CVE-2024-43828 – ext4: fix infinite loop when replaying fast_commit
https://notcve.org/view.php?id=CVE-2024-43828
In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializing the 'es' variable. Because 'es' contains garbage, an integer overflow may happen causing an infinite loop in this function, easily reproducible using fstest generic/039. This commit fixes this issue by unconditionally initializing the structure in function ext4_es_find_extent_range(). Thanks to Zhang Yi, for figuring out the real problem! • https://git.kernel.org/stable/c/8016e29f4362e285f0f7e38fadc61a5b7bdfdfa2 https://git.kernel.org/stable/c/5ed0496e383cb6de120e56991385dce70bbb87c1 https://git.kernel.org/stable/c/0619f7750f2b178a1309808832ab20d85e0ad121 https://git.kernel.org/stable/c/181e63cd595c688194e07332f9944b3a63193de2 https://git.kernel.org/stable/c/c6e67df64783e99a657ef2b8c834ba2bf54c539c https://git.kernel.org/stable/c/81f819c537d29932e4b9267f02411cbc8b355178 https://git.kernel.org/stable/c/907c3fe532253a6ef4eb9c4d67efb71fab58c706 •
CVE-2024-43826 – nfs: pass explicit offset/count to trace events
https://notcve.org/view.php?id=CVE-2024-43826
In the Linux kernel, the following vulnerability has been resolved: nfs: pass explicit offset/count to trace events nfs_folio_length is unsafe to use without having the folio locked and a check for a NULL ->f_mapping that protects against truncations and can lead to kernel crashes. E.g. when running xfstests generic/065 with all nfs trace points enabled. Follow the model of the XFS trace points and pass in an explŃ–cit offset and length. This has the additional benefit that these values can be more accurate as some of the users touch partial folio ranges. • https://git.kernel.org/stable/c/eb5654b3b89d5e836312cea9f3fdb49457852e89 https://git.kernel.org/stable/c/387e6e9d110250946df4d4ebef9c2def5c7a4722 https://git.kernel.org/stable/c/fada32ed6dbc748f447c8d050a961b75d946055a https://access.redhat.com/security/cve/CVE-2024-43826 https://bugzilla.redhat.com/show_bug.cgi?id=2305484 • CWE-476: NULL Pointer Dereference •
CVE-2024-43824 – PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init()
https://notcve.org/view.php?id=CVE-2024-43824
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() Instead of getting the epc_features from pci_epc_get_features() API, use the cached pci_epf_test::epc_features value to avoid the NULL check. Since the NULL check is already performed in pci_epf_test_bind(), having one more check in pci_epf_test_core_init() is redundant and it is not possible to hit the NULL pointer dereference. Also with commit a01e7214bef9 ("PCI: endpoint: Remove "core_init_notifier" flag"), 'epc_features' got dereferenced without the NULL check, leading to the following false positive Smatch warning: drivers/pci/endpoint/functions/pci-epf-test.c:784 pci_epf_test_core_init() error: we previously assumed 'epc_features' could be null (see line 747) Thus, remove the redundant NULL check and also use the epc_features:: {msix_capable/msi_capable} flags directly to avoid local variables. [kwilczynski: commit log] • https://git.kernel.org/stable/c/5e50ee27d4a52a817ab152128c48690ec7c5cdf1 https://git.kernel.org/stable/c/af4ad016abb1632ff7ee598a6037952b495e5b80 https://git.kernel.org/stable/c/5a5095a8bd1bd349cce1c879e5e44407a34dda8a •
CVE-2024-43823 – PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs()
https://notcve.org/view.php?id=CVE-2024-43823
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and pci_parse_request_of_pci_ranges() will just emit a warning. This will cause a NULL pointer dereference. Fix this bug by adding NULL return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/0f71c60ffd26943fa9646aa73ad7889ace116ce2 https://git.kernel.org/stable/c/bbba48ad67c53feea05936ea1e029dcca8057506 https://git.kernel.org/stable/c/0a6f1b5fe8ef8268aaa069035639968ceeea0a23 https://git.kernel.org/stable/c/dbcdd1863ba2ec9b76ec131df25d797709e05597 https://git.kernel.org/stable/c/a231707a91f323af1e5d9f1722055ec2fc1c7775 •
CVE-2024-43821 – scsi: lpfc: Fix a possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-43821
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functions that use this pointer, there are dereferencing operations, leading to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, use scnprintf to notify the user and return len. • https://git.kernel.org/stable/c/479b0917e4477f49df2e3be454aac3cfa5dec171 https://git.kernel.org/stable/c/57600a7dd2b52c904f7c8d2cac0fd8c23868e680 https://git.kernel.org/stable/c/45b2a23e00d448a9e6d1f371ca3a4d4b073fe78c https://git.kernel.org/stable/c/5e0bf3e8aec2cbc51123f84b29aaacbd91fc56fa •