CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2024-56548 – hfsplus: don't query the device logical block size multiple times
https://notcve.org/view.php?id=CVE-2024-56548
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a ne... • https://git.kernel.org/stable/c/6596528e391ad978a6a120142cba97a1d7324cb6 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56539 – wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan()
https://notcve.org/view.php?id=CVE-2024-56539
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/... • https://git.kernel.org/stable/c/5e6e3a92b9a4c9416b17f468fa5c7fa2233b8b4e •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56533 – ALSA: usx2y: Use snd_card_free_when_closed() at disconnection
https://notcve.org/view.php?id=CVE-2024-56533
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This va... • https://git.kernel.org/stable/c/230cd5e24853ed4dd960461989b8ed0986d37a99 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56532 – ALSA: us122l: Use snd_card_free_when_closed() at disconnection
https://notcve.org/view.php?id=CVE-2024-56532
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This v... • https://git.kernel.org/stable/c/030a07e441296c372f946cd4065b5d831d8dc40c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56531 – ALSA: caiaq: Use snd_card_free_when_closed() at disconnection
https://notcve.org/view.php?id=CVE-2024-56531
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This va... • https://git.kernel.org/stable/c/523f1dce37434a9a6623bf46e7893e2b4b10ac3c •
CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53239 – ALSA: 6fire: Release resources at card release
https://notcve.org/view.php?id=CVE-2024-53239
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback. In the Linux kernel, ... • https://git.kernel.org/stable/c/c6d43ba816d1cf1d125bfbfc938f2a28a87facf9 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53227 – scsi: bfa: Fix use-after-free in bfad_im_module_exit()
https://notcve.org/view.php?id=CVE-2024-53227
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53217 – NFSD: Prevent NULL dereference in nfsd4_process_cb_update()
https://notcve.org/view.php?id=CVE-2024-53217
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault. In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel ... • https://git.kernel.org/stable/c/dcbeaa68dbbdacbbb330a86c7fc95a28473fc209 •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53214 – vfio/pci: Properly hide first-in-list PCIe extended capability
https://notcve.org/view.php?id=CVE-2024-53214
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally chosen to be hidden from the user. Hiding a capability is done by virtualizing and modifying the 'Next Capability Offset' field of the previous capability so it points ... • https://git.kernel.org/stable/c/89e1f7d4c66d85f42c3d52ea3866eb10cadf6153 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53210 – s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
https://notcve.org/view.php?id=CVE-2024-53210
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID... • https://git.kernel.org/stable/c/eac3731bd04c7131478722a3c148b78774553116 •