CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57922 – drm/amd/display: Add check for granularity in dml ceil/floor helpers
https://notcve.org/view.php?id=CVE-2024-57922
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granu... • https://git.kernel.org/stable/c/8a9315e6f7b2d94c65a1ba476481deddb20fc3ae •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57913 – usb: gadget: f_fs: Remove WARN_ON in functionfs_bind
https://notcve.org/view.php?id=CVE-2024-57913
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->ga... • https://git.kernel.org/stable/c/ddf8abd2599491cbad959c700b90ba72a5dce8d0 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57912 – iio: pressure: zpa2326: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57912
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerabil... • https://git.kernel.org/stable/c/03b262f2bbf43b82eaef82ffb3bc671d5b5c8da1 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57911 – iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57911
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnera... • https://git.kernel.org/stable/c/415f792447572ef1949a3cef5119bbce8cc66373 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57910 – iio: light: vcnl4035: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57910
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to users... • https://git.kernel.org/stable/c/da8ef748fec2d55db0ae424ab40eee0c737564aa •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57908 – iio: imu: kmx61: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57908
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx... • https://git.kernel.org/stable/c/c3a23ecc0901f624b681bbfbc4829766c5aa3070 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-57907 – iio: adc: rockchip_saradc: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57907
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio... • https://git.kernel.org/stable/c/4e130dc7b41348b13684f0758c26cc6cf72a3449 •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-57906 – iio: adc: ti-ads8688: fix information leak in triggered buffer
https://notcve.org/view.php?id=CVE-2024-57906
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. In the Linux kernel, the following vulnerability has been resolved: iio: adc... • https://git.kernel.org/stable/c/26aa12ef64ee997d293659bbf645c6df99fb73e5 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57904 – iio: adc: at91: call input_free_device() on allocated iio_dev
https://notcve.org/view.php?id=CVE-2024-57904
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Curren... • https://git.kernel.org/stable/c/84882b060301c35ab7e2c1ef355b0bd06b764195 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21653 – net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute
https://notcve.org/view.php?id=CVE-2025-21653
19 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Goog... • https://git.kernel.org/stable/c/e5dfb815181fcb186d6080ac3a091eadff2d98fe •