CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56606 – af_packet: avoid erroring out after sock_init_data() in packet_create()
https://notcve.org/view.php?id=CVE-2024-56606
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. • https://git.kernel.org/stable/c/71b22837a5e55ac27d6a14b9cdf2326587405c4f •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56605 – Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()
https://notcve.org/view.php?id=CVE-2024-56605
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. • https://git.kernel.org/stable/c/f6ad641646b67f29c7578dcd6c25813c7dcbf51e •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56604 – Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()
https://notcve.org/view.php?id=CVE-2024-56604
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). • https://git.kernel.org/stable/c/ac3eaac4cf142a15fe67be747a682b1416efeb6e •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56603 – net: af_can: do not leave a dangling sk pointer in can_create()
https://notcve.org/view.php?id=CVE-2024-56603
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later. • https://git.kernel.org/stable/c/884ae8bcee749be43a071d6ed2d89058dbd2425c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56602 – net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
https://notcve.org/view.php?id=CVE-2024-56602
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. • https://git.kernel.org/stable/c/1d5fe782c0ff068d80933f9cfd0fd39d5434bbc9 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56601 – net: inet: do not leave a dangling sk pointer in inet_create()
https://notcve.org/view.php?id=CVE-2024-56601
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error. • https://git.kernel.org/stable/c/f8a3f255f7509a209292871715cda03779640c8d •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56600 – net: inet6: do not leave a dangling sk pointer in inet6_create()
https://notcve.org/view.php?id=CVE-2024-56600
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error. • https://git.kernel.org/stable/c/f2709d1271cfdf55c670ab5c5982139ab627ddc7 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56599 – wifi: ath10k: avoid NULL pointer error during sdio remove
https://notcve.org/view.php?id=CVE-2024-56599
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c This is because during 'rmmod... • https://git.kernel.org/stable/c/543c0924d446b21f35701ca084d7feca09511220 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56598 – jfs: array-index-out-of-bounds fix in dtReadFirst
https://notcve.org/view.php?id=CVE-2024-56598
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. • https://git.kernel.org/stable/c/25f1e673ef61d6bf9a6022e27936785896d74948 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56597 – jfs: fix shift-out-of-bounds in dbSplit
https://notcve.org/view.php?id=CVE-2024-56597
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself. • https://git.kernel.org/stable/c/bbb24ce7f06ef9b7c05beb9340787cbe9fd3d08e •