CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2024-53161 – EDAC/bluefield: Fix potential integer overflow
https://notcve.org/view.php?id=CVE-2024-53161
In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. • https://git.kernel.org/stable/c/82413e562ea6eadfb6de946dcc6f74af31d64e7f https://git.kernel.org/stable/c/8cc31cfa36ff37aff399b72faa2ded58110112ae https://git.kernel.org/stable/c/e0269ea7a628fdeddd65b92fe29c09655dbb80b9 https://git.kernel.org/stable/c/4ad7033de109d0fec99086f352f58a3412e378b8 https://git.kernel.org/stable/c/578ca89b04680145d41011e7cec8806fefbb59e7 https://git.kernel.org/stable/c/ac6ebb9edcdb7077e841862c402697c4c48a7c0a https://git.kernel.org/stable/c/fdb90006184aa84c7b4e09144ed0936d4e1891a7 https://git.kernel.org/stable/c/000930193fe5eb79ce5563ee2e9ddb0c6 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2024-53160 – rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
https://notcve.org/view.php?id=CVE-2024-53160
In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function: <snip> BUG: KCSAN: data-race in __mod_timer / kvfree_call_rcu read to 0xffff888237d1cce8 of 8 bytes by task 10149 on cpu 1: schedule_delayed_monitor_work kernel/rcu/tree.c:3520 [inline] kvfree_call_rcu+0x3b8/0x510 kernel/rcu/tree.c:3839 trie_update_elem+0x47c/0x620 kernel/bpf/lpm_trie.c:441 bpf_map_update_value+0x324/0x350 kernel/bpf/syscall.c:203 generic_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1849 bpf_map_do_batch+0x28c/0x3f0 kernel/bpf/syscall.c:5143 __sys_bpf+0x2e5/0x7a0 __do_sys_bpf kernel/bpf/syscall.c:5741 [inline] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline] __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5739 x64_sys_call+0x2625/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffff888237d1cce8 of 8 bytes by task 56 on cpu 0: __mod_timer+0x578/0x7f0 kernel/time/timer.c:1173 add_timer_global+0x51/0x70 kernel/time/timer.c:1330 __queue_delayed_work+0x127/0x1a0 kernel/workqueue.c:2523 queue_delayed_work_on+0xdf/0x190 kernel/workqueue.c:2552 queue_delayed_work include/linux/workqueue.h:677 [inline] schedule_delayed_monitor_work kernel/rcu/tree.c:3525 [inline] kfree_rcu_monitor+0x5e8/0x660 kernel/rcu/tree.c:3643 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 56 Comm: kworker/u8:4 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_unbound kfree_rcu_monitor <snip> kfree_rcu_monitor() rearms the work if a "krcp" has to be still offloaded and this is done without holding krcp->lock, whereas the kvfree_call_rcu() holds it. Fix it by acquiring the "krcp->lock" for kfree_rcu_monitor() so both functions do not race anymore. • https://git.kernel.org/stable/c/8fc5494ad5face62747a3937db66b00db1e5d80b https://git.kernel.org/stable/c/967a0e61910825d1fad009d836a6cb41f7402395 https://git.kernel.org/stable/c/05b8ea1f16667f07c8e5843fb4bde3e49d49ead8 https://git.kernel.org/stable/c/5ced426d97ce84299ecfcc7bd8b38f975fd11089 https://git.kernel.org/stable/c/a23da88c6c80e41e0503e0b481a22c9eea63f263 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2024-53159 – hwmon: (nct6775-core) Fix overflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-53159
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/c3963bc0a0cf9ecb205a9d4976eb92b6df2fa3fd https://git.kernel.org/stable/c/ae703f8ff083c5267af30d6c8cf096d562623b3b https://git.kernel.org/stable/c/685c10269c41d23d7a2b85d3fd6b6345390c8746 https://git.kernel.org/stable/c/a4712e4485f5c388bbe0d0e8f52978241ab34a29 https://git.kernel.org/stable/c/dfa8bedfffcae87976b34a45a724deb9c3a0a88e https://git.kernel.org/stable/c/57ee12b6c514146c19b6a159013b48727a012960 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2024-53158 – soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
https://notcve.org/view.php?id=CVE-2024-53158
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. • https://git.kernel.org/stable/c/eddac5af06546d2e7a0730e3dc02dde3dc91098a https://git.kernel.org/stable/c/37cdd4f0c266560b7b924c42361eeae3dc5f0c3e https://git.kernel.org/stable/c/7a3465b79ef0539aa10b310ac3cc35e0ae25b79e https://git.kernel.org/stable/c/748557ca7dc94695a6e209eb68fce365da9a3bb3 https://git.kernel.org/stable/c/f4b7bf5a50f1fa25560f0b66a13563465542861b https://git.kernel.org/stable/c/b0a9c6ccaf88c4701787f61ecd2ec0eb014a0677 https://git.kernel.org/stable/c/c24e019ca12d9ec814af04b30a64dd7173fb20fe https://git.kernel.org/stable/c/56eda41dcce0ec4d3418b4f85037bdea1 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2024-53157 – firmware: arm_scpi: Check the DVFS OPP count returned by the firmware
https://notcve.org/view.php?id=CVE-2024-53157
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none • https://git.kernel.org/stable/c/8cb7cf56c9fe5412de238465b27ef35b4d2801aa https://git.kernel.org/stable/c/12e2c520a0a4202575e4a45ea41f06a8e9aa3417 https://git.kernel.org/stable/c/8be4e51f3ecfb0915e3510b600c4cce0dc68a383 https://git.kernel.org/stable/c/380c0e1d96f3b522f3170c18ee5e0f1a28fec5d6 https://git.kernel.org/stable/c/2a5b8de6fcb944f9af0c5fcb30bb0c039705e051 https://git.kernel.org/stable/c/06258e57fee253f4046d3a6a86d7fde09f596eac https://git.kernel.org/stable/c/025067eeb945aa17c7dd483a63960125b7efb577 https://git.kernel.org/stable/c/dfc9c2aa7f04f7db7e7225a5e118a24bf •