5.5
CVE-2024-49941 - gpiolib: Fix potential NULL pointer dereference in gpiod_get_label()
In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may return a NULL pointer, leading to a scenario where `label->str` is accessed without vβ¦
5.5
CVE-2024-49916 - drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn401_init_hw This commit addresses a potential null pointer dereference issue in the `dcn401_init_hw` function. The issue could occur when `dc->clk_mgr` or `dc->β¦
7.8
CVE-2024-47751 - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()
In the Linux kernel, the following vulnerability has been resolved: PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() Within kirin_pcie_parse_port(), the pcie->num_slots is compared to pcie->gpio_id_reset size (MAX_PCI_SLOTS) which is correct and would lead to an overflow. Thus, fix conβ¦
7.1
CVE-2022-48967 - NFC: nci: Bounds check struct nfc_target arrays
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (siβ¦
5.5
CVE-2024-49977 - net: stmmac: Fix zero-division error when disabling tc cbs
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix zero-division error when disabling tc cbs The commit b8c43360f6e4 ("net: stmmac: No need to calculate speed divider when offload is disabled") allows the "port_transmit_rate_kbps" to be set to a value of 0, whichβ¦
4.6
CVE-2024-49934 - fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name
In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: ------------[ cut herβ¦
5.5
CVE-2024-49912 - drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream'
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' This commit adds a null check for 'stream_status' in the function 'planes_changed_for_existing_stream'. Previously, the code assumed 'stream_staβ¦
7.8
CVE-2024-49895 - drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_degamma_hw_format` function in the DCN30 coloβ¦
4.7
CVE-2024-49864 - rxrpc: Fix a race between socket set up and I/O thread creation
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phasβ¦
7.8
CVE-2024-49950 - Bluetooth: L2CAP: Fix uaf in l2cap_connect
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by task kworker/u9:0/β¦