 at addr ffff31600ee91488 by task kworker/5:1/211 CPU: 5 UID: 0 PID: 211 Comm: kworker/5:1 Not tainted 6.11.0-rc7-00382-gfc6c92196396 #22 Hardware name: linux,dummy-virt (DT) Workqueue: events... • https://git.kernel.org/stable/c/d579b04a52a183db47dfcb7a44304d7747d551e1 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56553 – binder: fix memleak of proc->delivered_freeze
https://notcve.org/view.php?id=CVE-2024-56553
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc->delivered_freeze If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION before calling binder_freeze_notification_done(), then it is detached from its reference (e.g. In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc->delivered_freeze If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION before calling binder_freeze_notifi... • https://git.kernel.org/stable/c/d579b04a52a183db47dfcb7a44304d7747d551e1 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56552 – drm/xe/guc_submit: fix race around suspend_pending
https://notcve.org/view.php?id=CVE-2024-56552
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed!... (cherry picked from commit f161809b362f027b6d72bd998e47f8f0bad60a2e) In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion ... • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56551 – drm/amdgpu: fix usage slab after free
https://notcve.org/view.php?id=CVE-2024-56551
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147 [ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008]
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56550 – s390/stacktrace: Use break instead of return statement
https://notcve.org/view.php?id=CVE-2024-56550
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement arch_stack_walk_user_common() contains a return statement instead of a break statement in case store_ip() fails while trying to store a callchain entry of a user space process. In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement arch_stack_walk_user_common() contains a return statement instead of a brea... • https://git.kernel.org/stable/c/ebd912ff9919a10609511383d94942362234c077 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56549 – cachefiles: Fix NULL pointer dereference in object->file
https://notcve.org/view.php?id=CVE-2024-56549
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. ... In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. • https://git.kernel.org/stable/c/c8383054506c77b814489c09877b5db83fd4abf2 •