CVE-2024-42288 – scsi: qla2xxx: Fix for possible memory corruption
https://notcve.org/view.php?id=CVE-2024-42288
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB • https://git.kernel.org/stable/c/dae67169cb35a37ecccf60cfcd6bf93a1f4f5efb https://git.kernel.org/stable/c/87db8d7b7520e99de71791260989f06f9c94953d https://git.kernel.org/stable/c/b0302ffc74123b6a99d7d1896fcd9b2e4072d9ce https://git.kernel.org/stable/c/2a15b59a2c5afac89696e44acf5bbfc0599c6c5e https://git.kernel.org/stable/c/571d7f2a08836698c2fb0d792236424575b9829b https://git.kernel.org/stable/c/8192c533e89d9fb69b2490398939236b78cda79b https://git.kernel.org/stable/c/c03d740152f78e86945a75b2ad541bf972fab92a •
CVE-2024-42287 – scsi: qla2xxx: Complete command early within lock
https://notcve.org/view.php?id=CVE-2024-42287
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOPTI RIP: 0010:dma_direct_unmap_sg+0x51/0x1e0 RSP: 0018:ffffc90026f47b88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000021 RCX: 0000000000000002 RDX: 0000000000000021 RSI: 0000000000000000 RDI: ffff8881041130d0 RBP: ffff8881041130d0 R08: 0000000000000000 R09: 0000000000000034 R10: ffffc90026f47c48 R11: 0000000000000031 R12: 0000000000000000 R13: 0000000000000000 R14: ffff8881565e4a20 R15: 0000000000000000 FS: 00007f4c69ed3d00(0000) GS:ffff889faac80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000001c CR3: 0000000288a50002 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die_body+0x1a/0x60 ? page_fault_oops+0x16f/0x4a0 ? do_user_addr_fault+0x174/0x7f0 ? exc_page_fault+0x69/0x1a0 ? • https://git.kernel.org/stable/c/9189f20b4c5307c0998682bb522e481b4567a8b8 https://git.kernel.org/stable/c/231cfa78ec5badd84a1a2b09465bfad1a926aba1 https://git.kernel.org/stable/c/d6f7377528d2abf338e504126e44439541be8f7d https://git.kernel.org/stable/c/cd0a1804ac5bab2545ac700c8d0fe9ae9284c567 https://git.kernel.org/stable/c/0367076b0817d5c75dfb83001ce7ce5c64d803a9 https://git.kernel.org/stable/c/415d614344a4f1bbddf55d724fc7eb9ef4b39aad https://git.kernel.org/stable/c/af46649304b0c9cede4ccfc2be2561ce8ed6a2ea https://git.kernel.org/stable/c/57ba7563712227647f82a92547e82c96c •
CVE-2024-42286 – scsi: qla2xxx: validate nvme_local_port correctly
https://notcve.org/view.php?id=CVE-2024-42286
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_register_fcport_fn [qla2xxx] RIP: 0010:nvme_fc_register_remoteport+0x16/0x430 [nvme_fc] RSP: 0018:ffffaaa040eb3d98 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff9dfb46b78c00 RCX: 0000000000000000 RDX: ffff9dfb46b78da8 RSI: ffffaaa040eb3e08 RDI: 0000000000000000 RBP: ffff9dfb612a0a58 R08: ffffffffaf1d6270 R09: 3a34303a30303030 R10: 34303a303030305b R11: 2078787832616c71 R12: ffff9dfb46b78dd4 R13: ffff9dfb46b78c24 R14: ffff9dfb41525300 R15: ffff9dfb46b78da8 FS: 0000000000000000(0000) GS:ffff9dfc67c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000070 CR3: 000000018da10004 CR4: 00000000000206f0 Call Trace: qla_nvme_register_remote+0xeb/0x1f0 [qla2xxx] ? qla2x00_dfs_create_rport+0x231/0x270 [qla2xxx] qla2x00_update_fcport+0x2a1/0x3c0 [qla2xxx] qla_register_fcport_fn+0x54/0xc0 [qla2xxx] Exit the qla_nvme_register_remote() function when qla_nvme_register_hba() fails and correctly validate nvme_local_port. • https://git.kernel.org/stable/c/549aac9655320c9b245a24271b204668c5d40430 https://git.kernel.org/stable/c/e1f010844443c389bc552884ac5cfa47de34d54c https://git.kernel.org/stable/c/a3ab508a4853a9f5ae25a7816a4889f09938f63c https://git.kernel.org/stable/c/cde43031df533751b4ead37d173922feee2f550f https://git.kernel.org/stable/c/7cec2c3bfe84539c415f5e16f989228eba1d2f1e https://git.kernel.org/stable/c/f6be298cc1042f24d521197af29c7c4eb95af4d5 https://git.kernel.org/stable/c/3eac973eb5cb2b874b3918f924798afc5affd46b https://git.kernel.org/stable/c/eb1d4ce2609584eeb7694866f34d4b213 •
CVE-2024-42285 – RDMA/iwcm: Fix a use-after-free related to destroying CM IDs
https://notcve.org/view.php?id=CVE-2024-42285
In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs iw_conn_req_handler() associates a new struct rdma_id_private (conn_id) with an existing struct iw_cm_id (cm_id) as follows: conn_id->cm_id.iw = cm_id; cm_id->context = conn_id; cm_id->cm_handler = cma_iw_handler; rdma_destroy_id() frees both the cm_id and the struct rdma_id_private. Make sure that cm_work_handler() does not trigger a use-after-free by only freeing of the struct rdma_id_private after all pending work has finished. • https://git.kernel.org/stable/c/59c68ac31e15ad09d2cb04734e3c8c544a95f8d4 https://git.kernel.org/stable/c/d91d253c87fd1efece521ff2612078a35af673c6 https://git.kernel.org/stable/c/7f25f296fc9bd0435be14e89bf657cd615a23574 https://git.kernel.org/stable/c/94ee7ff99b87435ec63211f632918dc7f44dac79 https://git.kernel.org/stable/c/557d035fe88d78dd51664f4dc0e1896c04c97cf6 https://git.kernel.org/stable/c/dc8074b8901caabb97c2d353abd6b4e7fa5a59a5 https://git.kernel.org/stable/c/ff5bbbdee08287d75d72e65b72a2b76d9637892a https://git.kernel.org/stable/c/ee39384ee787e86e9db4efb843818ef0e •
CVE-2024-42284 – tipc: Return non-zero value from tipc_udp_addr2str() on error
https://notcve.org/view.php?id=CVE-2024-42284
In the Linux kernel, the following vulnerability has been resolved: tipc: Return non-zero value from tipc_udp_addr2str() on error tipc_udp_addr2str() should return non-zero value if the UDP media address is invalid. Otherwise, a buffer overflow access can occur in tipc_media_addr_printf(). Fix this by returning 1 on an invalid UDP media address. • https://git.kernel.org/stable/c/d0f91938bede204a343473792529e0db7d599836 https://git.kernel.org/stable/c/7ec3335dd89c8d169e9650e4bac64fde71fdf15b https://git.kernel.org/stable/c/253405541be2f15ffebdeac2f4cf4b7e9144d12f https://git.kernel.org/stable/c/aa38bf74899de07cf70b50cd17f8ad45fb6654c8 https://git.kernel.org/stable/c/5eea127675450583680c8170358bcba43227bd69 https://git.kernel.org/stable/c/728734352743a78b4c5a7285b282127696a4a813 https://git.kernel.org/stable/c/76ddf84a52f0d8ec3f5db6ccce08faf202a17d28 https://git.kernel.org/stable/c/2abe350db1aa599eeebc6892237d0bce0 • CWE-393: Return of Wrong Status Code •