CVE-2024-56656 bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X P7 chip's HW GRO/LRO interface is very similar to that of the previous generation 5750X or P5. However, the aggregation ID fields in the completion structur...

CVE-2024-56644 net/ipv6: release expired exception dst cached in socket

In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6negativeadvice when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must ...

CVE-2024-56627 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbdvfsstreamread An offset from client could be a negative value, It could lead to an out-of-bounds read from the streambuf. Note that this issue is coming when setting 'vfs objects = streamsxat...

CVE-2024-56619

CVE-2024-56619 — Linux kernel nilfs2 . A potential out-of-bounds memory access in nilfs_find_entry() when an inode’s i_size is large/corrupted. Root cause: i_size upper 32 bits were lost due to a local variable type, causing underflow in end-address calculation. Fix: replace the offending local v...

CVE-2024-56614 xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

CVE-2024-56609 wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211purgetxqueue to purge TX skb When removing kernel modules by: rmmod rtw888723cs rtw888703b rtw888723x rtw88sdio rtw88core Driver uses skbqueuepurge to purge TX skb, but not report tx status causing "Have...

CVE-2024-56597 jfs: fix shift-out-of-bounds in dbSplit

In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmtbudmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself...

CVE-2024-56595 jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out...

CVE-2024-56585

CVE-2024-56585 : In PREEMPT_RT Linux kernels on LoongArch, a sleeping-in-atomic-context issue arises due to a GFP flag change (GFP_KERNEL to GFP_ATOMIC) for alloc_pages_node() in setup_tlb_handler(). The underlying problem is that PREEMPT_RT replaces normal spinlocks with rt-spinlocks, and rt_spi...

CVE-2024-56581 btrfs: ref-verify: fix use-after-free after invalid ref action

In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfsreftreemod after we successfully inserted the new ref entry local variable 'ref' into the respective block entry's rbtree local variable 'be', if we find an...

CVE-2024-56553 binder: fix memleak of proc->delivered_freeze

In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc-deliveredfreeze If a freeze notification is cleared with BCCLEARFREEZENOTIFICATION before calling binderfreezenotificationdone, then it is detached from its reference e.g. ref-freeze but the work remai...

CVE-2024-53180

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime-dmaarea properly. Add a proper NULL check before passing to virttopage for avoiding a panic...

CVE-2024-56545 HID: hyperv: streamline driver probe to avoid devres issues

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hidhyperv' module results in a devres complaint: ... hvvmbus: unregistering driver hidhyperv ------------ cut here ------------ WARNING: CPU...

CVE-2024-53222

Concretely, CVE-2024-53222 affects Linux zram: the zram_add() path can dereference NULL for zram->comp_algs[ZRAM_PRIMARY_COMP] if comp_algorithm_set() hasn’t run yet. The fix moves the necessary setup earlier (ahead of device_add_disk()) so the zram device is ready before users can access it v...

CVE-2024-53216 nfsd: release svc_expkey/svc_export with rcu_work

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcuwork The last reference for cachehead can be reduced to zero in cshow and eshowusing rcureadlock and rcureadunlock. Consequently, svcexportput and expkeyput will be invoked, leading to tw...

CVE-2024-53216 nfsd: release svc_expkey/svc_export with rcu_work

In the Linux kernel, the following vulnerability has been resolved: nfsd: release svcexpkey/svcexport with rcuwork The last reference for cachehead can be reduced to zero in cshow and eshowusing rcureadlock and rcureadunlock. Consequently, svcexportput and expkeyput will be invoked, leading to tw...

CVE-2024-53211

CVE-2024-53211 : In the Linux kernel, the l2tp_exit_net path could observe a non-empty IDR due to a radix-tree internal-node condition when idr_is_empty() was used. The bug allowed idr_is_empty() to return false despite no items, triggering a warning and potentially unsafe destruction sequence. T...

CVE-2024-53186 ksmbd: fix use-after-free in SMB request handling

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling in ksmbdconnhandlerloop and the freeing of ksmbdconn in the workqueue handler handleksmbdwork. This leads to a UAF. - KASAN:...

CVE-2024-53180

Technical details and affected products/versions for CVE-2024-53180 are not present in the connected documents. The initial description summarizes a Linux kernel change but lacks explicit exploit, affected driver/version, or patch details. Monitor vendor advisories for updates.

CVE-2024-53168 sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcpwritetimerhandler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not...