CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-55881 – KVM: x86: Play nice with protected guests in complete_hypercall_exit()
https://notcve.org/view.php?id=CVE-2024-55881
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall vi... • https://git.kernel.org/stable/c/5969e2435cbd7f0ce8c28d717bfc39987ee8d8f1 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53690 – nilfs2: prevent use of deleted inode
https://notcve.org/view.php?id=CVE-2024-53690
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trig... • https://git.kernel.org/stable/c/d25006523d0b9e49fd097b2e974e7c8c05bd7f54 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-53685 – ceph: give up on paths longer than PATH_MAX
https://notcve.org/view.php?id=CVE-2024-53685
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and... • https://git.kernel.org/stable/c/e4b168c64da06954be5d520f6c16469b1cadc069 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-49571 – net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg
https://notcve.org/view.php?id=CVE-2024-49571
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field iparea_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks iparea_offset and ipv6_prefixes_cnt before using... • https://git.kernel.org/stable/c/e7b7a64a8493d47433fd003efbe6543e3f676294 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49568 – net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg
https://notcve.org/view.php?id=CVE-2024-49568
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2_ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt before using th... • https://git.kernel.org/stable/c/8c3dca341aea885249e08856c4380300b75d2cf5 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47408 – net/smc: check smcd_v2_ext_offset when receiving proposal msg
https://notcve.org/view.php?id=CVE-2024-47408
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/5c21c4ccafe85906db809de3af391fd434df8a27 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54683 – netfilter: IDLETIMER: Fix for possible ABBA deadlock
https://notcve.org/view.php?id=CVE-2024-54683
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== | WARNING: possible circular locking dependency detected | 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted | ------------------------------------------------------ | iptables/3303 is trying to acquire lock: | fff... • https://git.kernel.org/stable/c/0902b469bd25065aa0688c3cee6f11744c817e7c •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53687 – riscv: Fix IPIs usage in kfence_protect_page()
https://notcve.org/view.php?id=CVE-2024-53687
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all the cores, which triggers the following warning when the irqs are disabled: [ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] Modules linked in: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Hardware name: QEMU QEMU ... • https://git.kernel.org/stable/c/47513f243b452a5e21180dcf3d6ac1c57e1781a6 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53680 – ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init()
https://notcve.org/view.php?id=CVE-2024-53680
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time: vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6() At run... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-52332 – igb: Fix potential invalid memory access in igb_init_module()
https://notcve.org/view.php?id=CVE-2024-52332
11 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access. In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when th... • https://git.kernel.org/stable/c/bbd98fe48a43464b4a044bc4cbeefad284d6aa80 •