CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56688 – sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
https://notcve.org/view.php?id=CVE-2024-56688
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL. In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transpo... • https://git.kernel.org/stable/c/7196dbb02ea05835b9ee56910ee82cb55422c7f1 •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56687 – usb: musb: Fix hardware lockup on first Rx endpoint request
https://notcve.org/view.php?id=CVE-2024-56687
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with missing calls): req->complete from usb_gadget_giveback_request (drivers/usb/gadget/udc/core.c:999) usb_gadget_giveback_request from musb_g_giveback (drivers/usb/musb/musb_gadget.c:147) musb_g_giveback from rxstate (drivers/usb/musb/musb_gadget.c:784) rxst... • https://git.kernel.org/stable/c/baebdf48c360080710f80699eea3affbb13d6c65 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56686 – ext4: fix race in buffer_head read fault injection
https://notcve.org/view.php?id=CVE-2024-56686
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix race in buffer_head read fault injection When I enabled ext4 debug for fault injection testing, I encountered the following warning: EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress: Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051 WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0 The root cause of the issue lies in the improper implementation of ext4's ... • https://git.kernel.org/stable/c/46f870d690fecc792a66730dcbbf0aa109f5f9ab •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56683 – drm/vc4: hdmi: Avoid hang with debug registers when suspended
https://notcve.org/view.php?id=CVE-2024-56683
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid hang with debug registers when suspended Trying to read /sys/kernel/debug/dri/1/hdmi1_regs when the hdmi is disconnected results in a fatal system hang. This is due to the pm suspend code disabling the dvp clock. That is just a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG, which results in accesses hanging AXI bus. Protect against this. In the Linux kernel, the following vulnerability has been resolved: drm/vc... • https://git.kernel.org/stable/c/25eb441d55d479581a65bcc9de88bc1d86bf76c1 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56681 – crypto: bcm - add error check in the ahash_hmac_init function
https://notcve.org/view.php?id=CVE-2024-56681
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hm... • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56679 – octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c
https://notcve.org/view.php?id=CVE-2024-56679
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp(). In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp(). • https://git.kernel.org/stable/c/ab58a416c93f134b72ec7e10d8d74509c3985243 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56678 – powerpc/mm/fault: Fix kfence page fault reporting
https://notcve.org/view.php?id=CVE-2024-56678
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copy_from_kernel_nofault() can cause page faults. Since *_nofault() functions define their own fixup table for handling fault, use that instead of asking kfence to handle such faults. Hence we search the exception tables for the nip which generated... • https://git.kernel.org/stable/c/90cbac0e995dd92f7bcf82f74aa50250bf194a4a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56677 – powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init()
https://notcve.org/view.php?id=CVE-2024-56677
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE, since pageblock_order is still zero and it gets initialized later during initmem_init() e.g. setup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order() One such use case where this causes issue is - early_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init() This cause... • https://git.kernel.org/stable/c/11ac3e87ce09c27f4587a8c4fe0829d814021a82 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56675 – bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors
https://notcve.org/view.php?id=CVE-2024-56675
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF programs are freed via normal RCU (see __bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal RCU grace period does not imply a tasks-trace-RCU grace period. Fix it by explicitly waiting... • https://git.kernel.org/stable/c/8c7dcb84e3b744b2b70baa7a44a9b1881c33a9c9 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56672 – blk-cgroup: Fix UAF in blkcg_unpin_online()
https://notcve.org/view.php?id=CVE-2024-56672
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the following UAF: ================================================================== BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 Read of size 8 at addr ffff88... • https://git.kernel.org/stable/c/4308a434e5e08c78676aa66bc626ef78cbef0883 •