CVE-2024-56565

Technical details about CVE-2024-56565 are not provided in the supplied documents. Monitor for updates.

CVE-2024-56558 nfsd: make sure exp active before svc_export_show

In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svcexportshow The function eshow was called with protection from RCU. This only ensures that exp will not be freed. Therefore, the reference count for exp can drop to zero, which will trigger a...

CVE-2024-56550 s390/stacktrace: Use break instead of return statement

In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement archstackwalkusercommon contains a return statement instead of a break statement in case storeip fails while trying to store a callchain entry of a user space process. This m...

CVE-2024-56549 cachefiles: Fix NULL pointer dereference in object->file

In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object-file At present, the object-file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object-file lifetime are inconsistent, and...

CVE-2024-56548 hfsplus: don't query the device logical block size multiple times

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOPSETBLOCKSIZE. While this may cause other issues like IO being rejected, in t...

CVE-2024-56541 wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12kdpcccleanup During ath12k module removal, in ath12kcoredeinit, ath12kmacdestroy un-registers ah-hw from mac80211 and frees the ah-hw as well as all the ar's in it. After this...

CVE-2024-53206 tcp: Fix use-after-free of nreq in reqsk_timer_handler().

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsktimerhandler. The cited commit replaced inetcskreqskqueuedropandput with inetcskreqskqueuedrop and reqskput in reqsktimerhandler. Then, oreq should be passed to reqskput instead of req;...

CVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfsreleaseseqid in...

UBUNTU-CVE-2024-53153

In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcompcieperstdeassert Currently, the endpoint cleanup function dwpcieepcleanup and EPF deinit notify function pciepcdeinitnotify are called during the execution of qcompcieperstassert i.e...

CVE-2024-53150

The CVE-2024-53150 issue affects the Linux kernel USB-audio (ALSA: usb-audio). The root cause is that the driver does not validate the bLength field of descriptors while traversing clock-related descriptors, allowing a bogus shorter descriptor to cause out-of-bounds reads. The public patch adds s...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-47698)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47698 advisory. - In the Linux kernel, the following vulnerability has been resolved: drivers: media: dvb-frontends/rtl2832: f...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-50035)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-50035 advisory. - In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access...

Medium: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: iouring: fix possible deadlock in ioregisteriowqmaxworkers CVE-2024-41080 In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points CVE-2024-4999...

SUSE SLES15 Security Update : kernel (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:4218-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4218-1 advisory. This update for the Linux Kernel 5.14.21-1505005549 fixes several issues. The following security issues were fixed: - CVE-2021-47517: Fix panic...

UBUNTU-CVE-2024-53129

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtcstate. Fix warning: drivers/gpu/drm/rockchip/rockchipdrmvop.c:1096 vopplaneatomicasynccheck warn: variable dereferenced...

SUSE CVE-2024-53068

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix slab-use-after-free in scmibusnotifier The scmidev-name is released prematurely in scmidevicedestroy, which causes slab-use-after-free when accessing scmidev-name in scmibusnotifier. So move the release of...

kernel: rcutorture: Fix ksoftirqd boosting timing and iteration

In the Linux kernel, the following vulnerability has been resolved: rcutorture: Fix ksoftirqd boosting timing and iteration The RCU priority boosting can fail in two situations: 1 If nrcpus= maxcpus=, which means if the total number of CPUs is higher than those brought online at boot, then...

AZL-52408 CVE-2024-50135 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvmedevdisable nvmedevdisable modifies the dev-onlinequeues field, therefore nvmepciupdatenrqueues should avoid racing against it, otherwise we could end up passing invalid values to...

CVE-2024-50104

Technical details for CVE-2024-50104 are not publicly provided in the supplied documents; monitor for official advisories or patches.

SUSE SLES15 Security Update : kernel (Live Patch 0 for SLE 15 SP6) (SUSE-SU-2024:3880-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3880-1 advisory. This update for the Linux Kernel 6.4.0-15060021 fixes several issues. The following security issues were fixed: - CVE-2024-35905: Fixed int...