CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53157 – firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
https://notcve.org/view.php?id=CVE-2024-53157
24 Dec 2024 — | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid... • https://git.kernel.org/stable/c/8cb7cf56c9fe5412de238465b27ef35b4d2801aa •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53156 – wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
https://notcve.org/view.php?id=CVE-2024-53156
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_... • https://git.kernel.org/stable/c/fb9987d0f748c983bb795a86f47522313f701a08 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53155 – ocfs2: fix uninitialized value in ocfs2_file_read_iter()
https://notcve.org/view.php?id=CVE-2024-53155
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __allo... • https://git.kernel.org/stable/c/7cdfc3a1c3971c9125c317cb8c2525745851798e •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53154 – clk: clk-apple-nco: Add NULL check in applnco_probe
https://notcve.org/view.php?id=CVE-2024-53154
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. • https://git.kernel.org/stable/c/6641057d5dba87338780cf3e0d0ae8389ef1125c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53153 – PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
https://notcve.org/view.php?id=CVE-2024-53153
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of qcom_pcie_perst_assert() i.e., when the host has asserted PERST#. In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Curren... • https://git.kernel.org/stable/c/570d7715eed8a29ac5bd96c7694f060a991e5a31 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53152 – PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
https://notcve.org/view.php?id=CVE-2024-53152
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted PERST#. In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_... • https://git.kernel.org/stable/c/570d7715eed8a29ac5bd96c7694f060a991e5a31 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-53151 – svcrdma: Address an integer overflow
https://notcve.org/view.php?id=CVE-2024-53151
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > warn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool x... • https://git.kernel.org/stable/c/78147ca8b4a9b6cf0e597ddd6bf17959e08376c2 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53150 – ALSA: usb-audio: Fix out of bounds reads when finding clock sources
https://notcve.org/view.php?id=CVE-2024-53150
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. • https://git.kernel.org/stable/c/a632bdcb359fd8145e86486ff8612da98e239acd •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53149 – usb: typec: ucsi: glink: fix off-by-one in connector_status
https://notcve.org/view.php?id=CVE-2024-53149
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. • https://git.kernel.org/stable/c/76716fd5bf09725c2c6825264147f16c21e56853 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53148 – comedi: Flush partial mappings in error case
https://notcve.org/view.php?id=CVE-2024-53148
24 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer p... • https://git.kernel.org/stable/c/ed9eccbe8970f6eedc1b978c157caf1251a896d4 •