3 matches found
CVE-2024-53097
CVE-2024-53097 affects the Linux kernel mm/krealloc path. Connected sources confirm a patch for mm: krealloc: Fix MTE false alarm in __do_krealloc, addressing a false KASAN/MTE slab-out-of-bounds error triggered when zeroing spare memory in __do_krealloc. Root cause: memory tagging mismatch due t...
CVE-2024-53042
CVE-2024-53042 affects the Linux kernel’s ipv4/ip_tunnel code. The issue arises from paths where ip_tunnel_init_flow() is invoked without holding the RCU read lock, triggering a suspicious RCU usage warning. The fix uses l3mdev_master_upper_ifindex_by_index() to acquire the RCU read lock before c...
CVE-2024-49854
CVE-2024-49854 affects the Linux kernel’s block/bfq path. The root cause was a use-after-free (UAF): after bfq_split_bfqq(), if the current process is the last holder of bfqq, the bfqq can be freed and then bfqq->waker_bfqq could be accessed, with the waker potentially in the merge chain. The ...