CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56705 – media: atomisp: Add check for rgby_data memory allocation failure
https://notcve.org/view.php?id=CVE-2024-56705
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgby_data memory allocation failure In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue. In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for ... • https://git.kernel.org/stable/c/a49d25364dfb9f8a64037488a39ab1f56c5fa419 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56704 – 9p/xen: fix release of IRQ
https://notcve.org/view.php?id=CVE-2024-56704
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fix release of IRQ Kernel logs indicate an IRQ was double-freed. Pass correct device ID during IRQ release. [Dominique: remove confusing variable reset to 0] • https://git.kernel.org/stable/c/71ebd71921e451f0f942ddfe85d01e31ddc6eb88 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56700 – media: wl128x: Fix atomicity violation in fmc_send_cmd()
https://notcve.org/view.php?id=CVE-2024-56700
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later part... • https://git.kernel.org/stable/c/e8454ff7b9a4d56f02c095bff12d3c92ef4c7fa6 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56692 – f2fs: fix to do sanity check on node blkaddr in truncate_node()
https://notcve.org/view.php?id=CVE-2024-56692
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncate_node() syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 Call Trace: truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909 f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288 f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856 evict+0x4e8/0x9b0 fs/inode.c:723 f2fs_h... • https://git.kernel.org/stable/c/27d6e7eff07f8cce8e83b162d8f21a07458c860d •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56691 – mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device
https://notcve.org/view.php?id=CVE-2024-56691
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not... • https://git.kernel.org/stable/c/9c6235c8633210cc2da0882e2e9d6ff90aa37503 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56688 – sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
https://notcve.org/view.php?id=CVE-2024-56688
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL. In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport... • https://git.kernel.org/stable/c/7196dbb02ea05835b9ee56910ee82cb55422c7f1 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56681 – crypto: bcm - add error check in the ahash_hmac_init function
https://notcve.org/view.php?id=CVE-2024-56681
28 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error. In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac... • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56670 – usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer
https://notcve.org/view.php?id=CVE-2024-56670
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver... • https://git.kernel.org/stable/c/c1dca562be8ada614ef193aa246c6f8705bcd6b9 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56659 – net: lapb: increase LAPB_HEADER_LEN
https://notcve.org/view.php?id=CVE-2024-56659
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPB_HEADER_LEN It is unclear if net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following : skbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5508 Com... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56658 – net: defer final 'struct net' free in netns dismantle
https://notcve.org/view.php?id=CVE-2024-56658
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops. But net structure might be freed before all the dst callbacks are called. So when dst_destroy() calls later : if (dst->ops->destroy) dst->ops->destroy(dst); dst->ops points to the old net->xfrm.xfrm[46]_dst_ops, wh... • https://git.kernel.org/stable/c/a8a572a6b5f2a79280d6e302cb3c1cb1fbaeb3e8 •