CVE-2024-56585

CVE-2024-56585 : In PREEMPT_RT Linux kernels on LoongArch, a sleeping-in-atomic-context issue arises due to a GFP flag change (GFP_KERNEL to GFP_ATOMIC) for alloc_pages_node() in setup_tlb_handler(). The underlying problem is that PREEMPT_RT replaces normal spinlocks with rt-spinlocks, and rt_spi...

CVE-2024-56581 btrfs: ref-verify: fix use-after-free after invalid ref action

In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfsreftreemod after we successfully inserted the new ref entry local variable 'ref' into the respective block entry's rbtree local variable 'be', if we find an...

CVE-2024-56553 binder: fix memleak of proc->delivered_freeze

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

CVE-2024-53180

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime-dmaarea properly. Add a proper NULL check before passing to virttopage for avoiding a panic...

CVE-2024-56545 HID: hyperv: streamline driver probe to avoid devres issues

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hidhyperv' module results in a devres complaint: ... hvvmbus: unregistering driver hidhyperv ------------ cut here ------------ WARNING: CPU...

CVE-2024-53222

Concretely, CVE-2024-53222 affects Linux zram: the zram_add() path can dereference NULL for zram->comp_algs[ZRAM_PRIMARY_COMP] if comp_algorithm_set() hasn’t run yet. The fix moves the necessary setup earlier (ahead of device_add_disk()) so the zram device is ready before users can access it v...

CVE-2024-53216 nfsd: release svc_expkey/svc_export with rcu_work

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcuwork The last reference for cachehead can be reduced to zero in cshow and eshowusing rcureadlock and rcureadunlock. Consequently, svcexportput and expkeyput will be invoked, leading to tw...

CVE-2024-53216 nfsd: release svc_expkey/svc_export with rcu_work

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcuwork The last reference for cachehead can be reduced to zero in cshow and eshowusing rcureadlock and rcureadunlock. Consequently, svcexportput and expkeyput will be invoked, leading to tw...

CVE-2024-53211

CVE-2024-53211 : In the Linux kernel, the l2tp_exit_net path could observe a non-empty IDR due to a radix-tree internal-node condition when idr_is_empty() was used. The bug allowed idr_is_empty() to return false despite no items, triggering a warning and potentially unsafe destruction sequence. T...

CVE-2024-53186 ksmbd: fix use-after-free in SMB request handling

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling in ksmbdconnhandlerloop and the freeing of ksmbdconn in the workqueue handler handleksmbdwork. This leads to a UAF. - KASAN:...

CVE-2024-53180

Technical details and affected products/versions for CVE-2024-53180 are not present in the connected documents. The initial description summarizes a Linux kernel change but lacks explicit exploit, affected driver/version, or patch details. Monitor vendor advisories for updates.

CVE-2024-53171 ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifstncendcommit After an insertion in TNC, the tree might split and cause a node to change its znode-parent. A further deletion of other nodes in the tree which also could free the...

CVE-2024-53171

CVE-2024-53171 affects the Linux kernel ubifs authentication path. The published details describe a use-after-free in ubifs_tnc_end_commit arising when a node’s znode->parent changes due to a tree split, while the node’s znode->cparent may still point to freed memory after deletions. The is...

CVE-2024-53168 sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcpwritetimerhandler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not...

CVE-2022-49034 sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS are selected, cpumaxbitswarn generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using...

CVE-2024-53154

In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applncoprobe Add NULL check in applncoprobe, to handle kernel NULL pointer dereference error...

CVE-2024-53147

In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if startclu becomes an EOF clusteran invalid cluster due to file system corruption, then the...

CVE-2024-53146 NFSD: Prevent a potential integer overflow

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...

CVE-2024-53146 NFSD: Prevent a potential integer overflow

In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is = U32MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decodecbcompound4res...

LSN-0108-1: Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and cryptoaeaddecrypt returns -EBUSY, tlsdodecryption will wait until all async decryptions have completed. If one of them fails,...