CLSA-2025-1736778412 kernel: Fix of 17 CVEs

tracing: Free buffers when a used dynamic event is removed CVE-2022-49006 - ASoC: ops: Check bounds for second channel in sndsocputvolswsx CVE-2022-48951 - ext4: fix slab-use-after-free in ext4splitextentat CVE-2024-49884 - ext4: fix bug on in ext4escacheextent as ext4splitextentat failed...

CLSA-2025-1736783731 kernel: Fix of 10 CVEs

media: edia: dvbdev: fix a use-after-free CVE-2024-27043 - vsock/virtio: Initialization of the dangling pointer occurring in vsk-trans CVE-2024-50264 - net/sched: stop qdisctreereducebacklog on TCHROOT CVE-2024-53057 - bpf: Fix out-of-bounds write in triegetnextkey CVE-2024-50262 - KVM: nSVM:...

CVE-2024-56769

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

DEBIAN-CVE-2024-56769

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

CVE-2024-56769

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

AZL-55082 CVE-2024-56769 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

UBUNTU-CVE-2024-56769

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg Syzbot reports 1 an uninitialized value issue found by KMSAN in dib3000readreg. Local u8 rb2 is used in i2ctransfer as a read buffer; in case that call fails, t...

CVE-2024-56769

CVE-2024-56769 affects the Linux kernel media DVB frontends, specifically the dib3000mb driver. The issue is a KMSAN-detected uninitialized value in dib3000_read_reg, arising from an inadequate error handling path in i2c_transfer() where a read buffer rb[2] can end up with undefined values if the...

kernel: media: edia: dvbdev: fix a use-after-free

In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvbregisterdevice, pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, pdvbdev is not set to NULL after dvbdev's deallocation, causing...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: media: xc2028: Avoid use-after-free in loadfirmwarecb Syzkaller reported a use-after-free in loadfirmwarecb 1. The reason is that the module allocated a struct tuner in tunerprobe, and then the module initialization failed, causi...

SUSE CVE-2024-53063

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

DEBIAN-CVE-2024-53063

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

AZL-53936 CVE-2024-53063 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

AZL-53840 CVE-2024-53063 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

UBUNTU-CVE-2024-53063

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

CVE-2024-53063 media: dvbdev: prevent the risk of out of memory access

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

CVE-2024-53063

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIGDVBDYNAMICMINORS is set or not. When not set, dvbregisterdevice won't che...

SUSE CVE-2024-50291

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: add missing buffer index check dvbvb2expbuf didn't check if the given buffer index was for a valid buffer. Add this check...

DEBIAN-CVE-2024-50291

In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: add missing buffer index check dvbvb2expbuf didn't check if the given buffer index was for a valid buffer. Add this check...

UBUNTU-CVE-2024-50289

In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110ca.c:270 dvbcaioctl warn: potential spectre issue 'av7110-cislot' w local cap There is a spectre-related vulnerability at the code...