CVSS: 6.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52598 – s390/ptrace: handle setting of fpc register correctly
https://notcve.org/view.php?id=CVE-2023-52598
In the Linux kernel, the following vulnerability has been resolved: s390/ptrace: handle setting of fpc register correctly If the content of the floating point control (fpc) register of a traced process is modified with the ptrace interface the new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the tracing process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space fpc register value, however it will be discarded, when returning to user space. In result the tracer will incorrectly continue to run with the value that was supposed to be used for the traced process. Fix this by saving fpu register contents with save_fpu_regs() before using test_fp_ctl(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/ptrace: maneja la configuración del registro fpc correctamente Si el contenido del registro de control de punto flotante (fpc) de un proceso rastreado se modifica con la interfaz ptrace, se prueba el nuevo valor validez cargándolo temporalmente en el registro fpc. Esto puede conducir a la corrupción del registro fpc del proceso de seguimiento: si ocurre una interrupción mientras el valor se carga temporalmente en el registro fpc, y dentro del contexto de interrupción se utilizan registros de punto flotante o vectoriales, los registros fp/vx actuales se guardan con save_fpu_regs() suponiendo que pertenecen al espacio del usuario y se cargarán en los registros fp/vx cuando regresen al espacio del usuario. test_fp_ctl() restaura el valor del registro fpc del espacio de usuario original; sin embargo, se descartará al regresar al espacio de usuario. Como resultado, el rastreador continuará ejecutándose incorrectamente con el valor que se suponía que debía usarse para el proceso rastreado. Solucione este problema guardando el contenido del registro fpu con save_fpu_regs() antes de usar test_fp_ctl(). • https://git.kernel.org/stable/c/6ccf904aac0292e1f6b1a1be6c407c414f7cf713 https://git.kernel.org/stable/c/6d0822f2cc9b153bf2df49a84599195a2e0d21a8 https://git.kernel.org/stable/c/856caf2730ea18cb39e95833719c02a02447dc0a https://git.kernel.org/stable/c/28a1f492cb527f64593457a0a0f0d809b3f36c25 https://git.kernel.org/stable/c/7a4d6481fbdd661f9e40e95febb95e3dee82bad3 https://git.kernel.org/stable/c/02c6bbfb08bad78dd014e24c7b893723c15ec7a1 https://git.kernel.org/stable/c/bdce67df7f12fb0409fbc604ce7c4254703f56d4 https://git.kernel.org/stable/c/8b13601d19c541158a6e18b278c00ba69 • CWE-20: Improper Input Validation •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52597 – KVM: s390: fix setting of fpc register
https://notcve.org/view.php?id=CVE-2023-52597
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix setting of fpc register kvm_arch_vcpu_ioctl_set_fpu() allows to set the floating point control (fpc) register of a guest cpu. The new value is tested for validity by temporarily loading it into the fpc register. This may lead to corruption of the fpc register of the host process: if an interrupt happens while the value is temporarily loaded into the fpc register, and within interrupt context floating point or vector registers are used, the current fp/vx registers are saved with save_fpu_regs() assuming they belong to user space and will be loaded into fp/vx registers when returning to user space. test_fp_ctl() restores the original user space / host process fpc register value, however it will be discarded, when returning to user space. In result the host process will incorrectly continue to run with the value that was supposed to be used for a guest cpu. Fix this by simply removing the test. There is another test right before the SIE context is entered which will handles invalid values. This results in a change of behaviour: invalid values will now be accepted instead of that the ioctl fails with -EINVAL. This seems to be acceptable, given that this interface is most likely not used anymore, and this is in addition the same behaviour implemented with the memory mapped interface (replace invalid values with zero) - see sync_regs() in kvm-s390.c. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: KVM: s390: configuración fija del registro fpc kvm_arch_vcpu_ioctl_set_fpu() permite configurar el registro de control de punto flotante (fpc) de una CPU invitada. • https://git.kernel.org/stable/c/3a04410b0bc7e056e0843ac598825dd359246d18 https://git.kernel.org/stable/c/5e63c9ae8055109d805aacdaf2a4fe2c3b371ba1 https://git.kernel.org/stable/c/150a3a3871490e8c454ffbac2e60abeafcecff99 https://git.kernel.org/stable/c/732a3bea7aba5b15026ea42d14953c3425cc7dc2 https://git.kernel.org/stable/c/0671f42a9c1084db10d68ac347d08dbf6689ecb3 https://git.kernel.org/stable/c/c87d7d910775a025e230fd6359b60627e392460f https://git.kernel.org/stable/c/2823db0010c400e4b2b12d02aa5d0d3ecb15d7c7 https://git.kernel.org/stable/c/b988b1bb0053c0dcd26187d29ef07566a • CWE-20: Improper Input Validation •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52596 – sysctl: Fix out of bounds access for empty sysctl registers
https://notcve.org/view.php?id=CVE-2023-52596
In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory (used for mounts). This check evaluates the first element of the ctl_table. This results in an out of bounds evaluation when registering empty directories. The function register_sysctl_mount_point now passes a ctl_table of size 1 instead of size 0. It now relies solely on the type to identify a permanently empty register. Make sure that the ctl_table has at least one element before testing for permanent emptiness. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sysctl: corrige el acceso fuera de los límites para registros sysctl vacíos. • https://git.kernel.org/stable/c/15893975e9e382f8294ea8d926f08dc2d8d39ede https://git.kernel.org/stable/c/2ae7081bc10123b187e36a4f3a8e53768de31489 https://git.kernel.org/stable/c/315552310c7de92baea4e570967066569937a843 •
CVSS: 4.4EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52595 – wifi: rt2x00: restart beacon queue when hardware reset
https://notcve.org/view.php?id=CVE-2023-52595
In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. If we don't manually stop the beacon queue, the queue will be deadlocked and unable to start again. This patch fixes the issue where Apple devices cannot connect to the AP after calling ieee80211_restart_hw(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rt2x00: reinicia la cola de baliza cuando se reinicia el hardware Cuando se activa un reinicio de hardware, todos los registros se reinician, por lo que todas las colas se ven obligadas a detenerse en la interfaz de hardware. Sin embargo, mac80211 no detendrá automáticamente la cola. • https://git.kernel.org/stable/c/e1f113b57ddd18274d7c83618deca25cc880bc48 https://git.kernel.org/stable/c/69e905beca193125820c201ab3db4fb0e245124e https://git.kernel.org/stable/c/4cc198580a7b93a36f5beb923f40f7ae27a3716c https://git.kernel.org/stable/c/739b3ccd9486dff04af95f9a890846d088a84957 https://git.kernel.org/stable/c/04cfe4a5da57ab9358cdfadea22bcb37324aaf83 https://git.kernel.org/stable/c/fdb580ed05df8973aa5149cafa598c64bebcd0cb https://git.kernel.org/stable/c/a11d965a218f0cd95b13fe44d0bcd8a20ce134a8 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52594 – wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
https://notcve.org/view.php?id=CVE-2023-52594
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() Fix an array-index-out-of-bounds read in ath9k_htc_txstatus(). The bug occurs when txs->cnt, data from a URB provided by a USB device, is bigger than the size of the array txs->txstatus, which is HTC_MAX_TX_STATUS. WARN_ON() already checks it, but there is no bug handling code after the check. Make the function return if that is the case. Found by a modified version of syzkaller. UBSAN: array-index-out-of-bounds in htc_drv_txrx.c index 13 is out of range for type '__wmi_event_txstatus [12]' Call Trace: ath9k_htc_txstatus ath9k_wmi_event_tasklet tasklet_action_common __do_softirq irq_exit_rxu sysvec_apic_timer_interrupt En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath9k: corrige una posible lectura de índice de matriz fuera de los límites en ath9k_htc_txstatus(). Corrige una lectura de índice de matriz fuera de los límites en ath9k_htc_txstatus(). • https://git.kernel.org/stable/c/f44f073c78112ff921a220d01b86d09f2ace59bc https://git.kernel.org/stable/c/f11f0fd1ad6c11ae7856d4325fe9d05059767225 https://git.kernel.org/stable/c/84770a996ad8d7f121ff2fb5a8d149aad52d64c1 https://git.kernel.org/stable/c/9003fa9a0198ce004b30738766c67eb7373479c9 https://git.kernel.org/stable/c/25c6f49ef59b7a9b80a3f7ab9e95268a1b01a234 https://git.kernel.org/stable/c/e4f4bac7d3b64eb75f70cd3345712de6f68a215d https://git.kernel.org/stable/c/be609c7002dd4504b15b069cb7582f4c778548d1 https://git.kernel.org/stable/c/2adc886244dff60f948497b59affb6c6e • CWE-125: Out-of-bounds Read •