CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53177 – smb: prevent use-after-free due to open_cached_dir error paths
https://notcve.org/view.php?id=CVE-2024-53177
27 Dec 2024 — VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Workqueue: cifsiod smb2_cached_lease_break Call Trace:
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53176 – smb: During unmount, ensure all cached dir instances drop their dentry
https://notcve.org/view.php?id=CVE-2024-53176
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can race with various cached directory operations, which ultimately results in dentries not being dropped and these kernel BUGs: BUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs] VFS: Busy inodes after unmount of cifs (cifs) ------------[ cut here ]--------... • https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53175 – ipc: fix memleak if msg_init_ns failed in create_ipc_ns
https://notcve.org/view.php?id=CVE-2024-53175
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msg_init_ns failed in create_ipc_ns Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. ... • https://git.kernel.org/stable/c/72d1e611082eda18689106a0c192f2827072713c •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53174 – SUNRPC: make sure cache entry active before cache_show
https://notcve.org/view.php?id=CVE-2024-53174
27 Dec 2024 — WARNING: CPU: 7 PID: 822 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 7 UID: 0 PID: 822 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 Call Trace:
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53173 – NFSv4.0: Fix a use-after-free problem in the asynchronous open()
https://notcve.org/view.php?id=CVE-2024-53173
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-a... • https://git.kernel.org/stable/c/24ac23ab88df5b21b5b2df8cde748bf99b289099 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53172 – ubi: fastmap: Fix duplicate slab cache names while attaching
https://notcve.org/view.php?id=CVE-2024-53172
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG... • https://git.kernel.org/stable/c/d2158f69a7d469c21c37f7028c18aa8c54707de3 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53171 – ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit
https://notcve.org/view.php?id=CVE-2024-53171
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. ... The search for the dirty nodes ---truncated--- In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `zno... • https://git.kernel.org/stable/c/16a26b20d2afd0cf063816725b45b12e78d5bb31 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53170 – block: fix uaf for flush rq while iterating tags
https://notcve.org/view.php?id=CVE-2024-53170
27 Dec 2024 — However, QUEUE_FLAG_INIT_DONE is cleared in del_gendisk by commit aec89dc5d421 ("block: keep q_usage_counter in atomic mode after del_gendisk"), hence for disk like scsi, following blk_mq_destroy_queue() will not clear flush rq from tags->rqs[] as well, cause following uaf that is found by our syzkaller for v6.6: ================================================================== BUG: KASAN: slab-use-after-free in blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261 Read of size 4 at addr ffff88811c969... • https://git.kernel.org/stable/c/6cfeadbff3f8905f2854735ebb88e581402c16c4 •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53169 – nvme-fabrics: fix kernel crash while shutting down controller
https://notcve.org/view.php?id=CVE-2024-53169
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: fix kernel crash while shutting down controller The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in while shutting down a fabric controller. In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: fix kernel crash while shutting down controller The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in whi... • https://git.kernel.org/stable/c/a54a93d0e3599b05856971734e15418ac551a14c •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53168 – sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket
https://notcve.org/view.php?id=CVE-2024-53168
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: