CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56657 – ALSA: control: Avoid WARN() for symlink errors
https://notcve.org/view.php?id=CVE-2024-56657
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN() for symlink errors Using WARN() for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each control element creation. More badly, the use of WARN() rather confuses fuzzer as if it were serious issues. This patch downgrades the warning messages to use the normal dev_err() instead of WARN(). For makin... • https://git.kernel.org/stable/c/a135dfb5de1501327895729b4f513370d2555b4d •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2024-56651 – can: hi311x: hi3110_can_ist(): fix potential use-after-free
https://notcve.org/view.php?id=CVE-2024-56651
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the... • https://git.kernel.org/stable/c/a22bd630cfff496b270211745536e50e98eb3a45 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56650 – netfilter: x_tables: fix LED ID check in led_tg_check()
https://notcve.org/view.php?id=CVE-2024-56650
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dump_stack_lvl+0x241/0x360 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? _printk+0xd5/0x120 ? __virt_addr_valid+0x183/0x530 ? • https://git.kernel.org/stable/c/268cb38e1802db560c73167e643f14a3dcb4b07c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56648 – net: hsr: avoid potential out-of-bound access in fill_frame_info()
https://notcve.org/view.php?id=CVE-2024-56648
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 fill_frame_info net/hsr/hsr_forward... • https://git.kernel.org/stable/c/f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56647 – net: Fix icmp host relookup triggering ip_rt_bug
https://notcve.org/view.php?id=CVE-2024-56647
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Call ... • https://git.kernel.org/stable/c/8b7817f3a959ed99d7443afc12f78a7e1fcc2063 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56645 – can: j1939: j1939_session_new(): fix skb reference counting
https://notcve.org/view.php?id=CVE-2024-56645
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_session_new(): fix skb reference counting Since j1939_session_skb_queue() does an extra skb_get() for each new skb, do the same for the initial one in j1939_session_new() to avoid refcount underflow. [mkl: clean up commit message] • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56644 – net/ipv6: release expired exception dst cached in socket
https://notcve.org/view.php?id=CVE-2024-56644
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must be fulfilled for the leak to occur: * an ICMPv6 packet indicating a change of the MTU for the path is received, resulting in an exception dst being created * a TCP connection that uses the exception dst for ... • https://git.kernel.org/stable/c/54c1a859efd9fd6cda05bc700315ba2519c14eba •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56643 – dccp: Fix memory leak in dccp_feat_change_recv
https://notcve.org/view.php?id=CVE-2024-56643
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 0... • https://git.kernel.org/stable/c/e77b8363b2ea7c0d89919547c1a8b0562f298b57 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56642 – tipc: Fix use-after-free of kernel socket in cleanup_bearer().
https://notcve.org/view.php?id=CVE-2024-56642
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), cleanup of the UDP kernel socket is deferred by work calling cleanup_bearer(). tipc_net_stop() waits for such works to finish by checking tipc_net(net)->wq_count. However, the work decrements the count too early before releasing ... • https://git.kernel.org/stable/c/26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56641 – net/smc: initialize close_work early to avoid warning
https://notcve.org/view.php?id=CVE-2024-56641
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [... • https://git.kernel.org/stable/c/46c28dbd4c23c3f7fa37f5ea48772af79c9cc40e •