CVE-2024-26917

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" This reverts commit 1a1975551943f681772720f639ff42fbaa746212. This commit causes interrupts to be lost for FCoE devices, since it changedsping locks from "bh" ...

CVE-2024-26800

In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decryptreturns -EBUSY, tls_do_decryption will wait until all asyncdecryptions have completed. If one of them fails, t...

CVE-2023-52642

In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAP_NET_ADMIN.

CVE-2024-26747

In the Linux kernel, the following vulnerability has been resolved: usb: roles: fix NULL pointer issue when put module's reference In current design, usb role class driver will get usb_role_switch parent'smodule reference after the user get usb_role_switch device and put thereference after the user...

CVE-2024-26822

In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamicallyset them into the filesystem context used for automounting otherwisethey'll end up reusing the val...

CVE-2024-26856

In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5_del_mact_entry Based on the static analyzis of the code it looks like when an entryfrom the MAC table was removed, the entry was still used after beingfreed. More precise the vid of the...

CVE-2024-26858

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map Just simply reordering the functions mlx5e_ptp_metadata_map_put andmlx5e_ptpsq_track_metadata in the mlx5e_txwqe_co...

CVE-2023-52631

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The"size" comes from le32_to_cpu(attr->res.data_size) so it can't overflowon a 64bit systems but on 32bit systems the "+ 102...

CVE-2024-26727

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG]There is a syzbot crash, triggered by the ASSERT() during subvolumecreation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319------------[ cut here ...

CVE-2024-26790

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC(Net...

CVE-2024-26829

In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: fix a memleak in irtoy_tx When irtoy_command fails, buf should be freed since it is allocated byirtoy_tx, or there is a memleak.

CVE-2023-52641

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() It is preferable to exit through the out: label becauseinternal debugging functions are located there.

CVE-2024-26684

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features inXGMAC core") checks and reports safety errors, but leaves theData Path Parity Errors for each chan...

CVE-2024-26681

In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex,it should rearm itself at least one jiffie later. [1]Sending N...

CVE-2024-26714

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0 BCM keepalive The CO0 BCM needs to be up at all times, otherwise some hardware (likethe UFS controller) loses its connection to the rest of the SoC,resulting in a hang of the platform, accompan...

CVE-2024-26749

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() ...cdns3_gadget_ep_free_request(&priv_ep->endpoint, &priv_req->request);list_del_init(&priv_req->list);... 'priv_req' actually free at cdns3_gadget_ep_fr...

CVE-2024-26771

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure. Ensure the allocation was successfulby checking the pointer valid...

CVE-2024-26788

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so thatinterrupts that may have been pending from a primary kernel don't getprocessed by the irq handler before it i...

CVE-2024-26748

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: fix memory double free when handle zero packet 829 if (request->complete) {830 spin_unlock(&priv_dev->lock);831 usb_gadget_giveback_request(&priv_ep->endpoint,832 request);833 spin_lock(&priv_dev->lock);834 ...

CVE-2024-26824

In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - Remove bogus SGL free on zero-length error path When a zero-length message is hashed by algif_hash, and an erroris triggered, it tries to free an SG list that was never allocatedin the first place. Fix this by ...

CVE-2024-26844

In the Linux kernel, the following vulnerability has been resolved: block: Fix WARNING in _copy_from_iter Syzkaller reports a warning in _copy_from_iter because aniov_iter is supposedly used in the wrong direction. The reasonis that syzcaller managed to generate a request witha transfer direction o...

CVE-2024-26798

In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcon_do_set_font() Commit a5a923038d70 (fbdev: fbcon: Properly revert changes whenvc_resize() failed) started restoring old font data upon failure (ofvc_resize()). But it performs so only...

CVE-2024-26807

In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume()implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously cannot be correct, u...

CVE-2023-52640

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfs_listxattr The length of name cannot exceed the space occupied by ea.

CVE-2024-26699

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr [Why]There is a potential memory access violation whileiterating through array of dcn35 clks. [How]Limit iteration per array size.

CVE-2024-26787

In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST,overlapping mappings aren't supportedWARNIN...

CVE-2024-26770

In the Linux kernel, the following vulnerability has been resolved: HID: nvidia-shield: Add missing null pointer checks to LED initialization devm_kasprintf() returns a pointer to dynamically allocated memorywhich can be NULL upon failure. Ensure the allocation was successfulby checking the pointer...

CVE-2024-26833

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it isnot freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024):comm "(udev-worker)", pid 222, jiffies...

CVE-2024-26836

In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run beforethe attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to c...

CVE-2024-26711

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad4130: zero-initialize clock init data The clk_init_data struct does not have all its membersinitialized, causing issues when trying to expose the internalclock on the CLK pin. Fix this by zero-initializing the clk_init_...

CVE-2024-26745

In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics dueto NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? ...

CVE-2024-26797

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Prevent potential buffer overflow in map_hw_resources Adds a check in the map_hw_resources function to prevent a potentialbuffer overflow. The function was accessing arrays using an index thatcould potentially be g...

CVE-2023-52608

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Check mailbox/SMT channel for consistency On reception of a completion interrupt the shared memory area is accessedto retrieve the message header at first and then, if the message sequencenumber identifies a tra...

CVE-2024-26760

In the Linux kernel, the following vulnerability has been resolved: scsi: target: pscsi: Fix bio_put() for error case As of commit 066ff571011d ("block: turn bio_kmalloc into a simple kmallocwrapper"), a bio allocated by bio_kmalloc() must be freed by bio_uninit()and kfree(). That is not done prope...

CVE-2024-26630

In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to computeits page offset, and check for its dirty and writeback flags. However, wedo not hold a reference to the...

CVE-2024-26705

In the Linux kernel, the following vulnerability has been resolved: parisc: BTLB: Fix crash when setting up BTLB at CPU bringup When using hotplug and bringing up a 32-bit CPU, ask the firmware about theBTLB information to set up the static (block) TLB entries. For that write access to the static b...

CVE-2024-26742

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix disable_managed_interrupts Correct blk-mq registration issue with module parameterdisable_managed_interrupts enabled. When we turn off the default PCI_IRQ_AFFINITY flag, the driver needs toregister with blk-mq u...

CVE-2024-26756

In the Linux kernel, the following vulnerability has been resolved: md: Don't register sync_thread for reshape directly Currently, if reshape is interrupted, then reassemble the array willregister sync_thread directly from pers->run(), in this case'MD_RECOVERY_RUNNING' is set directly, however, ...

CVE-2024-35833

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor inthe error handling path of fsl_qdma_probe(). Switch to the managed version to fix bot...

CVE-2024-26715

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend In current scenario if Plug-out and Plug-In performed continuouslythere could be a chance while checking for dwc->gadget_driver indwc3_gadget_suspend, a NULL...

CVE-2024-26854

In the Linux kernel, the following vulnerability has been resolved: ice: fix uninitialized dplls mutex usage The pf->dplls.lock mutex is initialized too late, after its first use.Move it to the top of ice_dpll_init.Note that the "err_exit" error path destroys the mutex. And the mutex isthe last ...

CVE-2024-26667

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writebackin case of YUV output") introduced a smatch warning about anotherconditional block in dpu_...

CVE-2024-26721

In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address Commit bd077259d0a9 ("drm/i915/vdsc: Add function to read any PPSregister") defines a new macro to calculate the DSC PPS registeraddresses with PPS number as a...

CVE-2024-26768

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] With default config, the value of NR_CPUS is 64. When HW platform hasmore then 64 cpus, system will crash on these platforms. MAX_CORE_PICis the maximum cpu nu...

CVE-2024-26677

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial numberas they can't be used as an RTT reference.

CVE-2024-26784

In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal On unloading of the scmi_perf_domain module got the below splat, when inthe DT provided to the system under test the '#power-domain-cells' propertywas missing. Indeed,...

CVE-2024-26806

In the Linux kernel, the following vulnerability has been resolved: spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks The ->runtime_suspend() and ->runtime_resume() callbacks are notexpected to call spi_controller_suspend() and spi_controller_resume().Remove cal...

CVE-2024-26637

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing aath11k to crash when it tried to delete the entries later. Fix this byrelying on mac80211 to delete the e...

CVE-2024-26666

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix RCU use in TDLS fast-xmit This looks up the link under RCU protection, but isn'tguaranteed to actually have protection. Fix that.

CVE-2024-26723

In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix crash when adding interface under a lag There is a crash when adding one of the lan966x interfaces under a laginterface. The issue can be reproduced like this:ip link add name bond0 type bond miimon 100 mode balance-xo...