CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-58018 – nvkm: correctly calculate the available space of the GSP cmdq buffer
https://notcve.org/view.php?id=CVE-2024-58018
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nvkm: correctly calculate the available space of the GSP cmdq buffer r535_gsp_cmdq_push() waits for the available page in the GSP cmdq buffer when handling a large RPC request. When it sees at least one available page in the cmdq, it quits the waiting with the amount of free buffer pages in the queue. Unfortunately, it always takes the [write pointer, buf_size) as available buffer pages before rolling back and wrongly calculates the size of... • https://git.kernel.org/stable/c/56e6c7f6d2a6b4e0aae0528c502e56825bb40598 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58017 – printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
https://notcve.org/view.php?id=CVE-2024-58017
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX Shifting 1 << 31 on a 32-bit int causes signed integer overflow, which leads to undefined behavior. To prevent this, cast 1 to u32 before performing the shift, ensuring well-defined behavior. This change explicitly avoids any potential overflow by ensuring that the shift occurs on an unsigned 32-bit integer. • https://git.kernel.org/stable/c/9a6d43844de2479a3ff8d674c3e2a16172e01598 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58016 – safesetid: check size of policy writes
https://notcve.org/view.php?id=CVE-2024-58016
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. [PM: subject tweak] • https://git.kernel.org/stable/c/a0dec65f88c8d9290dfa1d2ca1e897abe54c5881 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-58015 – wifi: ath12k: Fix for out-of bound access error
https://notcve.org/view.php?id=CVE-2024-58015
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Array length parameter passed to the function is too big, resulting in possible out-of bound memory error. Decreasing buffer size by one fixes faulty upper bound of passed array. Discovered in coverity scan, CID 1600742 and CID 1600758 • https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58014 – wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
https://notcve.org/view.php?id=CVE-2024-58014
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/ada9df08b3ef683507e75b92f522fb659260147f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58013 – Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
https://notcve.org/view.php?id=CVE-2024-58013
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardwa... • https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827 •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-58012 – ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
https://notcve.org/view.php?id=CVE-2024-58012
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL pointer deference. Check that the DAI widget associated with the CPU DAI is valid to prevent NULL pointer deference due to missing DAI widgets in topologies with aggregated amps. • https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58011 – platform/x86: int3472: Check for adev == NULL
https://notcve.org/view.php?id=CVE-2024-58011
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs. Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer(). • https://git.kernel.org/stable/c/4f8b210823cc2d1f9d967f089a6c00d025bb237f •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58010 – binfmt_flat: Fix integer overflow bug on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-58010
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long); • https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-58007 – soc: qcom: socinfo: Avoid out of bounds read of serial number
https://notcve.org/view.php?id=CVE-2024-58007
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serial_number 2644893864 The firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not have support for the serial_num field in the socinfo struct. There is an existing check to avoid exposing the serial number i... • https://git.kernel.org/stable/c/efb448d0a3fca01bb987dd70963da6185b81751e •