Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-29 | CVE-2024-56711 | NULL Pointer Dereference vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference drm_mode_duplicate() could return NULL due to lack of memory, which will then call NULL pointer dereference. | 5.5 |
| 2024-12-29 | CVE-2024-56712 | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak. Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we can give it different error handling. Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf. | 5.5 |
| 2024-12-29 | CVE-2024-56715 | Memory Leak vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() failure. | 5.5 |
| 2024-12-29 | CVE-2024-56716 | Improper Validation of Specified Quantity in Input vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. | 5.5 |
| 2024-12-29 | CVE-2024-56717 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic() Packets injected by the CPU should have a SRC_PORT field equal to the CPU port module index in the Analyzer block (ocelot->num_phys_ports). The blamed commit copied the ocelot_ifh_set_basic() call incorrectly from ocelot_xmit_common() in net/dsa/tag_ocelot.c. | 5.5 |
| 2024-12-29 | CVE-2024-56718 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. | 5.5 |
| 2024-12-29 | CVE-2024-56719 | Unspecified vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stmmac_tso_xmit(). The buf (dma cookie) and len stored in this structure are passed to dma_unmap_single() by stmmac_tx_clean(). | 5.5 |
| 2024-12-29 | CVE-2024-13005 | SQL Injection vulnerability in 1000Projects Attendance Tracking Management System 1.0 A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. | 9.8 |
| 2024-12-29 | CVE-2024-13006 | SQL Injection vulnerability in 1000Projects Human Resource Management System 1.0 A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. | 9.8 |
| 2024-12-29 | CVE-2024-13004 | SQL Injection vulnerability in PHPgurukul Complaint Management System 1.0 A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. | 9.8 |