CVE-2024-50069

In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returnedvalue is not checked. Fix this lack and check the returned value. Found by code review.

CVE-2024-50101

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly calledpci_for_each_dma_alias() to set up context entries for non-PCI devices.This could lead to kern...

CVE-2024-50022

In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in dax_set_mapping() pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise,vmf->address not aligned to fault_size will be aligned to the nextalignment, that can result in memory...

CVE-2024-50029

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync This checks if the ACL connection remains valid as it could be destroyedwhile hci_enhanced_setup_sync is pending on cmd_sync leading to thefollowing trace: BUG: KASAN: slab-us...

CVE-2024-50153

In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod]...kasan_report+0xb9/0xf0target_alloc...

CVE-2024-50171

In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcm_sysport_xmit() The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skbin case of dma_map_single() fails, add dev_kfree_skb() to fix it.

CVE-2024-50182

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). Thisis the case for example on some arm64 configurations, where marking 4kPTEs in the direct map n...

CVE-2024-53072

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in the following messages in the kernel ring buffer: amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on...

CVE-2024-53100

In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket duringerror recovery") added a mutex_lock() call for the queue->queue_lockin nvme_tcp_get_address(). However,...

CVE-2024-50068

In the Linux kernel, the following vulnerability has been resolved: mm/damon/tests/sysfs-kunit.h: fix memory leak in damon_sysfs_test_add_targets() The sysfs_target->regions allocated in damon_sysfs_regions_alloc() is notfreed in damon_sysfs_test_add_targets(), which cause the following memoryle...

CVE-2024-50115

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn'tenforce 32-byte alignment of ...

CVE-2024-53101

In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid ina trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields ...

CVE-2024-53117

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks.

CVE-2024-49870

In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix dentry leak in cachefiles_open_file() A dentry leak may be caused when a lookup cookie and a cull are concurrent: P1 | P2 cachefiles_lookup_cookiecachefiles_look_up_objectlookup_one_positive_unlocked// get dentrycac...

CVE-2024-49944

In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set thesk_state back to CLOSED if sctp_autobind() fails due to whatever reason. Otherwise, nex...

CVE-2024-50028

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Reference count the zone in thermal_zone_get_by_id() There are places in the thermal netlink code where nothing preventsthe thermal zone object from going away while being accessed after ithas been returned by therma...

CVE-2024-53094

In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warningfrom skb_splice_from_iter() indicating that a slab page is being used insend_page. To address this...

CVE-2024-50077

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if eitherCONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init()returns early and does not set iso_i...

CVE-2024-50128

In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a bigger maxtype which leads toa global out-of-bounds read when parsing the netlink attributes. Exactlysame bug cause as the oob fixed in commit b...

CVE-2024-50189

In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() Using the device-managed version allows to simplify clean-up in probe()error path. Additionally, this device-managed ensures proper cleanup, which helps toresolve memory ...

CVE-2024-53061

In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens,there will be buffer overflows, as reported by smatch. Add extrachecks to prevent it. While here, remove an unused word = 0 ...

CVE-2024-53082

In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out ofbound errors when setting/reading the hash key.

CVE-2024-49946

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input() Networking receive path is usually handled from BH handler.However, some protocols need to acquire the socket lock, andpackets might be stored in the socket backlog is the...

CVE-2024-50086

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup.It will cause user-after-free from session log off.This add session_lock when setting SMB2_SESSION_EXPIRED and ...

CVE-2024-50120

In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password andctx->password2 with kstrdup(), we need to check for allocationfailures. If ses->password allocation fails, return...

CVE-2024-50215

In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dh_key to NULL after kfree_sensitive ctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()for the same controller. So it's better to nullify it after release onerror path in order to avoid ...

CVE-2024-50235

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear wdev->cqm_config pointer on free When we free wdev->cqm_config when unregistering, we alsoneed to clear out the pointer since the same wdev/netdevmay get re-registered in another network namespace, thend...

CVE-2024-53042

In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holdingthe RCU read lock, resulting in a suspicious RCU usage warning [1]. Fix by using l3mde...

CVE-2024-53085

In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racyaccording, as this leaves window for tpm_hwrng_read() to be called whilethe operation is in progress. The recent...

CVE-2024-50152

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning：fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory.1304 | kfree(ea);| ^~~~~~~~~ There is a double free in such case:'ea is...

CVE-2024-50272

In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to thefilesystem upper limit, and an iterator with a count that causes us tooverflow that limit, then filemap_read() enter...

CVE-2024-50075

In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between allVirtual Functions. The USB2 port number owned by an USB2 root hub ina Virtual Function may be less than total USB2 phy num...

CVE-2024-50078

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on moduleunload. Without that, the struct proto that iso_init() registered withproto_register() becomes invalid, which could cause...

CVE-2024-50131

In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the stringlength equals to the maximum buffer length, the buffer will have nospace for the NULL term...

CVE-2024-50169

In the Linux kernel, the following vulnerability has been resolved: vsock: Update rx_bytes on read_skb() Make sure virtio_transport_inc_rx_pkt() and virtio_transport_dec_rx_pkt()calls are balanced (i.e. virtio_vsock_sock::rx_bytes doesn't lie) aftervsock_transport::read_skb(). While here, also info...

CVE-2024-50197

In the Linux kernel, the following vulnerability has been resolved: pinctrl: intel: platform: fix error path in device_for_each_child_node() The device_for_each_child_node() loop requires calls tofwnode_handle_put() upon early returns to decrement the refcount ofthe child node and avoid leaking mem...

CVE-2024-50233

In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() In the ad9832_write_frequency() function, clk_get_rate() might return 0.This can lead to a division by zero when calling ad9832_calc_freqreg().The check...

CVE-2024-53058

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocolpayload to be transmitted on a certain platform that the DMA AXI addresswidth is configur...

CVE-2024-49886

In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds".kasan report:[ 19.411889] ==================================================================[ 19...

CVE-2024-50126

In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCUread-side critical section there. Never seen on x86 butfound on a KASAN-enabled arm64 system when investiga...

CVE-2024-50168

In the Linux kernel, the following vulnerability has been resolved: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skbin case of skb->len being too long, add dev_kfree_skb() to fix it.

CVE-2024-50230

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detectsfilesystem corruption and degrades to read-only,__block_write_begin_int(), which is called to prepare b...

CVE-2024-53084

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close,outstanding VM mappings may result in resources being leaked, dueto an object reference loop, as shown below, with each o...

CVE-2024-50023

In the Linux kernel, the following vulnerability has been resolved: net: phy: Remove LED entry from LEDs list on unregister Commit c938ab4da0eb ("net: phy: Manual remove LEDs to ensure correctordering") correctly fixed a problem with using devm_ but missedremoving the LED entry from the LEDs list. ...

CVE-2024-50229

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential deadlock with newly created symlinks Syzbot reported that page_symlink(), called by nilfs_symlink(), triggersmemory reclamation involving the filesystem layer, which can result incircular lock dependencies amo...

CVE-2024-50287

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line()blindly rescales the buffer even when scaled_witdh is equal tozero. If this ever happens, this will cause a divisi...

CVE-2024-50167

In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skbin case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.

CVE-2024-49951

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued oncmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entry_valid_or_report+0x98/...

CVE-2024-50027

In the Linux kernel, the following vulnerability has been resolved: thermal: core: Free tzp copy along with the thermal zone The object pointed to by tz->tzp may still be accessed after beingfreed in thermal_zone_device_unregister(), so move the freeing of itto the point after the removal comple...

CVE-2024-50245

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in mi_read Mutex lock with another subclass used in ni_lock_dir().