CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56640 – net/smc: fix LGR and link use-after-free issue
https://notcve.org/view.php?id=CVE-2024-56640
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140 Workqueue: events smc_lgr_terminate_work [smc] Call trace: refcount_warn_saturate+0x9c/0x140 ... • https://git.kernel.org/stable/c/3b2dec2603d5b06ad3af71c1164ca0b92df3d2a8 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56638 – netfilter: nft_inner: incorrect percpu area handling under softirq
https://notcve.org/view.php?id=CVE-2024-56638
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh and perform three checks before restoring the percpu inner header offsets to validate that the percpu area is valid for this skbuff: 1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff has already been parsed befor... • https://git.kernel.org/stable/c/3a07327d10a09379315c844c63f27941f5081e0a •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56637 – netfilter: ipset: Hold module reference while requesting a module
https://notcve.org/view.php?id=CVE-2024-56637
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. • https://git.kernel.org/stable/c/a7b4f989a629493bb4ec4a354def784d440b32c4 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56636 – geneve: do not assume mac header is set in geneve_xmit_skb()
https://notcve.org/view.php?id=CVE-2024-56636
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 skb_mac_header include/linux/skbuff.h:3052 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 eth_hdr include/linux/if_ether.h:24 [inline] WARNING: CPU: 0 PI... • https://git.kernel.org/stable/c/a025fb5f49ad38cf749753b16fcd031d0d678f2b •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56635 – net: avoid potential UAF in default_operstate()
https://notcve.org/view.php?id=CVE-2024-56635
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(), we can not assume the netns of each device is still alive. Make sure the device is not in NETREG_UNREGISTERED state, and add an ASSERT_RTNL() before the call to __dev_get_by_index(). We might move this ASSERT_RTNL() in __dev_get_by_i... • https://git.kernel.org/stable/c/8c55facecd7ade835287298ce325f930d888d8ec •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56634 – gpio: grgpio: Add NULL check in grgpio_probe
https://notcve.org/view.php?id=CVE-2024-56634
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL pointer dereference error. • https://git.kernel.org/stable/c/7eb6ce2f272336ff8337f40fa8668fa04dc2d684 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56633 – tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg
https://notcve.org/view.php?id=CVE-2024-56633
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes. Potential problems with this strategy are as follows: - If the actual sent bytes are smaller than tosend, we need to charge some bytes back, as in line 487, which is okay but seems not clean. - When tosend is set to apply_bytes, a... • https://git.kernel.org/stable/c/604326b41a6fb9b4a78b6179335decee0365cd8c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56631 – scsi: sg: Fix slab-use-after-free read in sg_release()
https://notcve.org/view.php?id=CVE-2024-56631
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5838 __mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912 sg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407 In sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is called before releasing the open_rel_lock mut... • https://git.kernel.org/stable/c/cc833acbee9db5ca8c6162b015b4c93863c6f821 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56630 – ocfs2: free inode when ocfs2_get_init_inode() fails
https://notcve.org/view.php?id=CVE-2024-56630
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed. • https://git.kernel.org/stable/c/9c89fe0af826bfff36d8019ea6fd78db09b3c478 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56629 – HID: wacom: fix when get product name maybe null pointer
https://notcve.org/view.php?id=CVE-2024-56629
27 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard. Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor... • https://git.kernel.org/stable/c/09dc28acaec74d7467c7c9b81dc8676e5bc957ce •