CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-47696 – RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
https://notcve.org/view.php?id=CVE-2024-47696
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency In the commit aee2424246f9 ("RDMA/iwcm: Fix a use-after-free related to destroying CM IDs"), the function flush_workqueue is invoked to flush the work queue iwcm_wq. But at that time, the work queue iwcm_wq was created via the function alloc_ordered_workqueue without the flag WQ_MEM_RECLAIM. Because the current process is trying to flush the whole iwcm_wq, if iwcm_wq doesn... • https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47695 – RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds
https://notcve.org/view.php?id=CVE-2024-47695
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds In the function init_conns(), after the create_con() and create_cm() for loop if something fails. In the cleanup for loop after the destroy tag, we access out of bound memory because cid is set to clt_path->s.con_num. This commits resets the cid to clt_path->s.con_num - 1, to stay in bounds in the cleanup loop later. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/6a98d71daea186247005099758af549e6afdd244 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-47694 – IB/mlx5: Fix UMR pd cleanup on error flow of driver init
https://notcve.org/view.php?id=CVE-2024-47694
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix UMR pd cleanup on error flow of driver init The cited commit moves the pd allocation from function mlx5r_umr_resource_cleanup() to a new function mlx5r_umr_cleanup(). So the fix in commit [1] is broken. In error flow, will hit panic [2]. Fix it by checking pd pointer to avoid panic if it is NULL; [1] RDMA/mlx5: Fix UMR cleanup on error flow of driver init [2] [ 347.567063] infiniband mlx5_0: Couldn't register device with driver... • https://git.kernel.org/stable/c/638420115cc4ad6c3a2683bf46a052b505abb202 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47693 – IB/core: Fix ib_cache_setup_one error flow cleanup
https://notcve.org/view.php?id=CVE-2024-47693
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix ib_cache_setup_one error flow cleanup When ib_cache_update return an error, we exit ib_cache_setup_one instantly with no proper cleanup, even though before this we had already successfully done gid_table_setup_one, that results in the kernel WARN below. Do proper cleanup using gid_table_cleanup_one before returning the err in order to fix the issue. WARNING: CPU: 4 PID: 922 at drivers/infiniband/core/cache.c:806 gid_table_relea... • https://git.kernel.org/stable/c/1901b91f99821955eac2bd48fe25ee983385dc00 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-47692 – nfsd: return -EINVAL when namelen is 0
https://notcve.org/view.php?id=CVE-2024-47692
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdup_user() to return ZERO_SIZE_PTR. When we access the name.data that has been assigned the value of ZERO_SIZE_PTR in nfs4_client_to_reclaim(), null pointer dereference is triggered. [ T1205] ================================================================== [ T1205] BUG: KASAN: null-ptr... • https://git.kernel.org/stable/c/74725959c33c14114fdce1e36e3504d106584d53 •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-47691 – f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
https://notcve.org/view.php?id=CVE-2024-47691
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread() syzbot reports a f2fs bug as below: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_report+0xe8/0x550 mm/kasan/report.c:491 kasan_report+0x143/0x180 mm/kasan/report.c:601 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189 instrument_atomic_read_write include/linux/instrumented.h:96 [inline] atomic_fetch_add_relaxed include/linux/atom... • https://git.kernel.org/stable/c/7950e9ac638e84518fbdd5c930939ad46a1068c5 •
CVSS: 6.6EPSS: 0%CPEs: 6EXPL: 0CVE-2024-47690 – f2fs: get rid of online repaire on corrupted directory
https://notcve.org/view.php?id=CVE-2024-47690
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: get rid of online repaire on corrupted directory syzbot reports a f2fs bug as below: kernel BUG at fs/f2fs/inode.c:896! RIP: 0010:f2fs_evict_inode+0x1598/0x15c0 fs/f2fs/inode.c:896 Call Trace: evict+0x532/0x950 fs/inode.c:704 dispose_list fs/inode.c:747 [inline] evict_inodes+0x5f9/0x690 fs/inode.c:797 generic_shutdown_super+0x9d/0x2d0 fs/super.c:627 kill_block_super+0x44/0x90 fs/super.c:1696 kill_f2fs_super+0x344/0x690 fs/f2fs/super.c... • https://git.kernel.org/stable/c/510022a85839a8409d1e6a519bb86ce71a84f30a •
CVSS: 6.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47689 – f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error()
https://notcve.org/view.php?id=CVE-2024-47689
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't set SB_RDONLY in f2fs_handle_critical_error() syzbot reports a f2fs bug as below: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 58 at kernel/rcu/sync.c:177 rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177 CPU: 1 UID: 0 PID: 58 Comm: kworker/1:2 Not tainted 6.10.0-syzkaller-12562-g1722389b0d86 #0 Workqueue: events destroy_super_work RIP: 0010:rcu_sync_dtor+0xcd/0x180 kernel/rcu/sync.c:177 Call Trace: percpu_free_... • https://git.kernel.org/stable/c/b62e71be2110d8b52bf5faf3c3ed7ca1a0c113a5 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47688 – driver core: Fix a potential null-ptr-deref in module_add_driver()
https://notcve.org/view.php?id=CVE-2024-47688
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: driver core: Fix a potential null-ptr-deref in module_add_driver() Inject fault while probing of-fpga-region, if kasprintf() fails in module_add_driver(), the second sysfs_remove_link() in exit path will cause null-ptr-deref as below because kernfs_name_hash() will call strlen() with NULL driver_name. Fix it by releasing resources based on the exit path sequence. KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] Mem abo... • https://git.kernel.org/stable/c/28f5a08600d0ea6831629d450193c4045094e729 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-47687 – vdpa/mlx5: Fix invalid mr resource destroy
https://notcve.org/view.php?id=CVE-2024-47687
21 Oct 2024 — In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix invalid mr resource destroy Certain error paths from mlx5_vdpa_dev_add() can end up releasing mr resources which never got initialized in the first place. This patch adds the missing check in mlx5_vdpa_destroy_mr_resources() to block releasing non-initialized mr resources. Reference trace: mlx5_core 0000:08:00.2: mlx5_vdpa_dev_add:3274:(pid 2700) warning: No mac address provisioned? BUG: kernel NULL pointer dereference, addre... • https://git.kernel.org/stable/c/512c0cdd80c19ec11f6dbe769d5899dcfefcd5c9 •