7.8
CVE-2024-56642 - tipc: Fix use-after-free of kernel socket in cleanup_bearer().
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), cleanup of the UDPβ¦
5.5
CVE-2024-56620 - scsi: ufs: qcom: Only free platform MSIs when ESI is enabled
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutβ¦
5.5
CVE-2024-56532 - ALSA: us122l: Use snd_card_free_when_closed() at disconnection
In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the clβ¦
7.8
CVE-2024-53203 - usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be anβ¦
7.8
CVE-2024-53185 - smb: client: fix NULL ptr deref in crypto_aead_setkey()
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as theβ¦
5.5
CVE-2024-53211 - net/l2tp: fix warning in l2tp_exit_net found by syzbot
In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tp_exit_net found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARN_ON_ONCE(!idr_is_empty(&pn->l2tp_tunnel_idr)); idr_destroy(&pn->l2tp_tunnel_idr); By fβ¦
7.8
CVE-2024-53193 - clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider
In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Some heap space is allocated for the flexible structure `struct clk_hw_onecell_data` and its flexible-array member `hws` through the composite structuβ¦
7.8
CVE-2024-53182 - Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()"
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with sync_bfqq, and bfq_release_process_ref cannot be put into bfβ¦
5.5
CVE-2024-53200 - drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a checβ¦
5.5
CVE-2024-56667 - drm/i915: Fix NULL pointer dereference in capture_engine
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in capture_engine When the intel_context structure contains NULL, it raises a NULL pointer dereference error in drm_info(). (cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bbaβ¦