CVE-2024-50109

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return valueis set to zero, and if following procedures failed raid10_run() willreturn zero while mddev->private is s...

CVE-2024-50244

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ni_clear() Checking of NTFS_FLAGS_LOG_REPLAYING added to prevent access touninitialized bitmap during replay process.

CVE-2024-53065

In the Linux kernel, the following vulnerability has been resolved: mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create Commit b035f5a6d852 ("mm: slab: reduce the kmalloc() minimum alignmentif DMA bouncing possible") reduced ARCH_KMALLOC_MINALIGN to 8 on arm64.Howeve...

CVE-2024-50159

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() Clang static checker(scan-build) throws below warning：| drivers/firmware/arm_scmi/driver.c:line 2915, column 2| Attempt to free released memory. When devm_add_a...

CVE-2024-50224

In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix crash when not using GPIO chip select Add check for the return value of spi_get_csgpiod() to avoid passing a NULLpointer to gpiod_direction_output(), preventing a crash when GPIO chipselect is not used. Fix b...

CVE-2024-50249

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmw_lock a raw_spin_lock The following BUG was triggered: =============================[ BUG: Invalid wait context ]6.12.0-rc2-XXX #406 Not tainted kworker/1:1/62 is trying to lock:ffffff8801593030 (&cpc_ptr->rm...

CVE-2024-53119

In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possiblethat virtio_transport_recv_listen() will be called after the accept_queuehas been flushed, but before the SOCK_DONE ...

CVE-2024-50160

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, thenNULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function whic...

CVE-2024-50185

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle consistently DSS corruption Bugged peer implementation can send corrupted DSS options, consistentlyhitting a few warning in the data path. Use DEBUG_NET assertions, toavoid the splat on some builds and handle consiste...

CVE-2024-50252

In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation inlinear memory that is managed by the driver. Changing the remote address of an ip6gre net de...

CVE-2024-50108

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API videois leading to black screens for around 1 second and kernel WARNING [1] traceswhen calling dmub_psr_en...

CVE-2024-50164

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overloading of MEM_UNINIT's meaning Lonial reported an issue in the BPF verifier where check_mem_size_reg()has the following code: if (!tnum_is_const(reg->var_off)) /* For unprivileged variable accesses, disable raw * m...

CVE-2024-50193

In the Linux kernel, the following vulnerability has been resolved: x86/entry_32: Clear CPU buffers after register restore in NMI return CPU buffers are currently cleared after call to exc_nmi, but beforeregister state is restored. This may be okay for MDS mitigation but not forRDFS. Because RDFS m...

CVE-2024-50257

In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in get_info() ip6table_nat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80Modules linked in: ip6table_nat(-)CPU: 1 UID...

CVE-2024-50303

In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passingthe information to the callback. This causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED...

CVE-2024-50187

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Stop the active perfmon before being destroyed Upon closing the file descriptor, the active performance monitor is notstopped. Although all perfmons are destroyed in vc4_perfmon_close_file(),the active performance monitor'...

CVE-2024-50255

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event.However, it also returns NULL wher...

CVE-2024-53114

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualizedVMLOAD/VMSAVE, but using these instructions is reported to be a causeof a random host reboot. These in...

CVE-2024-50088

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct whenit is declared. If any of the following calls to "read_one_inode()returns NULL, dir = read_one_inode(ro...

CVE-2024-50103

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() couldpossibly return NULL pointer. NULL Pointer Dereference may betriggerred without addtional check....

CVE-2024-50198

In the Linux kernel, the following vulnerability has been resolved: iio: light: veml6030: fix IIO device retrieval from embedded device The dev pointer that is received as an argument in thein_illuminance_period_available_show function references the deviceembedded in the IIO device, not in the i2c...

CVE-2024-50209

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Add a check for memory allocation __alloc_pbl() can return error when memory allocation fails.Driver is not checking the status on one of the instances.

CVE-2024-50221

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Vangogh: Fix kernel memory out of bounds write KASAN reports that the GPU metrics table allocated invangogh_tables_init() is not large enough for the memset done insmu_cmn_init_soft_gpu_metrics(). Condensed report follo...

CVE-2024-50225

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix error propagation of split bios The purpose of btrfs_bbio_propagate_error() shall be propagating an errorof split bio to its original btrfs_bio, and tell the error to the upperlayer. However, it's not working well on som...

CVE-2024-50242

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ntfs_file_release

CVE-2024-53043

In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present,in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case apacket is transmi...

CVE-2024-53068

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(),which causes slab-use-after-free when accessing scmi_dev->name inscmi_bus_notifier(). So...

CVE-2024-50031

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop the active perfmon before being destroyed When running kmscube with one or more performance monitors enabledvia GALLIUM_HUD, the following kernel panic can occur: [ 55.008324] Unable to handle kernel paging request at...

CVE-2024-50076

In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in con_font_get() font.data may not initialize all memory spaces depending on the implementationof vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, itis safest to modify it to...

CVE-2024-50158

In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix out of bound check Driver exports pacing stats only on GenP5 and P7 adapters. But whileparsing the pacing stats, driver has a check for "rdev->dbr_pacing". Thiscaused a trace when KASAN is enabled. BUG: KASAN: ...

CVE-2024-50223

In the Linux kernel, the following vulnerability has been resolved: sched/numa: Fix the potential null pointer dereference in task_numa_work() When running stress-ng-vm-segv test, we found a null pointer dereferenceerror in task_numa_work(). Here is the backtrace: [323676.066985] Unable to handle k...

CVE-2024-50240

In the Linux kernel, the following vulnerability has been resolved: phy: qcom: qmp-usb: fix NULL-deref on runtime suspend Commit 413db06c05e7 ("phy: qcom-qmp-usb: clean up probe initialisation")removed most users of the platform device driver data, but mistakenlyalso removed the initialisation desp...

CVE-2024-53046

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8ulp: correct the flexspi compatible string The flexspi on imx8ulp only has 16 LUTs, and imx8mm flexspi has32 LUTs, so correct the compatible string here, otherwise willmeet below error: [ 1.119072] ------------[ cut...

CVE-2024-53048

In the Linux kernel, the following vulnerability has been resolved: ice: fix crash on probe for DPLL enabled E810 LOM The E810 Lan On Motherboard (LOM) design is vendor specific. Intelprovides the reference design, but it is up to vendor on the finalproduct design. For some cases, like Linux DPLL s...

CVE-2024-53087

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTLreturns on input errors without dropping the exec queue ref. Fix thisensuring the exec queue ref is dropped on ...

CVE-2024-50003

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why]Connected with a Thunderbolt monitor and do the suspend and the systemmay hang while resume. The TBT monitor HPD will be triggered during the resume procedureand c...

CVE-2024-50146

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdevprofile var is left set to NULL. Avoid a crash when unloading the driverby not calling profile->clea...

CVE-2024-50155

In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbotmight fool nsim_dev_trap_report_work() with hundreds of ports [1] Lets use cond_resched(), and system_unbound_wqi...

CVE-2024-50280

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creationfails, caused by destroying the uninitialized delayed_work waker in theerror path of cache_cr...

CVE-2024-50283

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp().It will avoid freeing session before calling smb3_preauth_hash_rsp().

CVE-2024-50300

In the Linux kernel, the following vulnerability has been resolved: regulator: rtq2208: Fix uninitialized use of regulator_config Fix rtq2208 driver uninitialized use to cause kernel error.

CVE-2024-53089

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hardinterrupt context") and commit 9090825fa9974 ("KVM: arm/arm64: Let thetimer expire in hardirq co...

CVE-2024-53116

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of thebuffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where the ...

CVE-2024-49978

In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) andpass these to skb_segment instead of skb_segment_list, as the firstcan segment them correctly. Valid S...

CVE-2024-50000

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() In mlx5e_tir_builder_alloc() kvzalloc() may return NULLwhich is dereferenced on the next line in a referenceto the modify field. Found by Linux Verification Center (linuxtestin...

CVE-2024-50001

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping forthe skb. This could fail, e.g. under mem...

CVE-2024-50188

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83869: fix memory corruption when enabling fiber When configuring the fiber port, the DP83869 PHY driver incorrectlycalls linkmode_set_bit() with a bit mask (1 <

CVE-2024-50250

In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter isvery very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unsha...

CVE-2024-53137

In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE wasimplemented. User access was not enabled around the cache maintenanceinstructions, causing them to fault.

CVE-2024-49865

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: move xa_alloc to prevent UAF Evil user can guess the next id of the vm before the ioctl completes andthen call vm destroy ioctl to trigger UAF since create ioctl is stillreferencing the same vm. Move the xa_alloc all the...