CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58016 – safesetid: check size of policy writes
https://notcve.org/view.php?id=CVE-2024-58016
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. [PM: subject tweak] • https://git.kernel.org/stable/c/a0dec65f88c8d9290dfa1d2ca1e897abe54c5881 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-58015 – wifi: ath12k: Fix for out-of bound access error
https://notcve.org/view.php?id=CVE-2024-58015
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix for out-of bound access error Selfgen stats are placed in a buffer using print_array_to_buf_index() function. Array length parameter passed to the function is too big, resulting in possible out-of bound memory error. Decreasing buffer size by one fixes faulty upper bound of passed array. Discovered in coverity scan, CID 1600742 and CID 1600758 • https://git.kernel.org/stable/c/8700c4bf8b7ed98037d2acf1eaf770ad6dd431d4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58014 – wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()
https://notcve.org/view.php?id=CVE-2024-58014
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access. Compile tested only. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/ada9df08b3ef683507e75b92f522fb659260147f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58013 – Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync
https://notcve.org/view.php?id=CVE-2024-58013
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in mgmt_remove_adv_monitor_sync+0x3a/0xd0 net/bluetooth/mgmt.c:5543 Read of size 8 at addr ffff88814128f898 by task kworker/u9:4/5961 CPU: 1 UID: 0 PID: 5961 Comm: kworker/u9:4 Not tainted 6.12.0-syzkaller-10684-gf1cd565ce577 #0 Hardwa... • https://git.kernel.org/stable/c/75e65b983c5e2ee51962bfada98a79d805f28827 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-58012 – ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params
https://notcve.org/view.php?id=CVE-2024-58012
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params Each cpu DAI should associate with a widget. However, the topology might not create the right number of DAI widgets for aggregated amps. And it will cause NULL pointer deference. Check that the DAI widget associated with the CPU DAI is valid to prevent NULL pointer deference due to missing DAI widgets in topologies with aggregated amps. • https://git.kernel.org/stable/c/e012a77e4d7632cf615ba9625b1600ed8985c3b5 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58011 – platform/x86: int3472: Check for adev == NULL
https://notcve.org/view.php?id=CVE-2024-58011
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs. Add a check for adev not being set and return -ENODEV in that case to avoid a possible NULL pointer deref in skl_int3472_get_acpi_buffer(). • https://git.kernel.org/stable/c/4f8b210823cc2d1f9d967f089a6c00d025bb237f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58010 – binfmt_flat: Fix integer overflow bug on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-58010
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix integer overflow bug on 32 bit systems Most of these sizes and counts are capped at 256MB so the math doesn't result in an integer overflow. The "relocs" count needs to be checked as well. Otherwise on 32bit systems the calculation of "full_data" could be wrong. full_data = data_len + relocs * sizeof(unsigned long); • https://git.kernel.org/stable/c/c995ee28d29d6f256c3a8a6c4e66469554374f25 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-58009 – Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc
https://notcve.org/view.php?id=CVE-2024-58009
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it. Seemingly a more elegant solution would be to swap bt_sock_alloc() and l2cap_chan_create() calls since they are not interdependent to that moment but then l2cap_chan_create() adds the soon to be deallocated and still... • https://git.kernel.org/stable/c/bb2f2342a6ddf7c04f9aefbbfe86104cd138e629 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-58007 – soc: qcom: socinfo: Avoid out of bounds read of serial number
https://notcve.org/view.php?id=CVE-2024-58007
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: soc: qcom: socinfo: Avoid out of bounds read of serial number On MSM8916 devices, the serial number exposed in sysfs is constant and does not change across individual devices. It's always: db410c:/sys/devices/soc0$ cat serial_number 2644893864 The firmware used on MSM8916 exposes SOCINFO_VERSION(0, 8), which does not have support for the serial_num field in the socinfo struct. There is an existing check to avoid exposing the serial number i... • https://git.kernel.org/stable/c/efb448d0a3fca01bb987dd70963da6185b81751e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-58005 – tpm: Change to kvalloc() in eventlog/acpi.c
https://notcve.org/view.php?id=CVE-2024-58005
27 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: Change to kvalloc() in eventlog/acpi.c The following failure was reported on HPE ProLiant D320: [ 10.693310][ T1] tpm_tis STM0925:00: 2.0 TPM (device-id 0x3, rev-id 0) [ 10.848132][ T1] ------------[ cut here ]------------ [ 10.853559][ T1] WARNING: CPU: 59 PID: 1 at mm/page_alloc.c:4727 __alloc_pages_noprof+0x2ca/0x330 [ 10.862827][ T1] Modules linked in: [ 10.866671][ T1] CPU: 59 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-lp155... • https://git.kernel.org/stable/c/55a82ab3181be039c6440d3f2f69260ad6fe2988 •