
CVE-2024-35934 – net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()
https://notcve.org/view.php?id=CVE-2024-35934
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Many syzbot reports show extreme rtnl pressure, and many of them hint that smc acquires rtnl in netns creation for no good reason [1] This patch returns early from smc_pnet_net_init() if there is no netdevice yet. I am not even sure why smc_pnet_create_pnetids_list() even exists, because smc_pnet_netdev_event() is also calling smc_pnet_add_base_pnetid() when handling NETDEV_UP ... • https://git.kernel.org/stable/c/bc4d1ebca11b4f194e262326bd45938e857c59d2 •

CVE-2024-35933 – Bluetooth: btintel: Fix null ptr deref in btintel_read_version
https://notcve.org/view.php?id=CVE-2024-35933
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: btintel: corrija el ptr deref nulo en btintel_read_version Si se activa hci_cmd_sync_complete() y skb es NULL, entonces hdev->req_skb es NULL, lo que causará este problema. A NULL pointer d... • https://git.kernel.org/stable/c/ec2049fb2b8be3e108fe2ef1f1040f91e72c9990 •

CVE-2024-35932 – drm/vc4: don't check if plane->state->fb == state->fb
https://notcve.org/view.php?id=CVE-2024-35932
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/vc4: don't check if plane->state->fb == state->fb Currently, when using non-blocking commits, we can see the following kernel warning: [ 110.908514] ------------[ cut here ]------------ [ 110.908529] refcount_t: underflow; use-after-free. [ 110.908620] WARNING: CPU: 0 PID: 1866 at lib/refcount.c:87 refcount_dec_not_one+0xb8/0xc0 [ 110.908664] Modules linked in: rfcomm snd_seq_dummy snd_hrtimer snd_seq snd_seq_device cmac algif_hash aes_... • https://git.kernel.org/stable/c/48bfb4b03c5ff6e1fa1dc73fb915e150b0968c40 •

CVE-2024-35931 – drm/amdgpu: Skip do PCI error slot reset during RAS recovery
https://notcve.org/view.php?id=CVE-2024-35931
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Skip do PCI error slot reset during RAS recovery Why: The PCI error slot reset maybe triggered after inject ue to UMC multi times, this caused system hang. [ 557.371857] amdgpu 0000:af:00.0: amdgpu: GPU reset succeeded, trying to resume [ 557.373718] [drm] PCIE GART of 512M enabled. [ 557.373722] [drm] PTB located at 0x0000031FED700000 [ 557.373788] [drm] VRAM is lost due to GPU reset! [ 557.373789] [drm] PSP is resuming... [ 55... • https://git.kernel.org/stable/c/395ca1031acf89d8ecb26127c544a71688d96f35 •

CVE-2024-35929 – rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
https://notcve.org/view.php?id=CVE-2024-35929
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sys... • https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc •

CVE-2024-35925 – block: prevent division by zero in blk_rq_stat_sum()
https://notcve.org/view.php?id=CVE-2024-35925
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloquear: evitar la división por cero en blk_rq_stat_sum() La expresión dst->nr_samples + src->nr_samples puede ... • https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7 •

CVE-2024-35922 – fbmon: prevent division by zero in fb_videomode_from_videomode()
https://notcve.org/view.php?id=CVE-2024-35922
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: fbmon: prevent division by zero in fb_videomode_from_videomode() The expression htotal * vtotal can have a zero value on overflow. It is necessary to prevent division by zero like in fb_var_to_videomode(). Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: fbmon: evita la división por cero en fb_videomode_from_videomode() La expresión htotal * vtotal puede tene... • https://git.kernel.org/stable/c/1fb52bc1de55e9e0bdf71fe078efd4da0889710f •

CVE-2023-52699 – sysv: don't call sb_bread() with pointers_lock held
https://notcve.org/view.php?id=CVE-2023-52699
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&pointers_lock)" bug were introduced by "Replace BKL for chain locking with sysvfs-private rwlock" in Linux 2.5.12. Then, "[PATCH] err1-40: sysvfs locking fix" in Linux ... • https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76 •

CVE-2024-35896 – netfilter: validate user input for expected length
https://notcve.org/view.php?id=CVE-2024-35896
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: validate user input for expected length I got multiple syzbot reports showing old bugs exposed by BPF after commit 20f2505fb436 ("bpf: Try to avoid kzalloc in cgroup/{s,g}etsockopt") setsockopt() @optlen argument should be taken into account before copying data. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •

CVE-2024-35887 – ax25: fix use-after-free bugs caused by ax25_ds_del_timer
https://notcve.org/view.php?id=CVE-2024-35887
19 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ax25: fix use-after-free bugs caused by ax25_ds_del_timer When the ax25 device is detaching, the ax25_dev_device_down() calls ax25_ds_del_timer() to cleanup the slave_timer. When the timer handler is running, the ax25_ds_del_timer() that calls del_timer() in it will return directly. As a result, the use-after-free bugs could happen, one of the scenarios is shown below: (Thread 1) | (Thread 2) | ax25_ds_timeout() ax25_dev_device_down() | ax2... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •