CVE-2024-38620 – Bluetooth: HCI: Remove HCI_AMP support
https://notcve.org/view.php?id=CVE-2024-38620
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Remove HCI_AMP support Since BT_HS has been remove HCI_AMP controllers no longer has any use so remove it along with the capability of creating AMP controllers. Since we no longer need to differentiate between AMP and Primary controllers, as only HCI_PRIMARY is left, this also remove hdev->dev_type altogether. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: HCI: eliminar la compatibilidad con HCI_AMP Dado que se eliminó BT_HS, los controladores HCI_AMP ya no tienen ningún uso, así que elimínelos junto con la capacidad de crear controladores AMP. Como ya no necesitamos diferenciar entre los controladores AMP y primarios, ya que solo queda HCI_PRIMARY, esto también elimina hdev->dev_type por completo. • https://git.kernel.org/stable/c/244bc377591c3882f454882357bc730c90cbedb5 https://git.kernel.org/stable/c/5af2e235b0d5b797e9531a00c50058319130e156 https://git.kernel.org/stable/c/d3c7b012d912b31ad23b9349c0e499d6dddd48ec https://git.kernel.org/stable/c/af1d425b6dc67cd67809f835dd7afb6be4d43e03 https://git.kernel.org/stable/c/84a4bb6548a29326564f0e659fb8064503ecc1c7 •
CVE-2024-38619 – usb-storage: alauda: Check whether the media is initialized
https://notcve.org/view.php?id=CVE-2024-38619
In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). - Add a member "media_initialized" to struct alauda_info. - Change a condition in alauda_check_media() to ensure the first initialization. - Add an error check for the return value of alauda_init_media(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb-storage: alauda: compruebe si el medio está inicializado. El miembro "uzonesize" de la estructura alauda_info permanecerá 0 si alauda_init_media() falla, lo que podría provocar errores de división en alauda_read_data() y alauda_write_lba(). - Agregue un miembro "media_initialized" a la estructura alauda_info. - Cambiar una condición en alauda_check_media() para asegurar la primera inicialización. - Agregue una verificación de errores para el valor de retorno de alauda_init_media(). • https://git.kernel.org/stable/c/e80b0fade09ef1ee67b0898d480d4c588f124d5f https://git.kernel.org/stable/c/e0aab7b07a9375337847c9d74a5ec044071e01c8 https://git.kernel.org/stable/c/51fe16c058acb22f847e69bc598066ed0bcd5c15 https://git.kernel.org/stable/c/f68820f1256b21466ff094dd97f243b7e708f9c1 https://git.kernel.org/stable/c/3eee13ab67f65606faa66e0c3c729e4f514838fd https://git.kernel.org/stable/c/e0e2eec76920a133dd49a4fbe4656d83596a1361 https://git.kernel.org/stable/c/2cc32639ec347e3365075b130f9953ef16cb13f1 https://git.kernel.org/stable/c/24bff7f714bdff97c2a75a0ff6a368cdf • CWE-457: Use of Uninitialized Variable •
CVE-2021-47612 – nfc: fix segfault in nfc_genl_dump_devices_done
https://notcve.org/view.php?id=CVE-2021-47612
In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/2014 Workqueue: events netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Call Trace: <TASK> class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 netlink_sock_destruct+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 process_one_work+0x411/0x710 worker_thread+0x6fd/0xa80 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfc: corrige el error de segmentación en nfc_genl_dump_devices_done Cuando falla kmalloc en nfc_genl_dump_devices(), entonces el error de segmentación de nfc_genl_dump_devices_done() se muestra a continuación KASAN: null-ptr-deref en el rango [0x0000000000000008-0x00 0000000000000f] CPU: 0 PID : 25 Comm: kworker/0:1 Not tainted 5.16.0-rc4-01180-g2a987e65025e-dirty #5 Nombre del hardware: PC estándar QEMU (i440FX + PIIX, 1996), BIOS 1.14.0-6.fc35 04/01/ 2014 Cola de trabajo: eventos netlink_sock_destruct_work RIP: 0010:klist_iter_exit+0x26/0x80 Seguimiento de llamadas: class_dev_iter_exit+0x15/0x20 nfc_genl_dump_devices_done+0x3b/0x50 genl_lock_done+0x84/0xd0 estructura+0x8f/0x270 __sk_destruct+0x64/0x3b0 sk_destruct+0xa8/0xd0 __sk_free+0x2e8/0x3d0 sk_free+0x51/0x90 netlink_sock_destruct_work+0x1c/0x20 Process_one_work+0x411/0x710 trabajador_thread+0x6fd/0xa80 • https://git.kernel.org/stable/c/ea55b3797878752aa076b118afb727dcf79cac34 https://git.kernel.org/stable/c/214af18abbe39db05beb305b2d11e87d09a6529c https://git.kernel.org/stable/c/6644989642844de830f9b072cd65c553cb55946c https://git.kernel.org/stable/c/2a8845b9603c545fddd17862282dc4c4ce0971e3 https://git.kernel.org/stable/c/d731ecc6f2eaec68f4ad1542283bbc7d07bd0112 https://git.kernel.org/stable/c/c602863ad28ec86794cb4ab4edea5324f555f181 https://git.kernel.org/stable/c/d89e4211b51752daf063d638af50abed2fd5f96d https://git.kernel.org/stable/c/fd79a0cbf0b2e34bcc45b13acf962e203 •
CVE-2021-47610 – drm/msm: Fix null ptr access msm_ioctl_gem_submit()
https://notcve.org/view.php?id=CVE-2021-47610
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix null ptr access msm_ioctl_gem_submit() Fix the below null pointer dereference in msm_ioctl_gem_submit(): 26545.260705: Call trace: 26545.263223: kref_put+0x1c/0x60 26545.266452: msm_ioctl_gem_submit+0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 26545.282428: __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: el0_svc_compat+0x10/0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Code: d503201f d503201f 52800028 4b0803e8 (b8680008) 26545.318799: Kernel panic - not syncing: Oops: Fatal exception En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm: corrige el acceso ptr nulo msm_ioctl_gem_submit() Corrige la siguiente desreferencia del puntero nulo en msm_ioctl_gem_submit(): 26545.260705: Rastreo de llamadas: 26545.263223: kref_put+0x1c/0x60 26545.266452 msm: _ioctl_gem_submit+ 0x254/0x744 26545.270937: drm_ioctl_kernel+0xa8/0x124 26545.274976: drm_ioctl+0x21c/0x33c 26545.278478: drm_compat_ioctl+0xdc/0xf0 : __arm64_compat_sys_ioctl+0xc8/0x100 26545.287169: el0_svc_common+0xf8/0x250 26545.291025: do_el0_svc_compat+0x28/0x54 26545.295066: 0 /0x1c 26545.298838: el0_sync_compat_handler+0xa8/0xcc 26545.303403: el0_sync_compat+0x188/0x1c0 26545.307445: Código: d503201f d503201f 52800028 4b0803e8 680008) 26545.318799: Pánico del kernel: no se sincroniza: Ups: excepción fatal • https://git.kernel.org/stable/c/f6db3d98f876870c35e96693cfd54752f6199e59 https://git.kernel.org/stable/c/26d776fd0f79f093a5d0ce1a4c7c7a992bc3264c •
CVE-2021-47606 – net: netlink: af_netlink: Prevent empty skb by adding a check on len.
https://notcve.org/view.php?id=CVE-2021-47606
In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0 and skb->data_len=0 in the randomized corruption step as shown below. skb->data[prandom_u32() % skb_headlen(skb)] ^= 1<<(prandom_u32() % 8); Crash Report: [ 343.170349] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 343.216110] netem: version 1.3 [ 343.235841] divide error: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 343.236680] CPU: 3 PID: 4288 Comm: reproducer Not tainted 5.16.0-rc1+ [ 343.237569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.0-2.el7 04/01/2014 [ 343.238707] RIP: 0010:netem_enqueue+0x1590/0x33c0 [sch_netem] [ 343.239499] Code: 89 85 58 ff ff ff e8 5f 5d e9 d3 48 8b b5 48 ff ff ff 8b 8d 50 ff ff ff 8b 85 58 ff ff ff 48 8b bd 70 ff ff ff 31 d2 2b 4f 74 <f7> f1 48 b8 00 00 00 00 00 fc ff df 49 01 d5 4c 89 e9 48 c1 e9 03 [ 343.241883] RSP: 0018:ffff88800bcd7368 EFLAGS: 00010246 [ 343.242589] RAX: 00000000ba7c0a9c RBX: 0000000000000001 RCX: 0000000000000000 [ 343.243542] RDX: 0000000000000000 RSI: ffff88800f8edb10 RDI: ffff88800f8eda40 [ 343.244474] RBP: ffff88800bcd7458 R08: 0000000000000000 R09: ffffffff94fb8445 [ 343.245403] R10: ffffffff94fb8336 R11: ffffffff94fb8445 R12: 0000000000000000 [ 343.246355] R13: ffff88800a5a7000 R14: ffff88800a5b5800 R15: 0000000000000020 [ 343.247291] FS: 00007fdde2bd7700(0000) GS:ffff888109780000(0000) knlGS:0000000000000000 [ 343.248350] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 343.249120] CR2: 00000000200000c0 CR3: 000000000ef4c000 CR4: 00000000000006e0 [ 343.250076] Call Trace: [ 343.250423] <TASK> [ 343.250713] ? memcpy+0x4d/0x60 [ 343.251162] ? netem_init+0xa0/0xa0 [sch_netem] [ 343.251795] ? __sanitizer_cov_trace_pc+0x21/0x60 [ 343.252443] netem_enqueue+0xe28/0x33c0 [sch_netem] [ 343.253102] ? • https://git.kernel.org/stable/c/c54a60c8fbaa774f828e26df79f66229a8a0e010 https://git.kernel.org/stable/c/40cf2e058832d9cfaae98dfd77334926275598b6 https://git.kernel.org/stable/c/54e785f7d5c197bc06dbb8053700df7e2a093ced https://git.kernel.org/stable/c/ff3f517bf7138e01a17369042908a3f345c0ee41 https://git.kernel.org/stable/c/c0315e93552e0d840e9edc6abd71c7db82ec8f51 https://git.kernel.org/stable/c/dadce61247c6230489527cc5e343b6002d1114c5 https://git.kernel.org/stable/c/4c986072a8c9249b9398c7a18f216dc26a9f0e35 https://git.kernel.org/stable/c/f123cffdd8fe8ea6c7fded4b88516a427 • CWE-369: Divide By Zero •