CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56692 – f2fs: fix to do sanity check on node blkaddr in truncate_node()
https://notcve.org/view.php?id=CVE-2024-56692
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncate_node() syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 Call Trace: truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909 f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288 f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856 evict+0x4e8/0x9b0 fs/inode.c:723 f2fs_h... • https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56623 – scsi: qla2xxx: Fix use after free on unload
https://notcve.org/view.php?id=CVE-2024-56623
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal t... • https://git.kernel.org/stable/c/12f04fc8580eafb0510f805749553eb6213f323e •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56616 – drm/dp_mst: Fix MST sideband message body length check
https://notcve.org/view.php?id=CVE-2024-56616
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corrupti... • https://git.kernel.org/stable/c/109f91d8b9335b0f3714ef9920eae5a8b21d56af •
CVSS: 9.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56608 – drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'
https://notcve.org/view.php?id=CVE-2024-56608
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is w... • https://git.kernel.org/stable/c/5bd410c21037107b83ffbb51dd2d6460f9de9ed1 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56606 – af_packet: avoid erroring out after sock_init_data() in packet_create()
https://notcve.org/view.php?id=CVE-2024-56606
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_... • https://git.kernel.org/stable/c/71b22837a5e55ac27d6a14b9cdf2326587405c4f • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56605 – Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
https://notcve.org/view.php?id=CVE-2024-56605
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointe... • https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56604 – Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
https://notcve.org/view.php?id=CVE-2024-56604
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM:... • https://git.kernel.org/stable/c/ac3eaac4cf142a15fe67be747a682b1416efeb6e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56603 – net: af_can: do not leave a dangling sk pointer in can_create()
https://notcve.org/view.php?id=CVE-2024-56603
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later. In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees ... • https://git.kernel.org/stable/c/884ae8bcee749be43a071d6ed2d89058dbd2425c • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56602 – net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
https://notcve.org/view.php?id=CVE-2024-56602
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. In the Linux kernel, the following vulnerability has been resolved: net: iee... • https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56601 – net: inet: do not leave a dangling sk pointer in inet_create()
https://notcve.org/view.php?id=CVE-2024-56601
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error. In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk poi... • https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d • CWE-416: Use After Free •