CVSS: 7.8EPSS: %CPEs: 2EXPL: 0CVE-2024-55641 – xfs: unlock inodes when erroring out of xfs_trans_alloc_dir
https://notcve.org/view.php?id=CVE-2024-55641
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0... • https://git.kernel.org/stable/c/bd5562111d58392298a3c3b93caad71dff681b4b •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2024-55639 – net: renesas: rswitch: avoid use-after-put for a device tree node
https://notcve.org/view.php?id=CVE-2024-55639
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is used at several driver locations. So passing this node to of_node_put() after the first use is wrong. Move of_node_put() for this node to exit paths. In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in th... • https://git.kernel.org/stable/c/b46f1e5793298c67efc2f1b917350a2cefacf9d6 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-54683 – netfilter: IDLETIMER: Fix for possible ABBA deadlock
https://notcve.org/view.php?id=CVE-2024-54683
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== | WARNING: possible circular locking dependency detected | 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted | ------------------------------------------------------ | iptables/3303 is trying to acquire lock: | fff... • https://git.kernel.org/stable/c/0902b469bd25065aa0688c3cee6f11744c817e7c •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-54460 – Bluetooth: iso: Fix circular lock in iso_listen_bis
https://notcve.org/view.php?id=CVE-2024-54460
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] ----------------------------------... • https://git.kernel.org/stable/c/02171da6e86a73e1b343b36722f5d9d5c04b3539 •
CVSS: 4.8EPSS: %CPEs: 3EXPL: 0CVE-2024-54191 – Bluetooth: iso: Fix circular lock in iso_conn_big_sync
https://notcve.org/view.php?id=CVE-2024-54191
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] -------------... • https://git.kernel.org/stable/c/1360e5b6ce63d63d23223a659ca2bbafa30a53aa •
CVSS: 8.8EPSS: %CPEs: 2EXPL: 0CVE-2024-53689 – block: Fix potential deadlock while freezing queue and acquiring sysfs_lock
https://notcve.org/view.php?id=CVE-2024-53689
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock while freezing queue and acquiring sysfs_lock For storing a value to a queue attribute, the queue_attr_store function first freezes the queue (->q_usage_counter(io)) and then acquire ->sysfs_lock. This seems not correct as the usual ordering should be to acquire ->sysfs_lock before freezing the queue. This incorrect ordering causes the following lockdep splat which we are able to reproduce always simply by acce... • https://git.kernel.org/stable/c/af2814149883e2c1851866ea2afcd8eadc040f79 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2024-53687 – riscv: Fix IPIs usage in kfence_protect_page()
https://notcve.org/view.php?id=CVE-2024-53687
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all the cores, which triggers the following warning when the irqs are disabled: [ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] Modules linked in: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Hardware name: QEMU QEMU ... • https://git.kernel.org/stable/c/47513f243b452a5e21180dcf3d6ac1c57e1781a6 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2024-53682 – regulator: axp20x: AXP717: set ramp_delay
https://notcve.org/view.php?id=CVE-2024-53682
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: regulator: axp20x: AXP717: set ramp_delay AXP717 datasheet says that regulator ramp delay is 15.625 us/step, which is 10mV in our case. Add a AXP_DESC_RANGES_DELAY macro and update AXP_DESC_RANGES macro to expand to AXP_DESC_RANGES_DELAY with ramp_delay = 0 For DCDC4, steps is 100mv Add a AXP_DESC_DELAY macro and update AXP_DESC macro to expand to AXP_DESC_DELAY with ramp_delay = 0 This patch fix crashes when using CPU DVFS. In the Linux ke... • https://git.kernel.org/stable/c/d2ac3df75c3a995064cfac0171e082a30d8c4c66 •
CVSS: 7.1EPSS: %CPEs: 7EXPL: 0CVE-2024-53680 – ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
https://notcve.org/view.php?id=CVE-2024-53680
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time: vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6() At run... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2024-52332 – igb: Fix potential invalid memory access in igb_init_module()
https://notcve.org/view.php?id=CVE-2024-52332
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access. In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when th... • https://git.kernel.org/stable/c/bbd98fe48a43464b4a044bc4cbeefad284d6aa80 •