{"vulnerability": "cve-2024-5654", "sightings": [{"uuid": "1b31d332-99b7-4172-bb1f-ddfa1640351e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56549", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6nljrqw22", "content": "", "creation_timestamp": "2024-12-27T14:19:38.140554Z"}, {"uuid": "aeb80ada-e14a-4b72-8278-f190c48df528", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56542", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6n2dygs2c", "content": "", "creation_timestamp": "2024-12-27T14:19:20.076931Z"}, {"uuid": "60dd46ea-3c85-4210-9317-a4c28f2eb8fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56547", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6ngp3i22i", "content": "", "creation_timestamp": "2024-12-27T14:19:32.982218Z"}, {"uuid": "4e05f32a-39a6-4f79-90c4-d6734f170699", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56545", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6ncfe4425", "content": "", "creation_timestamp": "2024-12-27T14:19:28.676394Z"}, {"uuid": "b8e4320d-aae4-4abf-9606-0dc415fa9d1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56540", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6mvub3g2a", "content": "", "creation_timestamp": "2024-12-27T14:19:15.350261Z"}, {"uuid": "a7261716-bfcb-47d4-b565-89f0e49f633d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56543", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6n5aclm25", "content": "", "creation_timestamp": "2024-12-27T14:19:23.088741Z"}, {"uuid": "acb5e2f1-950d-4da9-83d4-65259e3d8d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56546", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6nemkwt2e", "content": "", "creation_timestamp": "2024-12-27T14:19:30.861080Z"}, {"uuid": "72b0097e-2633-4a9d-82f6-f0187eb0bc64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56541", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6my4fzn2m", "content": "", "creation_timestamp": "2024-12-27T14:19:17.778408Z"}, {"uuid": "2bf417a6-84a3-4c71-9abb-596f41f587ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56544", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6n7oviu25", "content": "", "creation_timestamp": "2024-12-27T14:19:25.665692Z"}, {"uuid": "9cb003d0-116e-47cc-814c-6aa2f9fa3e91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56548", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lec6nirygt2l", "content": "", "creation_timestamp": "2024-12-27T14:19:35.224097Z"}, {"uuid": "31e99d8c-04c6-46b4-9674-3bb3e7ba0a6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56543", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/113725680027282928", "content": "", "creation_timestamp": "2024-12-27T16:16:03.202549Z"}, {"uuid": "cf25a790-891d-407d-89a2-5dc09b877c5a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56548", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-226-07", "content": "", "creation_timestamp": "2025-08-14T10:00:00.000000Z"}, {"uuid": "909cb2e1-4852-48d8-abd1-d4357916ecc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56542", "type": "seen", "source": "https://t.me/cvedetector/13752", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56542 - AMD Display Driver Memory Leak Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56542 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrm/amd/display: fix a memleak issue when driver is removed \n \nRunning \"modprobe amdgpu\" the second time (followed by a modprobe -r \namdgpu) causes a call trace like: \n \n[ 845.212163] Memory manager not clean during takedown. \n[ 845.212170] WARNING: CPU: 4 PID: 2481 at drivers/gpu/drm/drm_mm.c:999 drm_mm_takedown+0x2b/0x40 \n[ 845.212177] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amddrm_buddy(OE) amdxcp(OE) amd_sched(OE) drm_exec drm_suballoc_helper drm_display_helper i2c_algo_bit amdttm(OE) amdkcl(OE) cec rc_core sunrpc qrtr intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi edac_mce_amd snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_usb_audio snd_hda_codec snd_usbmidi_lib kvm_amd snd_hda_core snd_ump mc snd_hwdep kvm snd_pcm snd_seq_midi snd_seq_midi_event irqbypass crct10dif_pclmul snd_rawmidi polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 snd_seq aesni_intel crypto_simd snd_seq_device cryptd snd_timer mfd_aaeon asus_nb_wmi eeepc_wmi joydev asus_wmi snd ledtrig_audio sparse_keymap ccp wmi_bmof input_leds k10temp i2c_piix4 platform_profile rapl soundcore gpio_amdpt mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid ahci xhci_pci igc crc32_pclmul libahci xhci_pci_renesas video \n[ 845.212284] wmi [last unloaded: amddrm_ttm_helper(OE)] \n[ 845.212290] CPU: 4 PID: 2481 Comm: modprobe Tainted: G W OE 6.8.0-31-generic #31-Ubuntu \n[ 845.212296] RIP: 0010:drm_mm_takedown+0x2b/0x40 \n[ 845.212300] Code: 1f 44 00 00 48 8b 47 38 48 83 c7 38 48 39 f8 75 09 31 c0 31 ff e9 90 2e 86 00 55 48 c7 c7 d0 f6 8e 8a 48 89 e5 e8 f5 db 45 ff <0f0b 5d 31 c0 31 ff e9 74 2e 86 00 66 0f 1f 84 00 00 00 00 00 90 \n[ 845.212302] RSP: 0018:ffffb11302127ae0 EFLAGS: 00010246 \n[ 845.212305] RAX: 0000000000000000 RBX: ffff92aa5020fc08 RCX: 0000000000000000 \n[ 845.212307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 \n[ 845.212309] RBP: ffffb11302127ae0 R08: 0000000000000000 R09: 0000000000000000 \n[ 845.212310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 \n[ 845.212312] R13: ffff92aa50200000 R14: ffff92aa5020fb10 R15: ffff92aa5020faa0 \n[ 845.212313] FS: 0000707dd7c7c080(0000) GS:ffff92b93de00000(0000) knlGS:0000000000000000 \n[ 845.212316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 \n[ 845.212318] CR2: 00007d48b0aee200 CR3: 0000000115a58000 CR4: 0000000000f50ef0 \n[ 845.212320] PKRU: 55555554 \n[ 845.212321] Call Trace: \n[ 845.212323] \n[ 845.212328] ? show_regs+0x6d/0x80 \n[ 845.212333] ? __warn+0x89/0x160 \n[ 845.212339] ? drm_mm_takedown+0x2b/0x40 \n[ 845.212344] ? report_bug+0x17e/0x1b0 \n[ 845.212350] ? handle_bug+0x51/0xa0 \n[ 845.212355] ? exc_invalid_op+0x18/0x80 \n[ 845.212359] ? asm_exc_invalid_op+0x1b/0x20 \n[ 845.212366] ? drm_mm_takedown+0x2b/0x40 \n[ 845.212371] amdgpu_gtt_mgr_fini+0xa9/0x130 [amdgpu] \n[ 845.212645] amdgpu_ttm_fini+0x264/0x340 [amdgpu] \n[ 845.212770] amdgpu_bo_fini+0x2e/0xc0 [amdgpu] \n[ 845.212894] gmc_v12_0_sw_fini+0x2a/0x40 [amdgpu] \n[ 845.213036] amdgpu_device_fini_sw+0x11a/0x590 [amdgpu] \n[ 845.213159] amdgpu_driver_release_kms+0x16/0x40 [amdgpu] \n[ 845.213302] devm_drm_dev_init_release+0x5e/0x90 \n[ 845.213305] devm_action_release+0x12/0x30 \n[ 845.213308] release_nodes+0x42/0xd0 \n[ 845.213311] devres_release_all+0x97/0xe0 \n[ 845.213314] device_unbind_cleanup+0x12/0x80 \n[ 845.213317] device_release_driver_internal+0x230/0x270 \n[ 845.213319] ? srso_alias_return_thunk+0x5/0xfbef5 \n \nThis is caused by lost memory during early init phase. First time driver \nis removed, memory is fre[...]", "creation_timestamp": "2024-12-27T15:59:58.000000Z"}, {"uuid": "3b158f03-eeab-4f5d-a164-c5218998172c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2024-56544", "type": "seen", "source": "https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8", "content": "", "creation_timestamp": "2025-12-03T14:14:49.267740Z"}, {"uuid": "1c658b7f-18bc-4a1f-9c48-df9d74130fff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2024-56544", "type": "seen", "source": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/", "content": "", "creation_timestamp": "2026-03-19T00:00:00.000000Z"}, {"uuid": "478022ea-15d8-4e6f-8377-d9139f9ffd37", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56546", "type": "seen", "source": "https://t.me/cvedetector/13743", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56546 - Xilinx Linux Kernel Memory Leak\", \n \"Content\": \"CVE ID : CVE-2024-56546 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ndrivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() \n \nIf we fail to allocate memory for cb_data by kmalloc, the memory \nallocation for eve_data is never freed, add the missing kfree() \nin the error handling path. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:48.000000Z"}, {"uuid": "6e267dbf-59b1-4f37-be1d-31e47af0c58d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56548", "type": "seen", "source": "https://t.me/cvedetector/13739", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56548 - IBM Linux hfsplus slab use after free\", \n \"Content\": \"CVE ID : CVE-2024-56548 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nhfsplus: don't query the device logical block size multiple times \n \nDevices block sizes may change. One of these cases is a loop device by \nusing ioctl LOOP_SET_BLOCK_SIZE. \n \nWhile this may cause other issues like IO being rejected, in the case of \nhfsplus, it will allocate a block by using that size and potentially write \nout-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the \nlatter function reads a different io_size. \n \nUsing a new min_io_size initally set to sb_min_blocksize works for the \npurposes of the original fix, since it will be set to the max between \nHFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the \nmax between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not \ninitialized. \n \nTested by mounting an hfsplus filesystem with loop block sizes 512, 1024 \nand 4096. \n \nThe produced KASAN report before the fix looks like this: \n \n[ 419.944641] ================================================================== \n[ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a \n[ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 \n[ 419.947612] \n[ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 \n[ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 \n[ 419.950035] Call Trace: \n[ 419.950384] \n[ 419.950676] dump_stack_lvl+0x57/0x78 \n[ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a \n[ 419.951830] print_report+0x14c/0x49e \n[ 419.952361] ? __virt_addr_valid+0x267/0x278 \n[ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d \n[ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a \n[ 419.954231] kasan_report+0x89/0xb0 \n[ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a \n[ 419.955367] hfsplus_read_wrapper+0x659/0xa0a \n[ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 \n[ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 \n[ 419.957214] ? _raw_spin_unlock+0x1a/0x2e \n[ 419.957772] hfsplus_fill_super+0x348/0x1590 \n[ 419.958355] ? hlock_class+0x4c/0x109 \n[ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 \n[ 419.959499] ? __pfx_string+0x10/0x10 \n[ 419.960006] ? lock_acquire+0x3e2/0x454 \n[ 419.960532] ? bdev_name.constprop.0+0xce/0x243 \n[ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 \n[ 419.961799] ? pointer+0x3f0/0x62f \n[ 419.962277] ? __pfx_pointer+0x10/0x10 \n[ 419.962761] ? vsnprintf+0x6c4/0xfba \n[ 419.963178] ? __pfx_vsnprintf+0x10/0x10 \n[ 419.963621] ? setup_bdev_super+0x376/0x3b3 \n[ 419.964029] ? snprintf+0x9d/0xd2 \n[ 419.964344] ? __pfx_snprintf+0x10/0x10 \n[ 419.964675] ? lock_acquired+0x45c/0x5e9 \n[ 419.965016] ? set_blocksize+0x139/0x1c1 \n[ 419.965381] ? sb_set_blocksize+0x6d/0xae \n[ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10 \n[ 419.966179] mount_bdev+0x12f/0x1bf \n[ 419.966512] ? __pfx_mount_bdev+0x10/0x10 \n[ 419.966886] ? vfs_parse_fs_string+0xce/0x111 \n[ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 \n[ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 \n[ 419.968073] legacy_get_tree+0x104/0x178 \n[ 419.968414] vfs_get_tree+0x86/0x296 \n[ 419.968751] path_mount+0xba3/0xd0b \n[ 419.969157] ? __pfx_path_mount+0x10/0x10 \n[ 419.969594] ? kmem_cache_free+0x1e2/0x260 \n[ 419.970311] do_mount+0x99/0xe0 \n[ 419.970630] ? __pfx_do_mount+0x10/0x10 \n[ 419.971008] __do_sys_mount+0x199/0x1c9 \n[ 419.971397] do_syscall_64+0xd0/0x135 \n[ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e \n[ 419.972233] RIP: 0033:0x7c3cb812972e \n[ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <483d 01 [...]", "creation_timestamp": "2024-12-27T15:59:41.000000Z"}, {"uuid": "8bd78eec-f20a-46b4-a419-fc3cca3e0d05", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56541", "type": "seen", "source": "https://t.me/cvedetector/13751", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56541 - Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB ath12k Use-After-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56541 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nwifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() \n \nDuring ath12k module removal, in ath12k_core_deinit(), \nath12k_mac_destroy() un-registers ah->hw from mac80211 and frees \nthe ah->hw as well as all the ar's in it. After this \nath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup() \ntries to access one of the freed ar's from pending skb. \n \nThis is because during mac destroy, driver failed to flush few \ndata packets, which were accessed later in ath12k_dp_cc_cleanup() \nand freed, but using ar from the packet led to this use-after-free. \n \nBUG: KASAN: use-after-free in ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] \nWrite of size 4 at addr ffff888150bd3514 by task modprobe/8926 \nCPU: 0 UID: 0 PID: 8926 Comm: modprobe Not tainted \n6.11.0-rc2-wt-ath+ #1746 \nHardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS \nHNKBLi70.86A.0067.2021.0528.1339 05/28/2021 \n \nCall Trace: \n \n dump_stack_lvl+0x7d/0xe0 \n print_address_description.constprop.0+0x33/0x3a0 \n print_report+0xb5/0x260 \n ? kasan_addr_to_slab+0x24/0x80 \n kasan_report+0xd8/0x110 \n ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] \n ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] \n kasan_check_range+0xf3/0x1a0 \n __kasan_check_write+0x14/0x20 \n ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] \n ath12k_dp_free+0x178/0x420 [ath12k] \n ath12k_core_stop+0x176/0x200 [ath12k] \n ath12k_core_deinit+0x13f/0x210 [ath12k] \n ath12k_pci_remove+0xad/0x1c0 [ath12k] \n pci_device_remove+0x9b/0x1b0 \n device_remove+0xbf/0x150 \n device_release_driver_internal+0x3c3/0x580 \n ? __kasan_check_read+0x11/0x20 \n driver_detach+0xc4/0x190 \n bus_remove_driver+0x130/0x2a0 \n driver_unregister+0x68/0x90 \n pci_unregister_driver+0x24/0x240 \n ? find_module_all+0x13e/0x1e0 \n ath12k_pci_exit+0x10/0x20 [ath12k] \n __do_sys_delete_module+0x32c/0x580 \n ? module_flags+0x2f0/0x2f0 \n ? kmem_cache_free+0xf0/0x410 \n ? __fput+0x56f/0xab0 \n ? __fput+0x56f/0xab0 \n ? debug_smp_processor_id+0x17/0x20 \n __x64_sys_delete_module+0x4f/0x70 \n x64_sys_call+0x522/0x9f0 \n do_syscall_64+0x64/0x130 \n entry_SYSCALL_64_after_hwframe+0x4b/0x53 \nRIP: 0033:0x7f8182c6ac8b \n \nCommit 24de1b7b231c (\"wifi: ath12k: fix flush failure in recovery \nscenarios\") added the change to decrement the pending packets count \nin case of recovery which make sense as ah->hw as well all \nar's in it are intact during recovery, but during core deinit there \nis no use in decrementing packets count or waking up the empty waitq \nas the module is going to be removed also ar's from pending skb's \ncan't be used and the packets should just be released back. \n \nTo fix this, avoid accessing ar from skb->cb when driver is being \nunregistered. \n \nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00214-QCAHKSWPL_SILICONZ-1 \nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:57.000000Z"}, {"uuid": "cf24f699-cdca-4188-840e-eb766d6ae259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56540", "type": "seen", "source": "https://t.me/cvedetector/13750", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56540 - Intel Ivpu Recovery Triggering Null Pointer Dereference Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56540 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \naccel/ivpu: Prevent recovery invocation during probe and resume \n \nRefactor IPC send and receive functions to allow correct \nhandling of operations that should not trigger a recovery process. \n \nExpose ivpu_send_receive_internal(), which is now utilized by the D0i3 \nentry, DCT initialization, and HWS initialization functions. \nThese functions have been modified to return error codes gracefully, \nrather than initiating recovery. \n \nThe updated functions are invoked within ivpu_probe() and ivpu_resume(), \nensuring that any errors encountered during these stages result in a proper \nteardown or shutdown sequence. The previous approach of triggering recovery \nwithin these functions could lead to a race condition, potentially causing \nundefined behavior and kernel crashes due to null pointer dereferences. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:56.000000Z"}, {"uuid": "24a8a826-1147-4a3b-a74d-09294626c136", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56547", "type": "seen", "source": "https://t.me/cvedetector/13744", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56547 - Apache Linux RCU Missed Barrier Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56547 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nrcu/nocb: Fix missed RCU barrier on deoffloading \n \nCurrently, running rcutorture test with torture_type=rcu fwd_progress=8 \nn_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60 \ntest_boost=2, will trigger the following warning: \n \n WARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0 \n RIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0 \n Call Trace: \n \n ? __warn+0x7e/0x120 \n ? rcu_nocb_rdp_deoffload+0x292/0x2a0 \n ? report_bug+0x18e/0x1a0 \n ? handle_bug+0x3d/0x70 \n ? exc_invalid_op+0x18/0x70 \n ? asm_exc_invalid_op+0x1a/0x20 \n ? rcu_nocb_rdp_deoffload+0x292/0x2a0 \n rcu_nocb_cpu_deoffload+0x70/0xa0 \n rcu_nocb_toggle+0x136/0x1c0 \n ? __pfx_rcu_nocb_toggle+0x10/0x10 \n kthread+0xd1/0x100 \n ? __pfx_kthread+0x10/0x10 \n ret_from_fork+0x2f/0x50 \n ? __pfx_kthread+0x10/0x10 \n ret_from_fork_asm+0x1a/0x30 \n \n \nCPU0 CPU2 CPU3 \n//rcu_nocb_toggle //nocb_cb_wait //rcutorture \n \n// deoffload CPU1 // process CPU1's rdp \nrcu_barrier() \n rcu_segcblist_entrain() \n rcu_segcblist_add_len(1); \n // len == 2 \n // enqueue barrier \n // callback to CPU1's \n // rdp->cblist \n rcu_do_batch() \n // invoke CPU1's rdp->cblist \n // callback \n rcu_barrier_callback() \n rcu_barrier() \n mutex_lock(&rcu_state.barrier_mutex); \n // still see len == 2 \n // enqueue barrier callback \n // to CPU1's rdp->cblist \n rcu_segcblist_entrain() \n rcu_segcblist_add_len(1); \n // len == 3 \n // decrement len \n rcu_segcblist_add_len(-2); \n kthread_parkme() \n \n// CPU1's rdp->cblist len == 1 \n// Warn because there is \n// still a pending barrier \n// trigger warning \nWARN_ON_ONCE(rcu_segcblist_n_cbs(&rdp->cblist)); \ncpus_read_unlock(); \n \n // wait CPU1 to comes online and \n // invoke barrier callback on \n // CPU1 rdp's->cblist \n wait_for_completion(&rcu_state.barrier_completion); \n// deoffload CPU4 \ncpus_read_lock() \n rcu_barrier() \n mutex_lock(&rcu_state.barrier_mutex); \n // block on barrier_mutex \n // wait rcu_barrier() on \n // CPU3 to unlock barrier_mutex \n // but CPU3 unlock barrier_mutex \n // need to wait CPU1 comes online \n // when CPU1 going online will block on cpus_write_lock \n \nThe above scenario will not only trigger a WARN_ON_ONCE(), but also \ntrigger a deadlock. \n \nThanks to nocb locking, a second racing rcu_barrier() on an offline CPU \nwill either observe the decremented callback counter down to 0 and spare \nthe callback enqueue, or rcuo will observe the new callback and keep \nrdp->nocb_cb_sleep to false. \n \nTherefore check rdp->nocb_cb_sleep before parking to make sure no \nf[...]", "creation_timestamp": "2024-12-27T15:59:48.000000Z"}, {"uuid": "260e5ae3-cb2a-4249-b02c-d440c1c36318", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56549", "type": "seen", "source": "https://t.me/cvedetector/13746", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56549 - Linux Kernel cachefiles NULL Pointer Dereference\", \n \"Content\": \"CVE ID : CVE-2024-56549 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \ncachefiles: Fix NULL pointer dereference in object->file \n \nAt present, the object->file has the NULL pointer dereference problem in \nondemand-mode. The root cause is that the allocated fd and object->file \nlifetime are inconsistent, and the user-space invocation to anon_fd uses \nobject->file. Following is the process that triggers the issue: \n \n [write fd] [umount] \ncachefiles_ondemand_fd_write_iter \n fscache_cookie_state_machine \n cachefiles_withdraw_cookie \n if (!file) return -ENOBUFS \n cachefiles_clean_up_object \n cachefiles_unmark_inode_in_use \n fput(object->file) \n object->file = NULL \n // file NULL pointer dereference! \n __cachefiles_write(..., file, ...) \n \nFix this issue by add an additional reference count to the object->file \nbefore write/llseek, and decrement after it finished. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:50.000000Z"}, {"uuid": "6c8c7c9e-57d2-42c5-a848-144a3be8cf8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56545", "type": "seen", "source": "https://t.me/cvedetector/13742", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56545 - Linux Kernel HID Hyper-V Driver Unregistered Driver Memory Leak\", \n \"Content\": \"CVE ID : CVE-2024-56545 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nHID: hyperv: streamline driver probe to avoid devres issues \n \nIt was found that unloading 'hid_hyperv' module results in a devres \ncomplaint: \n \n ... \n hv_vmbus: unregistering driver hid_hyperv \n ------------[ cut here ]------------ \n WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 \n ... \n Call Trace: \n \n ? devres_release_group+0x1f2/0x2c0 \n ? __warn+0xd1/0x1c0 \n ? devres_release_group+0x1f2/0x2c0 \n ? report_bug+0x32a/0x3c0 \n ? handle_bug+0x53/0xa0 \n ? exc_invalid_op+0x18/0x50 \n ? asm_exc_invalid_op+0x1a/0x20 \n ? devres_release_group+0x1f2/0x2c0 \n ? devres_release_group+0x90/0x2c0 \n ? rcu_is_watching+0x15/0xb0 \n ? __pfx_devres_release_group+0x10/0x10 \n hid_device_remove+0xf5/0x220 \n device_release_driver_internal+0x371/0x540 \n ? klist_put+0xf3/0x170 \n bus_remove_device+0x1f1/0x3f0 \n device_del+0x33f/0x8c0 \n ? __pfx_device_del+0x10/0x10 \n ? cleanup_srcu_struct+0x337/0x500 \n hid_destroy_device+0xc8/0x130 \n mousevsc_remove+0xd2/0x1d0 [hid_hyperv] \n device_release_driver_internal+0x371/0x540 \n driver_detach+0xc5/0x180 \n bus_remove_driver+0x11e/0x2a0 \n ? __mutex_unlock_slowpath+0x160/0x5e0 \n vmbus_driver_unregister+0x62/0x2b0 [hv_vmbus] \n ... \n \nAnd the issue seems to be that the corresponding devres group is not \nallocated. Normally, devres_open_group() is called from \n__hid_device_probe() but Hyper-V HID driver overrides 'hid_dev->driver' \nwith 'mousevsc_hid_driver' stub and basically re-implements \n__hid_device_probe() by calling hid_parse() and hid_hw_start() but not \ndevres_open_group(). hid_device_probe() does not call __hid_device_probe() \nfor it. Later, when the driver is removed, hid_device_remove() calls \ndevres_release_group() as it doesn't check whether hdev->driver was \ninitially overridden or not. \n \nThe issue seems to be related to the commit 62c68e7cee33 (\"HID: ensure \ntimely release of driver-allocated resources\") but the commit itself seems \nto be correct. \n \nFix the issue by dropping the 'hid_dev->driver' override and using \nhid_register_driver()/hid_unregister_driver() instead. Alternatively, it \nwould have been possible to rely on the default handling but \nHID_CONNECT_DEFAULT implies HID_CONNECT_HIDRAW and it doesn't seem to work \nfor mousevsc as-is. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:44.000000Z"}, {"uuid": "0948609b-e216-4e31-894f-8e2c64234326", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56543", "type": "seen", "source": "https://t.me/cvedetector/13741", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56543 - Ath12k WiFi Double-Free Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56543 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nwifi: ath12k: Skip Rx TID cleanup for self peer \n \nDuring peer create, dp setup for the peer is done where Rx TID is \nupdated for all the TIDs. Peer object for self peer will not go through \ndp setup. \n \nWhen core halts, dp cleanup is done for all the peers. While cleanup, \nrx_tid::ab is accessed which causes below stack trace for self peer. \n \nWARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 \nCall Trace: \n__warn+0x7b/0x1a0 \nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] \nreport_bug+0x10b/0x200 \nhandle_bug+0x3f/0x70 \nexc_invalid_op+0x13/0x60 \nasm_exc_invalid_op+0x16/0x20 \nath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] \nath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k] \nath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k] \nath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k] \nath12k_core_halt+0x3b/0x100 [ath12k] \nath12k_core_reset+0x494/0x4c0 [ath12k] \n \nsta object in peer will be updated when remote peer is created. Hence \nuse peer::sta to detect the self peer and skip the cleanup. \n \nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 \nTested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:43.000000Z"}, {"uuid": "5e575865-ae91-4ca6-8718-210a725af9b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-56544", "type": "seen", "source": "https://t.me/cvedetector/13738", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2024-56544 - Linux Kernel UdmaBuf Large Allocation Vulnerability\", \n \"Content\": \"CVE ID : CVE-2024-56544 \nPublished : Dec. 27, 2024, 2:15 p.m. | 42\u00a0minutes ago \nDescription : In the Linux kernel, the following vulnerability has been resolved: \n \nudmabuf: change folios array from kmalloc to kvmalloc \n \nWhen PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine, \npage_alloc only support 4MB. \nIf above this, trigger this warn and return NULL. \n \nudmabuf can change size limit, if change it to 3072(3GB), and then alloc \n3GB udmabuf, will fail create. \n \n[ 4080.876581] ------------[ cut here ]------------ \n[ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350 \n[ 4080.878839] RIP: 0010:__alloc_pages+0x2c8/0x350 \n[ 4080.879470] Call Trace: \n[ 4080.879473] \n[ 4080.879473] ? __alloc_pages+0x2c8/0x350 \n[ 4080.879475] ? __warn.cold+0x8e/0xe8 \n[ 4080.880647] ? __alloc_pages+0x2c8/0x350 \n[ 4080.880909] ? report_bug+0xff/0x140 \n[ 4080.881175] ? handle_bug+0x3c/0x80 \n[ 4080.881556] ? exc_invalid_op+0x17/0x70 \n[ 4080.881559] ? asm_exc_invalid_op+0x1a/0x20 \n[ 4080.882077] ? udmabuf_create+0x131/0x400 \n \nBecause MAX_PAGE_ORDER, kmalloc can max alloc 4096 * (1 <<\nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"27 Dec 2024\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-27T15:59:40.000000Z"}]}