CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56648 – net: hsr: avoid potential out-of-bound access in fill_frame_info()
https://notcve.org/view.php?id=CVE-2024-56648
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 fill_frame_info net/hsr/hsr_forward... • https://git.kernel.org/stable/c/f6442ee08fe66c8e45c4f246531a2aaf4f17a7a7 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56647 – net: Fix icmp host relookup triggering ip_rt_bug
https://notcve.org/view.php?id=CVE-2024-56647
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Call ... • https://git.kernel.org/stable/c/8b7817f3a959ed99d7443afc12f78a7e1fcc2063 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56645 – can: j1939: j1939_session_new(): fix skb reference counting
https://notcve.org/view.php?id=CVE-2024-56645
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_session_new(): fix skb reference counting Since j1939_session_skb_queue() does an extra skb_get() for each new skb, do the same for the initial one in j1939_session_new() to avoid refcount underflow. [mkl: clean up commit message] • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56644 – net/ipv6: release expired exception dst cached in socket
https://notcve.org/view.php?id=CVE-2024-56644
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must be fulfilled for the leak to occur: * an ICMPv6 packet indicating a change of the MTU for the path is received, resulting in an exception dst being created * a TCP connection that uses the exception dst for ... • https://git.kernel.org/stable/c/54c1a859efd9fd6cda05bc700315ba2519c14eba •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56643 – dccp: Fix memory leak in dccp_feat_change_recv
https://notcve.org/view.php?id=CVE-2024-56643
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 0... • https://git.kernel.org/stable/c/e77b8363b2ea7c0d89919547c1a8b0562f298b57 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56642 – tipc: Fix use-after-free of kernel socket in cleanup_bearer().
https://notcve.org/view.php?id=CVE-2024-56642
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), cleanup of the UDP kernel socket is deferred by work calling cleanup_bearer(). tipc_net_stop() waits for such works to finish by checking tipc_net(net)->wq_count. However, the work decrements the count too early before releasing ... • https://git.kernel.org/stable/c/26abe14379f8e2fa3fd1bcf97c9a7ad9364886fe •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56641 – net/smc: initialize close_work early to avoid warning
https://notcve.org/view.php?id=CVE-2024-56641
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [... • https://git.kernel.org/stable/c/46c28dbd4c23c3f7fa37f5ea48772af79c9cc40e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56640 – net/smc: fix LGR and link use-after-free issue
https://notcve.org/view.php?id=CVE-2024-56640
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140 Workqueue: events smc_lgr_terminate_work [smc] Call trace: refcount_warn_saturate+0x9c/0x140 ... • https://git.kernel.org/stable/c/3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56638 – netfilter: nft_inner: incorrect percpu area handling under softirq
https://notcve.org/view.php?id=CVE-2024-56638
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh and perform three checks before restoring the percpu inner header offsets to validate that the percpu area is valid for this skbuff: 1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff has already been parsed befor... • https://git.kernel.org/stable/c/3a07327d10a09379315c844c63f27941f5081e0a •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56637 – netfilter: ipset: Hold module reference while requesting a module
https://notcve.org/view.php?id=CVE-2024-56637
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. • https://git.kernel.org/stable/c/a7b4f989a629493bb4ec4a354def784d440b32c4 •