CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36892 – mm/slub: avoid zeroing outside-object freepointer for single free
https://notcve.org/view.php?id=CVE-2024-36892
The freepointer left as is, check_object() may later detect an invalid pointer value due to objects overflow. To reproduce, set `slub_debug=FU init_on_free=1 log_level=7` on the command line of a kernel build with `CONFIG_SLAB_FREELIST_HARDENED=y`. dmesg sample log: [ 10.708715] ============================================================================= [ 10.710323] BUG kmalloc-rnd-05-32 (Tainted: G B T ): Freepointer corrupt [ 10.712695] ----------------------------------------------------------------------------- [ 10.712695] [ 10.712695] Slab 0xffffd8bdc400d580 objects=32 used=4 fp=0xffff9d9a80356f80 flags=0x200000000000a00(workingset|slab|node=0|zone=2) [ 10.716698] Object 0xffff9d9a80356600 @offset=1536 fp=0x7ee4f480ce0ecd7c [ 10.716698] [ 10.716698] Bytes b4 ffff9d9a803565f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.720703] Object ffff9d9a80356600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.720703] Object ffff9d9a80356610: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.724696] Padding ffff9d9a8035666c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 10.724696] Padding ffff9d9a8035667c: 00 00 00 00 .... [ 10.724696] FIX kmalloc-rnd-05-32: Object at 0xffff9d9a80356600 not freed En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/slub: evita poner a cero el puntero libre de objetos externos para un solo commit libre 284f17ac13fe ("mm/slub: maneja la liberación masiva y de objetos individuales por separado") divide la liberación de objetos únicos y masivos en dos funciones slab_free() y slab_free_bulk() lo que lleva a slab_free() a llamar a slab_free_hook() directamente en lugar de slab_free_freelist_hook(). • https://git.kernel.org/stable/c/284f17ac13fe34ae9eecbe57bb91553374d9b855 https://git.kernel.org/stable/c/56900355485f6e82114b18c812edd57fd7970dcb https://git.kernel.org/stable/c/8f828aa48812ced28aa39cb3cfe55ef2444d03dd •
CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36883 – net: fix out-of-bounds access in ops_init
https://notcve.org/view.php?id=CVE-2024-36883
Se lee dos veces, primero para asignar una matriz y luego para configurar s.len, que luego se usa para limitar los límites del acceso a la matriz. • https://git.kernel.org/stable/c/073862ba5d249c20bd5c49fc6d904ff0e1f6a672 https://git.kernel.org/stable/c/561331eae0a03d0c4cf60f3cf485aa3e8aa5ab48 https://git.kernel.org/stable/c/a2c82f7bee1ffa9eafa1fb0bd886a7eea8c9e497 https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3 https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7 https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030 https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25e • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36022 – drm/amdgpu: Init zone device and drm client after mode-1 reset on reload
https://notcve.org/view.php?id=CVE-2024-36022
Como la versión anterior tiene el potencial de crear un cliente DRM dos veces. v3: el parche v2 hace que el motor SDMA se bloquee porque la apertura de DRM hace que la VM se borre a SDMA antes de que se inicie SDMA. • https://git.kernel.org/stable/c/4f8154f775197d0021b690c2945d6a4d8094c8f6 https://git.kernel.org/stable/c/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 https://access.redhat.com/security/cve/CVE-2024-36022 https://bugzilla.redhat.com/show_bug.cgi?id=2284427 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.3EPSS: 0%CPEs: 9EXPL: 0CVE-2024-36020 – i40e: fix vf may be used uninitialized in this function warning
https://notcve.org/view.php?id=CVE-2024-36020
El uso de dos fuentes para la información es la causa fundamental. • https://git.kernel.org/stable/c/76ed715836c6994bac29d9638e9314e6e3b08651 https://git.kernel.org/stable/c/e88c2a1e28c5475065563d66c07ca879a9afbd07 https://git.kernel.org/stable/c/9abae363af5ced6adbf04c14366289540281fb26 https://git.kernel.org/stable/c/c39de3ae5075ea5f78e097cb5720d4e52d5caed9 https://git.kernel.org/stable/c/52424f974bc53c26ba3f00300a00e9de9afcd972 https://git.kernel.org/stable/c/02f949747e6fb767b29f7931d4bbf40911684e7a https://git.kernel.org/stable/c/cc9cd02dd9e8b7764ea9effb24f4f1dd73d1b23d https://git.kernel.org/stable/c/9dcf0fcb80f6aeb01469e3c957f8d4c97 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5521 – Cross-Site Scripting stored in Alkacon OpenCMS
https://notcve.org/view.php?id=CVE-2024-5521
Se han descubierto dos vulnerabilidades de Cross-site Scripting en OpenCMS de Alkacon que afectan a la versión 16, lo que podría permitir que un usuario que tenga las funciones de editor de galería o administrador de recursos VFS tenga permiso para cargar imágenes en formato .svg que contengan código JavaScript. • https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-stored-alkacon-opencms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •