CVE-2024-43861 – net: usb: qmi_wwan: fix memory leak for not ip packets
https://notcve.org/view.php?id=CVE-2024-43861
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. • https://git.kernel.org/stable/c/c6adf77953bcec0ad63d7782479452464e50f7a3 https://git.kernel.org/stable/c/3c90a69533b5bba73401ef884d033ea49ee99662 https://git.kernel.org/stable/c/37c093449704017870604994ba9b813cdb9475a4 https://git.kernel.org/stable/c/e87f52225e04a7001bf55bbd7a330fa4252327b5 https://git.kernel.org/stable/c/c4251a3deccad852b27e60625f31fba6cc14372f https://git.kernel.org/stable/c/da518cc9b64df391795d9952aed551e0f782e446 https://git.kernel.org/stable/c/f2c353227de14b0289298ffc3ba92058c4768384 https://git.kernel.org/stable/c/c6c5b91424fafc0f83852d961c10c7e43 •
CVE-2024-43860 – remoteproc: imx_rproc: Skip over memory region when node value is NULL
https://notcve.org/view.php?id=CVE-2024-43860
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Skip over memory region when node value is NULL In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts number of phandles. But phandles may be empty. So of_parse_phandle() in the parsing loop (0 < a < nph) may return NULL which is later dereferenced. Adjust this issue by adding NULL-return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. [Fixed title to fit within the prescribed 70-75 charcters] • https://git.kernel.org/stable/c/a0ff4aa6f010801b2a61c203c6e09d01b110fddf https://git.kernel.org/stable/c/6884fd0283e0831be153fb8d82d9eda8a55acaaa https://git.kernel.org/stable/c/84beb7738459cac0ff9f8a7c4654b8ff82a702c0 https://git.kernel.org/stable/c/6b50462b473fdccdc0dfad73001147e40ff19a66 https://git.kernel.org/stable/c/4e13b7c23988c0a13fdca92e94296a3bc2ff9f21 https://git.kernel.org/stable/c/9a17cf8b2ce483fa75258bc2cdcf628f24bcf5f8 https://git.kernel.org/stable/c/6c9ea3547fad252fe9ae5d3ed7e066e2085bf3a2 https://git.kernel.org/stable/c/c877a5f5268d4ab8224b9c9fbce3d746e •
CVE-2024-43858 – jfs: Fix array-index-out-of-bounds in diFree
https://notcve.org/view.php?id=CVE-2024-43858
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/55b732c8b09b41148eaab2fa8e31b0af47671e00 https://git.kernel.org/stable/c/9b3a4345957f5372041bc4f59de322f62653e862 https://git.kernel.org/stable/c/538a27c8048f081a5ddd286f886eb986fbbc7f80 https://git.kernel.org/stable/c/63f7fdf733add82f126ea00e2e48f6eba15ac4b9 https://git.kernel.org/stable/c/8d8f9a477de0d7962342eedf2a599215b7c63d28 https://git.kernel.org/stable/c/ff14eadc278663cac69d57d3ca7fb2f394e1f8a7 https://git.kernel.org/stable/c/6aa6892a90a5a7fabffe5692ab9f06a7a •
CVE-2024-43856 – dma: fix call order in dmam_free_coherent
https://notcve.org/view.php?id=CVE-2024-43856
In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to make an allocation with the same vaddr and add it to the devres list. If this happens, there will be two entries in the devres list with the same vaddr and devres_destroy() can free the wrong entry, triggering the WARN_ON() in dmam_match. Fix by destroying the devres entry before freeing the DMA allocation. kokonut //net/encryption http://sponge2/b9145fe6-0f72-4325-ac2f-a84d81075b03 • https://git.kernel.org/stable/c/9ac7849e35f705830f7b016ff272b0ff1f7ff759 https://git.kernel.org/stable/c/fe2d246080f035e0af5793cb79067ba125e4fb63 https://git.kernel.org/stable/c/2f7bbdc744f2e7051d1cb47c8e082162df1923c9 https://git.kernel.org/stable/c/257193083e8f43907e99ea633820fc2b3bcd24c7 https://git.kernel.org/stable/c/87b34c8c94e29fa01d744e5147697f592998d954 https://git.kernel.org/stable/c/f993a4baf6b622232e4c190d34c220179e5d61eb https://git.kernel.org/stable/c/1fe97f68fce1ba24bf823bfb0eb0956003473130 https://git.kernel.org/stable/c/22094f5f52e7bc16c5bf9613365049383 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-43854 – block: initialize integrity buffer to zero before writing it to media
https://notcve.org/view.php?id=CVE-2024-43854
In the Linux kernel, the following vulnerability has been resolved: block: initialize integrity buffer to zero before writing it to media Metadata added by bio_integrity_prep is using plain kmalloc, which leads to random kernel memory being written media. For PI metadata this is limited to the app tag that isn't used by kernel generated metadata, but for non-PI metadata the entire buffer leaks kernel memory. Fix this by adding the __GFP_ZERO flag to allocations for writes. • https://git.kernel.org/stable/c/7ba1ba12eeef0aa7113beb16410ef8b7c748e18b https://git.kernel.org/stable/c/9f4af4cf08f9a0329ade3d938f55d2220c40d0a6 https://git.kernel.org/stable/c/129f95948a96105c1fad8e612c9097763e88ac5f https://git.kernel.org/stable/c/3fd11fe4f20756b4c0847f755a64cd96f8c6a005 https://git.kernel.org/stable/c/cf6b45ea7a8df0f61bded1dc4a8561ac6ad143d2 https://git.kernel.org/stable/c/d418313bd8f55c079a7da12651951b489a638ac1 https://git.kernel.org/stable/c/23a19655fb56f241e592041156dfb1c6d04da644 https://git.kernel.org/stable/c/ebc0e91ba76dc6544fff9f5b66408b198 • CWE-401: Missing Release of Memory after Effective Lifetime •