CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57802 – netrom: check buffer length before accessing it
https://notcve.org/view.php?id=CVE-2024-57802
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57795 – RDMA/rxe: Remove the direct link to net_device
https://notcve.org/view.php?id=CVE-2024-57795
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.1... • https://git.kernel.org/stable/c/8700e3e7c4857d28ebaa824509934556da0b3e76 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21629 – net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
https://notcve.org/view.php?id=CVE-2025-21629
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * - %NETIF_F_IPV6_CSUM * - Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Nex... • https://git.kernel.org/stable/c/a84978a9cda68f0afe3f01d476c68db21526baf1 •
CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0CVE-2024-57903 – net: restrict SO_REUSEPORT to inet sockets
https://notcve.org/view.php?id=CVE-2024-57903
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locki... • https://git.kernel.org/stable/c/8c7138b33e5c690c308b2a7085f6313fdcb3f616 •
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57902 – af_packet: fix vlan_get_tci() vs MSG_PEEK
https://notcve.org/view.php?id=CVE-2024-57902
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:
CVSS: 6.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-57901 – af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
https://notcve.org/view.php?id=CVE-2024-57901
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2024-57900 – ila: serialize calls to nf_register_net_hooks()
https://notcve.org/view.php?id=CVE-2024-57900
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands. Add a mutex to make sure at most one thread is calling nf_register_net_hooks(). [1] BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: K... • https://git.kernel.org/stable/c/7f00feaf107645d95a6d87e99b4d141ac0a08efd •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-57899 – wifi: mac80211: fix mbss changed flags corruption on 32 bit systems
https://notcve.org/view.php?id=CVE-2024-57899
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adju... • https://git.kernel.org/stable/c/86772872f9f5097cd03d0e1c6813238bd38c250b •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-57898 – wifi: cfg80211: clear link ID from bitmap during link delete after clean up
https://notcve.org/view.php?id=CVE-2024-57898
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() i... • https://git.kernel.org/stable/c/ae07daf440d3220d0986e676317a5da66e4f9dfd •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2024-57897 – drm/amdkfd: Correct the migration DMA map direction
https://notcve.org/view.php?id=CVE-2024-57897
15 Jan 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 -45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/. As there's no dma_sync_sing... • https://git.kernel.org/stable/c/22d36ad92e5703e2e9bdf228990c0999d5d53ea3 •