CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57801 – net/mlx5e: Skip restore TC rules for vport rep without loaded flag
https://notcve.org/view.php?id=CVE-2024-57801
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: Omitir ... • https://git.kernel.org/stable/c/d1569537a837d66620aa7ffc2bddf918e902f227 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57795 – RDMA/rxe: Remove the direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57795
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.1... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2024-54031 – netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext
https://notcve.org/view.php?id=CVE-2024-54031
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21... • https://git.kernel.org/stable/c/98d62cf0e26305dd6a1932a4054004290f4194bb •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-53681 – nvmet: Don't overflow subsysnqn
https://notcve.org/view.php?id=CVE-2024-53681
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of using the old buffer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: No desborde subsysnqn nvmet_root_discovery_nqn_store trata la cadena subsysnqn como un búfer de tamaño fijo, aunque se ... • https://git.kernel.org/stable/c/95409e277d8343810adf8700d29d4329828d452b •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-39282 – net: wwan: t7xx: Fix FSM command timeout issue
https://notcve.org/view.php?id=CVE-2024-39282
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D ... • https://git.kernel.org/stable/c/13e920d93e37fcaef4a9309515798a3cae9dcf19 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36476 – RDMA/rtrs: Ensure 'ib_sge list' is accessible
https://notcve.org/view.php?id=CVE-2024-36476
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables... • https://git.kernel.org/stable/c/9cb837480424e78ed585376f944088246685aec3 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21629 – net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
https://notcve.org/view.php?id=CVE-2025-21629
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * - %NETIF_F_IPV6_CSUM * - Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Nex... • https://git.kernel.org/stable/c/a84978a9cda68f0afe3f01d476c68db21526baf1 •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-57903 – net: restrict SO_REUSEPORT to inet sockets
https://notcve.org/view.php?id=CVE-2024-57903
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locki... • https://git.kernel.org/stable/c/8c7138b33e5c690c308b2a7085f6313fdcb3f616 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57902 – af_packet: fix vlan_get_tci() vs MSG_PEEK
https://notcve.org/view.php?id=CVE-2024-57902
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57901 – af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
https://notcve.org/view.php?id=CVE-2024-57901
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev: