CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56769 – media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
https://notcve.org/view.php?id=CVE-2024-56769
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bu... • https://git.kernel.org/stable/c/74340b0a8bc60b400c7e5fe4950303aa6f914d16 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56767 – dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
https://notcve.org/view.php?id=CVE-2024-56767
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: at_xdmac: evitar null_prt_deref en at_xdmac_prep_dma_memset El... • https://git.kernel.org/stable/c/b206d9a23ac71cb905f5fb6e0cd813406f89b678 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2024-56766 – mtd: rawnand: fix double free in atmel_pmecc_create_user()
https://notcve.org/view.php?id=CVE-2024-56766
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: rawnand: se corrige una liberación doble en atmel_pmecc_create_user(). El puntero "usuario" pasó de estar asignado con kzalloc() a estar asignado por devm_kza... • https://git.kernel.org/stable/c/24cbc37e837fd9e31e5024480b779207d1d99f1d •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56765 – powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
https://notcve.org/view.php?id=CVE-2024-56765
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window is active. The paste address mapping will be removed when the window is closed or with the munmap(). But the VMA address in the VAS window is not updated with munmap() which is causing invalid access during mig... • https://git.kernel.org/stable/c/37e6764895ef7431f45ff603a548549d409993d2 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56763 – tracing: Prevent bad count for tracing_cpumask_write
https://notcve.org/view.php?id=CVE-2024-56763
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tracing: Evitar recuento incorrecto para tracing_cpumask_write Si se proporciona un recuento alto, se activará una advertencia en bitmap_parse_user. También verifique que esté a cero. In the Linux kernel, the following vul... • https://git.kernel.org/stable/c/9e01c1b74c9531e301c900edaa92a99fcb7738f2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56759 – btrfs: fix use-after-free when COWing tree bock and tracing is enabled
https://notcve.org/view.php?id=CVE-2024-56759
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last referenc... • https://git.kernel.org/stable/c/c3a403d8ce36f5a809a492581de5ad17843e4701 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56758 – btrfs: check folio mapping after unlock in relocate_one_folio()
https://notcve.org/view.php?id=CVE-2024-56758
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like t... • https://git.kernel.org/stable/c/e7f1326cc24e22b38afc3acd328480a1183f9e79 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56757 – Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
https://notcve.org/view.php?id=CVE-2024-56757
06 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btusb: mediatek: agre... • https://git.kernel.org/stable/c/cc569d791ab2a0de74f76e470515d25d24c9b84b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49035 – media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE
https://notcve.org/view.php?id=CVE-2022-49035
02 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. • https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-56756 – nvme-pci: fix freeing of the HMB descriptor table
https://notcve.org/view.php?id=CVE-2024-56756
29 Dec 2024 — In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to ... • https://git.kernel.org/stable/c/87ad72a59a38d1df217cfd95bc222a2edfe5d399 •