CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56569 – ftrace: Fix regression with module command in stack_trace_filter
https://notcve.org/view.php?id=CVE-2024-56569
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. • https://git.kernel.org/stable/c/04ec7bb642b77374b53731b795b5654b5aff1c00 https://git.kernel.org/stable/c/43ca32ce12888fb0eeb2d74dfc558dea60d3473e https://git.kernel.org/stable/c/5dabb7af57bc72308a6e2e81a5dd756eef283803 https://git.kernel.org/stable/c/885109aa0c70639527dd6a65c82e63c9ac055e3d https://git.kernel.org/stable/c/7ae27880de3482e063fcc1f72d9a298d0d391407 https://git.kernel.org/stable/c/8a92dc4df89c50bdb26667419ea70e0abbce456e https://git.kernel.org/stable/c/19cacabdd5a8487ae566cbecb4d03bcb038a067e https://git.kernel.org/stable/c/45af52e7d3b8560f21d139b3759735eea •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56568 – iommu/arm-smmu: Defer probe of clients after smmu device bound
https://notcve.org/view.php?id=CVE-2024-56568
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment] • https://git.kernel.org/stable/c/021bb8420d44cf56102d44fca9af628625e75482 https://git.kernel.org/stable/c/c2527d07c7e9cda2c6165d5edccf74752baac1b0 https://git.kernel.org/stable/c/dc02407ea952e20c544a078a6be2e6f008327973 https://git.kernel.org/stable/c/f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5 https://git.kernel.org/stable/c/4a9485918a042e3114890dfbe19839a1897f8b2c https://git.kernel.org/stable/c/5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8 https://git.kernel.org/stable/c/229e6ee43d2a160a1592b83aad620d6027084aad •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56566 – mm/slub: Avoid list corruption when removing a slab from the full list
https://notcve.org/view.php?id=CVE-2024-56566
In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? • https://git.kernel.org/stable/c/643b113849d8faa68c9f01c3c9d929bfbffd50bd https://git.kernel.org/stable/c/33a213c04faff6c3a7fe77e947db81bc7270fe32 https://git.kernel.org/stable/c/943c0f601cd28c1073b92b5f944c6c6c2643e709 https://git.kernel.org/stable/c/dbc16915279a548a204154368da23d402c141c81 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56558 – nfsd: make sure exp active before svc_export_show
https://notcve.org/view.php?id=CVE-2024-56558
In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e • https://git.kernel.org/stable/c/bf18f163e89c52e09c96534db45c4274273a0b34 https://git.kernel.org/stable/c/e2fa0d0e327279a8defb87b263cd0bf288fd9261 https://git.kernel.org/stable/c/7fd29d284b55c2274f7a748e6c5f25b4758b8da5 https://git.kernel.org/stable/c/6cefcadd34e3c71c81ea64b899a0daa86314a51a https://git.kernel.org/stable/c/7d8f7816bebcd2e7400bb4d786eccb8f33c9f9ec https://git.kernel.org/stable/c/1cecfdbc6bfc89c516d286884c7f29267b95de2b https://git.kernel.org/stable/c/7365d1f8de63cffdbbaa2287ce0205438e1a922f https://git.kernel.org/stable/c/be8f982c369c965faffa198b46060f885 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56551 – drm/amdgpu: fix usage slab after free
https://notcve.org/view.php?id=CVE-2024-56551
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147 [ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008] <TASK> [ +0.000009] dump_stack_lvl+0x76/0xa0 [ +0.000017] print_report+0xce/0x5f0 [ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000019] ? srso_return_thunk+0x5/0x5f [ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200 [ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000019] kasan_report+0xbe/0x110 [ +0.000015] ? • https://git.kernel.org/stable/c/3990ef742c064e22189b954522930db04fc6b1a7 https://git.kernel.org/stable/c/6383199ada42d30562b4249c393592a2a9c38165 https://git.kernel.org/stable/c/b61badd20b443eabe132314669bb51a263982e5c •