Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-38550	ASoC: kirkwood: Fix potential NULL dereference Description: In the Linux kernel, the following vulnerability has been resolved: ASoC: kirkwood: Fix potential NULL dereference In kirkwood_dma_hw_params() mv_mbus_dram_info() returns NULL if CONFIG_PLAT_ORION macro is not defined. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38549	drm/mediatek: Add 0 size check to mtk_drm_gem_obj Description: In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add 0 size check to mtk_drm_gem_obj Add a check to mtk_drm_gem_init if we attempt to allocate a GEM object of 0 bytes. Currently, no such check exists and the kernel will panic if a userspace application attempts to allocate a 0x0 GBM buffer. Tested by attempting to allocate a 0x0 GBM buffer on an MT8188 and verifying that we now return EINVAL. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38548	drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference Description: In the Linux kernel, the following vulnerability has been resolved: drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference In cdns_mhdp_atomic_enable(), the return value of drm_mode_duplicate() is assigned to mhdp_state->current_mode, and there is a dereference of it in drm_mode_set_name(), which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Fix this bug add a check of mhdp_state->current_mode. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38547	media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries Description: In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binary after the following call chain: sh_css_pipe_load_binaries() \|-> load_video_binaries(mycs->yuv_scaler_binary == NULL) \| \|-> sh_css_pipe_unload_binaries() \|-> unload_video_binaries() In unload_video_binaries(), it calls to ia_css_binary_unload with argument &pipe->pipe_settings.video.yuv_scaler_binary[i], which refers to the same memory slot as mycs->yuv_scaler_binary. Thus, a null-pointer dereference is triggered. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38546	drm: vc4: Fix possible null pointer dereference Description: In the Linux kernel, the following vulnerability has been resolved: drm: vc4: Fix possible null pointer dereference In vc4_hdmi_audio_init() of_get_address() may return NULL which is later dereferenced. Fix this bug by adding NULL check. Found by Linux Verification Center (linuxtesting.org) with SVACE. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38545	RDMA/hns: Fix UAF for cq async event Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_lock() to protect the CQ refcount. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38544	RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt In rxe_comp_queue_pkt() an incoming response packet skb is enqueued to the resp_pkts queue and then a decision is made whether to run the completer task inline or schedule it. Finally the skb is dereferenced to bump a 'hw' performance counter. This is wrong because if the completer task is already running in a separate thread it may have already processed the skb and freed it which can cause a seg fault. This has been observed infrequently in testing at high scale. This patch fixes this by changing the order of enqueuing the packet until after the counter is accessed. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38543	lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure Description: In the Linux kernel, the following vulnerability has been resolved: lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure The kcalloc() in dmirror_device_evict_chunk() will return null if the physical memory has run out. As a result, if src_pfns or dst_pfns is dereferenced, the null pointer dereference bug will happen. Moreover, the device is going away. If the kcalloc() fails, the pages mapping a chunk could not be evicted. So add a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, Switch kcalloc() to kvcalloc() in order to avoid failing allocations. EPSS Score: 0.04% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38542	RDMA/mana_ib: boundary check before installing cq callbacks Description: In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow. EPSS Score: 0.05% Source: CVE December 20th, 2024 (4 months ago)
CVE-2024-38541	of: module: add buffer overflow check in of_modalias() Description: In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not NULL initially) will point beyond the buffer's end. Add the buffer overflow check after the 1st snprintf() call and fix such check after the strlen() call (accounting for the terminating NUL char). EPSS Score: 0.05% Source: CVE December 20th, 2024 (4 months ago)