CVE-2024-42089 – ASoC: fsl-asoc-card: set priv->pdev before using it
https://notcve.org/view.php?id=CVE-2024-42089
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can correctly use pdev through priv. fsl_asoc_card_audmux_init() dereferences priv->pdev to get access to the dev struct, used with dev_err macros. As priv is zero-initialised, there would be a NULL pointer dereference. Note that if priv->dev is dereferenced before assignment but never used, for example if there is no error to be printed, the driver won't crash probably due to compiler optimisations. • https://git.kernel.org/stable/c/708b4351f08c08ea93f773fb9197bdd3f3b08273 https://git.kernel.org/stable/c/ae81535ce2503aabc4adab3472f4338070cdeb6a https://git.kernel.org/stable/c/8896e18b7c366f8faf9344abfd0971435f1c723a https://git.kernel.org/stable/c/3662eb2170e59b58ad479982dc1084889ba757b9 https://git.kernel.org/stable/c/544ab46b7ece6d6bebbdee5d5659c0a0f804a99a https://git.kernel.org/stable/c/8faf91e58425c2f6ce773250dfd995f1c2d461ac https://git.kernel.org/stable/c/29bc9e7c75398b0d12fc30955f2e9b2dd29ffaed https://git.kernel.org/stable/c/7c18b4d89ff9c810b6e562408afda5ce1 •
CVE-2024-42087 – drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep
https://notcve.org/view.php?id=CVE-2024-42087
In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiod_set_value() function. This complains loudly when the GPIO controller needs to sleep. As the caller can sleep, use gpiod_set_value_cansleep() to fix the issue. • https://git.kernel.org/stable/c/b71348be1236398be2d04c5e145fd6eaae86a91b https://git.kernel.org/stable/c/98686ec1824728ff41d7b358131f7d0227c2ba2a https://git.kernel.org/stable/c/cae52f61fda0f5d2949dc177f984c9e187d4c6a0 https://git.kernel.org/stable/c/489f38de3375ab84b3d269d0a1d64d6ee95d7044 https://git.kernel.org/stable/c/5f41401219fbe7663b3cf65ebd4ed95ebbb8ffb9 https://git.kernel.org/stable/c/1618f7a875ffd916596392fd29880c0429b8af60 https://git.kernel.org/stable/c/e646402bf82145349fcf5dcbe395afaf02a8ce47 https://git.kernel.org/stable/c/ee7860cd8b5763017f8dc785c2851fecb •
CVE-2024-42086 – iio: chemical: bme680: Fix overflows in compensate() functions
https://notcve.org/view.php?id=CVE-2024-42086
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications were initially discussed here [1] and they were mentioned in log message of Commit 1b3bd8592780 ("iio: chemical: Add support for Bosch BME680 sensor"). [1]: https://lore.kernel.org/linux-iio/20180728114028.3c1bbe81@archlinux/ • https://git.kernel.org/stable/c/1b3bd8592780c87c5eddabbe98666b086bbaee36 https://git.kernel.org/stable/c/6fa31bbe2ea8665ee970258eb8320cbf231dbe9e https://git.kernel.org/stable/c/b0af334616ed425024bf220adda0f004806b5feb https://git.kernel.org/stable/c/c326551e99f5416986074ce78bef94f6a404b517 https://git.kernel.org/stable/c/7a13d1357658d3a3c1cd7b3b9543c805a6e5e6e9 https://git.kernel.org/stable/c/ba1bb3e2a38a7fef1c1818dd4f2d9abbfdde553a https://git.kernel.org/stable/c/b5967393d50e3c6e632efda3ea3fdde14c1bfd0e https://git.kernel.org/stable/c/3add41bbda92938e9a528d74659dfc552 •
CVE-2024-42085 – usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock
https://notcve.org/view.php?id=CVE-2024-42085
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem > /sys/power/state There will be a deadlock issue occurring. Detailed invoking path as below: dwc3_suspend_common() spin_lock_irqsave(&dwc->lock, flags); <-- 1st dwc3_gadget_suspend(dwc); dwc3_gadget_soft_disconnect(dwc); spin_lock_irqsave(&dwc->lock, flags); <-- 2nd This issue is exposed by commit c7ebd8149ee5 ("usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend") that removes the code of checking whether dwc->gadget_driver is NULL or not. It causes the following code is executed and deadlock occurs when trying to get the spinlock. In fact, the root cause is the commit 5265397f9442("usb: dwc3: Remove DWC3 locking during gadget suspend/resume") that forgot to remove the lock of otg mode. So, remove the redundant lock of otg mode during gadget suspend/resume. • https://git.kernel.org/stable/c/2fa487a9466760a4fb6f147aed6219379dabfc2e https://git.kernel.org/stable/c/5265397f94424eaea596026fd34dc7acf474dcec https://git.kernel.org/stable/c/7026576e89094aa9a0062aa6d10cba18aa99944c https://git.kernel.org/stable/c/d77e2b5104c51d3668b9717c825a4a06998efe63 https://git.kernel.org/stable/c/17e2956633ca560b95f1cbbb297cfc2adf650649 https://git.kernel.org/stable/c/f1274cfab183e69a7c7bafffcb4f50703c876276 https://git.kernel.org/stable/c/7838de15bb700c2898a7d741db9b1f3cbc86c136 •
CVE-2024-42084 – ftruncate: pass a signed offset
https://notcve.org/view.php?id=CVE-2024-42084
In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the compat syscall to the signed compat_off_t changes the behavior so it instead returns -EINVAL. The native entry point, the truncate() syscall and the corresponding loff_t based variants are all correct already and do not suffer from this mistake. An unexpected file truncate flaw was found when opening files with specific parameters in the Linux kernel's file-system. This vulnerability allows a local user to corrupt specific files when having access to these files. • https://git.kernel.org/stable/c/3f6d078d4accfff8b114f968259a060bfdc7c682 https://git.kernel.org/stable/c/c329760749b5419769e57cb2be80955d2805f9c9 https://git.kernel.org/stable/c/f531d4bc6c5588d713359e42ed65e46816d841d8 https://git.kernel.org/stable/c/84bf6b64a1a0dfc6de7e1b1c776d58d608e7865a https://git.kernel.org/stable/c/dbb226d81cd02cee140139c2369791e6f61f2007 https://git.kernel.org/stable/c/5ae6af68410bdad6181ec82104bb9985a7a6a0fa https://git.kernel.org/stable/c/836359247b0403e0634bfbc83e5bb8063fad287a https://git.kernel.org/stable/c/930a4c369f74da26816eaaa71b5888d29 • CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') •