CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35929 – rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()
https://notcve.org/view.php?id=CVE-2024-35929
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock() For the kernels built with CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y and CONFIG_RCU_LAZY=y, the following scenarios will trigger WARN_ON_ONCE() in the rcu_nocb_bypass_lock() and rcu_nocb_wait_contended() functions: CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full drop_slab __delete_object shrink_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass __call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id() != rdp->cpu); WARN_ON_ONCE(atomic_read(&rdp->nocb_lock_contended)) | |_ _ _ _ _ _ _ _ _ _same rdp and rdp->cpu != 11_ _ _ _ _ _ _ _ _ __| Reproduce this bug with "echo 3 > /proc/sys/vm/drop_caches". This commit therefore uses rcu_nocb_try_flush_bypass() instead of rcu_nocb_flush_bypass() in lazy_rcu_shrink_scan(). If the nocb_bypass queue is being flushed, then rcu_nocb_try_flush_bypass will return directly. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rcu/nocb: corrija WARN_ON_ONCE() en rcu_nocb_bypass_lock() Para los kernels creados con CONFIG_RCU_NOCB_CPU_DEFAULT_ALL=y y CONFIG_RCU_LAZY=y, los siguientes escenarios activarán WARN_ON_ONCE() en rcu_nocb_bypass_lock( ) y funciones rcu_nocb_wait_contended(): CPU2 CPU11 kthread rcu_nocb_cb_kthread ksys_write rcu_do_batch vfs_write rcu_torture_timer_cb proc_sys_write __kmem_cache_free proc_sys_call_handler kmemleak_free drop_caches_sysctl_handler delete_object_full losa __delete_object encogimiento_slab put_object lazy_rcu_shrink_scan call_rcu rcu_nocb_flush_bypass __call_rcu_commn rcu_nocb_bypass_lock raw_spin_trylock(&rdp->nocb_bypass_lock) fail atomic_inc(&rdp->nocb_lock_contended); rcu_nocb_wait_contended WARN_ON_ONCE(smp_processor_id()! • https://git.kernel.org/stable/c/4d58c9fb45c70e62c19e8be3f3605889c47601bc https://git.kernel.org/stable/c/927d1f4f77e4784ab3944a9df86ab14d1cd3185a https://git.kernel.org/stable/c/dda98810b552fc6bf650f4270edeebdc2f28bd3f •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35928 – drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()
https://notcve.org/view.php?id=CVE-2024-35928
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() This ensures that the memory mapped by ioremap for adev->rmmio, is properly handled in amdgpu_device_init(). If the function exits early due to an error, the memory is unmapped. If the function completes successfully, the memory remains mapped. Reported by smatch: drivers/gpu/drm/amd/amdgpu/amdgpu_device.c:4337 amdgpu_device_init() warn: 'adev->rmmio' from ioremap() not released on lines: 4035,4045,4051,4058,4068,4337 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/amdgpu: corrige posibles pérdidas de memoria de ioremap() en amdgpu_device_init() Esto garantiza que la memoria asignada por ioremap para adev->rmmio se maneje correctamente en amdgpu_device_init() . Si la función sale antes de tiempo debido a un error, la memoria no está asignada. Si la función se completa correctamente, la memoria permanece asignada. • https://git.kernel.org/stable/c/c5f9fe2c1e5023fa096189a8bfba6420aa035587 https://git.kernel.org/stable/c/14ac934db851642ea8cd1bd4121c788a8899ef69 https://git.kernel.org/stable/c/aa665c3a2aca2ffe31b9645bda278e96dfc3b55c https://git.kernel.org/stable/c/eb4f139888f636614dab3bcce97ff61cefc4b3a7 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35927 – drm: Check output polling initialized before disabling
https://notcve.org/view.php?id=CVE-2024-35927
In the Linux kernel, the following vulnerability has been resolved: drm: Check output polling initialized before disabling In drm_kms_helper_poll_disable() check if output polling support is initialized before disabling polling. If not flag this as a warning. Additionally in drm_mode_config_helper_suspend() and drm_mode_config_helper_resume() calls, that re the callers of these functions, avoid invoking them if polling is not initialized. For drivers like hyperv-drm, that do not initialize connector polling, if suspend is called without this check, it leads to suspend failure with following stack [ 770.719392] Freezing remaining freezable tasks ... (elapsed 0.001 seconds) done. [ 770.720592] printk: Suspending console(s) (use no_console_suspend to debug) [ 770.948823] ------------[ cut here ]------------ [ 770.948824] WARNING: CPU: 1 PID: 17197 at kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230 [ 770.948831] Modules linked in: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms_helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct10dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod [ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep Not tainted 5.14.0-362.2.1.el9_3.x86_64 #1 [ 770.948865] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 05/09/2022 [ 770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230 [ 770.948869] Code: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 84 00 [ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [ 770.948871] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [ 770.948874] R10: 0000000000000200 R11: 0000000000000000 R12: ffff9aad82b00330 [ 770.948874] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000001 [ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:0000000000000000 [ 770.948878] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [ 770.948879] Call Trace: [ 770.948880] <TASK> [ 770.948881] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948884] ? show_trace_log_lvl+0x1c4/0x2df [ 770.948886] ? • https://git.kernel.org/stable/c/786c27982a39d79cc753f84229eb5977ac8ef1c1 https://git.kernel.org/stable/c/4ad8d57d902fbc7c82507cfc1b031f3a07c3de6e https://git.kernel.org/stable/c/3d1b47e3a935abd4f258a945db87e7267ff4079c https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545 https://git.kernel.org/stable/c/5abffb66d12bcac84bf7b66389c571b8bb6e82bd •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35926 – crypto: iaa - Fix async_disable descriptor leak
https://notcve.org/view.php?id=CVE-2024-35926
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix async_disable descriptor leak The disable_async paths of iaa_compress/decompress() don't free idxd descriptors in the async_disable case. Currently this only happens in the testcases where req->dst is set to null. Add a test to free them in those paths. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: iaa - Reparar la fuga del descriptor async_disable Las rutas enable_async de iaa_compress/decompress() no liberan los descriptores idxd en el caso async_disable. Actualmente, esto solo sucede en los casos de prueba donde req->dst está establecido en nulo. • https://git.kernel.org/stable/c/d994f7d77aaded05dc05af58a2720fd4f4b72a83 https://git.kernel.org/stable/c/262534ddc88dfea7474ed18adfecf856e4fbe054 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35925 – block: prevent division by zero in blk_rq_stat_sum()
https://notcve.org/view.php?id=CVE-2024-35925
In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloquear: evitar la división por cero en blk_rq_stat_sum() La expresión dst->nr_samples + src->nr_samples puede tener un valor cero en caso de desbordamiento. Es necesario agregar un cheque para evitar la división por cero. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con Svace. • https://git.kernel.org/stable/c/6a55dab4ac956deb23690eedd74e70b892a378e7 https://git.kernel.org/stable/c/edd073c78d2bf48c5b8bf435bbc3d61d6e7c6c14 https://git.kernel.org/stable/c/b0cb5564c3e8e0ee0a2d28c86fa7f02e82d64c3c https://git.kernel.org/stable/c/21e7d72d0cfcbae6042d498ea2e6f395311767f8 https://git.kernel.org/stable/c/512a01da7134bac8f8b373506011e8aaa3283854 https://git.kernel.org/stable/c/5f7fd6aa4c4877d77133ea86c14cf256f390b2fe https://git.kernel.org/stable/c/98ddf2604ade2d954bf5ec193600d5274a43fd68 https://git.kernel.org/stable/c/93f52fbeaf4b676b21acfe42a5152620e •