5.5
CVE-2024-56686 - kernel: ext4: fix race in buffer_head read fault injection
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2024-56676 - thermal: testing: Initialize some variables annoteded with _free()
In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with _free() Variables annotated with __free() need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pβ¦
5.5
CVE-2024-56681 - crypto: bcm - add error check in the ahash_hmac_init function
In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when β¦
5.5
CVE-2024-56685 - ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Following commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()"), COMP_DUMMY() became an array with zero length, and only gets pβ¦
5.5
CVE-2024-56707 - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Add error pointer checks after calling otx2_mbox_get_rsp().
5.5
CVE-2024-56682 - irqchip/riscv-aplic: Prevent crash when MSI domain is missing
In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSI domain will be missing, which causes a NULL pointer dereference in msi_create_device_irq_domain()β¦
5.5
CVE-2024-56701 - powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc/powerpc/vcpudispatβ¦
7.8
CVE-2024-56699 - s390/pci: Fix potential double remove of hotplug slot
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_release_device() with theβ¦
9.3
CVE-2024-56732 - HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function.
5.3
CVE-2024-12991 - Beijing Longda Jushang Technology DBShopεεη³»η» home-order cross site scripting
A vulnerability was found in Beijing Longda Jushang Technology DBShopεεη³»η» 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert(5888)%3E leads β¦