CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38581 – drm/amdgpu/mes: fix use-after-free issue
https://notcve.org/view.php?id=CVE-2024-38581
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amdgpu/mes: soluciona el problema de use-after-free. Elimina el temporizador de reserva de valla para solucionar el problema de use-after-free. v2: pasar a amdgpu_mes.c A flaw was found in the Linux kernel. This issue is due to a possible use-after-free in drivers/gpu/drm/amd/amdgpu/amdgpu_mes.c. • https://git.kernel.org/stable/c/70b1bf6d9edc8692d241f59a65f073aec6d501de https://git.kernel.org/stable/c/39cfce75168c11421d70b8c0c65f6133edccb82a https://git.kernel.org/stable/c/0f98c144c15c8fc0f3176c994bd4e727ef718a5c https://git.kernel.org/stable/c/948255282074d9367e01908b3f5dcf8c10fc9c3d https://access.redhat.com/security/cve/CVE-2024-38581 https://bugzilla.redhat.com/show_bug.cgi?id=2293408 •
CVSS: 3.3EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38580 – epoll: be better about file lifetimes
https://notcve.org/view.php?id=CVE-2024-38580
In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting file pointer tear-down will be blocked until the poll returns, it means that f_count is already dead, and any use of it won't actually get a reference to the file any more: it's dead regardless. Make sure we have a valid ref on the file pointer before we call down to vfs_poll() from the epoll routines. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: epoll: mejore la duración de los archivos epoll puede llamar a vfs_poll() con un puntero de archivo que puede competir con el último 'fput()'. Eso haría que f_count bajara a cero, y aunque el bloqueo ep->mtx significa que el desmontaje del puntero del archivo resultante se bloqueará hasta que regrese la encuesta, significa que f_count ya está muerto y no se podrá utilizar. De hecho, ya no obtengo una referencia al archivo: está muerto de todos modos. • https://git.kernel.org/stable/c/cbfd1088e24ec4c1199756a37cb8e4cd0a4b016e https://git.kernel.org/stable/c/559214eb4e5c3d05e69428af2fae2691ba1eb784 https://git.kernel.org/stable/c/4f65f4defe4e23659275ce5153541cd4f76ce2d2 https://git.kernel.org/stable/c/16e3182f6322575eb7c12e728ad3c7986a189d5d https://git.kernel.org/stable/c/4efaa5acf0a1d2b5947f98abb3acf8bfd966422b https://access.redhat.com/security/cve/CVE-2024-38580 https://bugzilla.redhat.com/show_bug.cgi?id=2293412 •
CVSS: 4.4EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38579 – crypto: bcm - Fix pointer arithmetic
https://notcve.org/view.php?id=CVE-2024-38579
In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key_len to hash_iv_len. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: bcm - Arreglar la aritmética de punteros En spu2_dump_omd() el valor de ptr aumenta en ciph_key_len en lugar de hash_iv_len, lo que podría llevar a ir más allá de los límites del búfer. Corrija este error cambiando ciph_key_len a hash_iv_len. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/9d12ba86f818aa9cfe9f01b750336aa441f2ffa2 https://git.kernel.org/stable/c/c256b616067bfd6d274c679c06986b78d2402434 https://git.kernel.org/stable/c/e719c8991c161977a67197775067ab456b518c7b https://git.kernel.org/stable/c/ebed0d666fa709bae9e8cafa8ec6e7ebd1d318c6 https://git.kernel.org/stable/c/c69a1e4b419c2c466dd8c5602bdebadc353973dd https://git.kernel.org/stable/c/49833a8da6407e7e9b532cc4054fdbcaf78f5fdd https://git.kernel.org/stable/c/d0f14ae223c2421b334c1f1a9e48f1e809aee3a0 https://git.kernel.org/stable/c/c0082ee420639a97e40cae66778b02b34 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38578 – ecryptfs: Fix buffer size for tag 66 packet
https://notcve.org/view.php?id=CVE-2024-38578
In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes too small and write_tag_66_packet() will write up to 3 bytes past the end of the buffer. Fix this by increasing the size of the allocation so the whole packet will always fit in the buffer. This fixes the below kasan slab-out-of-bounds bug: BUG: KASAN: slab-out-of-bounds in ecryptfs_generate_key_packet_set+0x7d6/0xde0 Write of size 1 at addr ffff88800afbb2a5 by task touch/181 CPU: 0 PID: 181 Comm: touch Not tainted 6.6.13-gnu #1 4c9534092be820851bb687b82d1f92a426598dc6 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2/GNU Guix 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x4c/0x70 print_report+0xc5/0x610 ? ecryptfs_generate_key_packet_set+0x7d6/0xde0 ? kasan_complete_mode_report_info+0x44/0x210 ? ecryptfs_generate_key_packet_set+0x7d6/0xde0 kasan_report+0xc2/0x110 ? • https://git.kernel.org/stable/c/dddfa461fc8951f9b5f951c13565b6cac678635a https://git.kernel.org/stable/c/1c125b9287e58f364d82174efb167414b92b11f1 https://git.kernel.org/stable/c/235b85981051cd68fc215fd32a81c6f116bfc4df https://git.kernel.org/stable/c/edbfc42ab080e78c6907d40a42c9d10b69e445c1 https://git.kernel.org/stable/c/12db25a54ce6bb22b0af28010fff53ef9cb3fe93 https://git.kernel.org/stable/c/0d0f8ba042af16519f1ef7dd10463a33b21b677c https://git.kernel.org/stable/c/2ed750b7ae1b5dc72896d7dd114c419afd3d1910 https://git.kernel.org/stable/c/a20f09452e2f58f761d11ad7b96b5c894 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38577 – rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
https://notcve.org/view.php?id=CVE-2024-38577
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu-tasks: Corrige show_rcu_tasks_trace_gp_kthread desbordamiento del búfer. Existe la posibilidad de que se produzca un desbordamiento del búfer en show_rcu_tasks_trace_gp_kthread() si los contadores pasados a sprintf() son enormes. Los números de contador necesarios para esto son excesivamente altos, pero aún es posible un desbordamiento del búfer. • https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281 https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784 https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222 https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697 https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7 https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d09273 •