CVE-2024-53044

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() This command: $ tc qdisc replace dev eth0 ingress_block 1 egress_block 1 clsactError: block dev insert failed: -EBUSY. fails because user space requests the same...

CVE-2024-53047

In the Linux kernel, the following vulnerability has been resolved: mptcp: init: protect sched with rcu_read_lock Enabling CONFIG_PROVE_RCU_LIST with its dependence CONFIG_RCU_EXPERTcreates this splat when an MPTCP socket is created: =============================WARNING: suspicious RCU usage6.12.0-...

CVE-2024-49863

In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling codefrom control queue handler") a null pointer dereference bug can betriggered when guest sends an SCSI AN re...

CVE-2024-50273

In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an existingref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head'sref_add_list using list_...

CVE-2024-49982

In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potentialuse-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put()instead of doing in aoecmd_cfg_pkts...

CVE-2024-53079

In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues:under load revealing long-standing races, causing list_del corruptions,"Bad page state"s and worse (I keep ...

CVE-2024-49952

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could writeper-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted by the splat is not enou...

CVE-2024-49985

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume In case there is any sort of clock controller attached to this I2C buscontroller, for example Versaclock or even an AIC32x4 I2C codec, thenan I2C transfer t...

CVE-2024-50066

In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix move_normal_pmd/retract_page_tables race In mremap(), move_page_tables() looks at the type of the PMD entry and thespecified address range to figure out by which method the next chunk ofpage table entries should be m...

CVE-2024-50102

In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonicalaccesses in kernel space. And so using just the high bit to decidewhether an access is in user sp...

CVE-2024-50116

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system imageand degrades to read-only, the BUG_ON check for the buffer delay flagin submit_bh_wbc() may fa...

CVE-2024-50125

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lockso this checks if the conn->sk is still valid by checking if it part ofsco_sk_list.

CVE-2024-50040

In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal")changed igb_io_error_detected() to ignore non-fatal pcie errors in orderto avoid hung task that can happen when...

CVE-2024-50107

In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve iounmap() address range checks")introduces a WARN when adrress ranges of iounmap are invalid. On ThinkpadP1...

CVE-2024-50147

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bitisn't Initialize during command bitmask Initialization, only duringMANAGE_PAGES. In addition, mlx5_cmd_trigger_comp...

CVE-2024-53090

In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that itis called from AF_RXRPC whilst holding the ->notify_lock, but it tries totake a ref on the afs_call struct in order to pass it to a...

CVE-2024-50041

In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver caused byconcurrent access to vsi->mac_filter_hash. The leak occurs when multiplethreads attempt to m...

CVE-2024-50072

In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software wasexecuting vm86() system call: general protection fault: 0000 [#1] PREEMPT SMPCPU: 4 PID: 4610 Comm: dosemu.b...

CVE-2024-50110

In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30_copy_to_iter+0x598/0x2a30__skb_datagram_iter+0x168/0x1060skb_copy...

CVE-2024-50196

In the Linux kernel, the following vulnerability has been resolved: pinctrl: ocelot: fix system hang on level based interrupts The current implementation only calls chained_irq_enter() andchained_irq_exit() if it detects pending interrupts. for (i = 0; i stride; i++) { uregmap_read(info->map, id...

CVE-2024-50208

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MRresources when num_pages > 256K. There will be a single PDE page address (contiguous pages in th...

CVE-2024-50211

In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can returnerror now. On situations like ftruncate, udf_extend_file() can nowdetect errors and bail out early without resorting t...

CVE-2024-50265

In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12[ 57.320420] ...

CVE-2024-58099

In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's serviceload-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsulation header such asIP...

CVE-2024-50132

In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating thearguments to MAX_TRACE_ARGS. However, we would only initialize argumentsup to the limit. This caused invalid ...

CVE-2024-50203

In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix address emission with tag-based KASAN enabled When BPF_TRAMP_F_CALL_ORIG is enabled, the address of a bpf_tramp_imagestruct on the stack is passed during the size calculation pass andan address on the heap is passed...

CVE-2024-50247

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress intomore than LZNT_CHUNK_SIZE bytes and a index out of boundswill occur in s_max_off.

CVE-2024-50248

In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyondvalid memory region.

CVE-2024-50258

In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflowin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,because sk->sk_gso_max_size would ...

CVE-2024-49997

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memorydisclosure. The mentioned data is observed on the wire. This patch usesskb_put_padto() to pad Ethernet frames...

CVE-2024-49999

In the Linux kernel, the following vulnerability has been resolved: afs: Fix the setting of the server responding flag In afs_wait_for_operation(), we set transcribe the call responded flag tothe server record that we used after doing the fileserver iteration loop -but it's possible to exit the loo...

CVE-2024-50296

In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, akernel crash occurs. The reason is that the two actions call functionpci_disable_sriov(). The num_VFs is chec...

CVE-2024-53064

In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpf_vc_core_init error path In an event where the platform running the device control planeis rebooted, reset is detected on the driver. It releasesall the resources and waits for the reset to complete. Once thereset is ...

CVE-2024-49955

In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, thenthe battery hook is automatically unregistered.However the battery hook provider cannot know th...

CVE-2024-50124

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lockso this checks if the conn->sk is still valid by checking if it part ofiso_sk_list.

CVE-2024-50166

In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In mac_probe() there are multiple calls to of_find_device_by_node(),fman_bind() and fman_port_bind() which takes references to of_dev->dev.Not all references taken by these...

CVE-2024-50246

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check

CVE-2024-50267

In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb)is a use after free of the "urb" pointer. Store the "dev" pointer at thestart of the function...

CVE-2024-53075

In the Linux kernel, the following vulnerability has been resolved: riscv: Prevent a bad reference count on CPU nodes When populating cache leaves we previously fetched the CPU device nodeat the very beginning. But when ACPI is enabled we go through aspecific branch which returns early and does not...

CVE-2024-53112

In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509!...Call Trace:? __die_body+0x5f/0xb0? die+0x9e/0xc0? do_trap+0x15a/0x3a0? ocfs2_set_new_buffer_up...

CVE-2024-50083

In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.------------[ cut here ]------------WARNIN...

CVE-2024-50156

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed thenblock->state can be NULL. The msm_disp_state_print_regs() functiondoes have code to try to handle it with:...

CVE-2024-50259

In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer.We should not forget the trailing zero after copy_from_user()if we will further do some string operati...

CVE-2024-50269

In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY onexit") will cause that usb phy @glue->xceiv is accessed after released. register platform driver @sunxi_mus...

CVE-2024-50271

In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top ofucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class ofsignals. However now it's enforced uncondition...

CVE-2024-50079

In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work When the sqpoll is exiting and cancels pending work items, it may needto run task_work. If this happens from within io_uring_cancel_generic(),then it may be ...

CVE-2024-50226

In the Linux kernel, the following vulnerability has been resolved: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown In support of investigating an initialization failure report [1],cxl_test was updated to register mock memory-devices after the mockroot-port/bus device had been re...

CVE-2024-50275

In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE stateincorrectly, and a race with preemption can result in a task havingTIF_SVE set and TIF_FOREIGN_FPSTATE cl...

CVE-2024-53108

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in theAMD EDID was added. However, this check causes the followingout-of-bounds issues when using KASAN: [ 27.804...

CVE-2024-50096

In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The nouveau_dmem_copy_one function ensures that the copy push command issent to the device firmware but does not track whether it was executedsuccessfully. In the ca...