CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36929 – net: core: reject skb_copy(_expand) for fraglist GSO skbs
https://notcve.org/view.php?id=CVE-2024-36929
In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: core: rechazar skb_copy(_expand) para fraglist GSO skbs Los skbs SKB_GSO_FRAGLIST no deben linealizarse; de lo contrario, dejarán de ser válidos. Devuelve NULL si dicho skb se pasa a skb_copy o skb_copy_expand, para evitar un bloqueo en una posible llamada posterior a skb_gso_segment. • https://git.kernel.org/stable/c/3a1296a38d0cf62bffb9a03c585cbd5dbf15d596 https://git.kernel.org/stable/c/faa83a7797f06cefed86731ba4baa3b4dfdc06c1 https://git.kernel.org/stable/c/c7af99cc21923a9650533c9d77265c8dd683a533 https://git.kernel.org/stable/c/989bf6fd1e1d058e73a364dce1a0c53d33373f62 https://git.kernel.org/stable/c/cfe34d86ef9765c388f145039006bb79b6c81ac6 https://git.kernel.org/stable/c/aea5e2669c2863fdd8679c40ee310b3bcaa85aec https://git.kernel.org/stable/c/d091e579b864fa790dd6a0cd537a22c383126681 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-822: Untrusted Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2024-36927 – ipv4: Fix uninit-value access in __ip_make_skb()
https://notcve.org/view.php?id=CVE-2024-36927
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL while __ip_make_skb() is running, the function will access icmphdr in the skb even if it is not included. This causes the issue reported by KMSAN. Check FLOWI_FLAG_KNOWN_NH on fl4->flowi4_flags instead of testing HDRINCL on the socket. Also, fl4->fl4_icmp_type and fl4->fl4_icmp_code are not initialized. • https://git.kernel.org/stable/c/99e5acae193e369b71217efe6f1dad42f3f18815 https://git.kernel.org/stable/c/dc4e3bb0710178c8d03fc43064e0a71fe7440cdd https://git.kernel.org/stable/c/022ea4374c319690c804706bda9dc42946d1556d https://git.kernel.org/stable/c/27c468ec1af113f6ae94fb5378f65e6038bd16e7 https://git.kernel.org/stable/c/566785731c6dd41ef815196ddc36d1ae30a63763 https://git.kernel.org/stable/c/a54ec573d9b81b05d368f8e6edc1b3e49f688658 https://git.kernel.org/stable/c/fc60067260c20da8cddcf968bec47416f3e2cde2 https://git.kernel.org/stable/c/32a5a13d556e4f804e5a447a08c70b172 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36924 – scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()
https://notcve.org/view.php?id=CVE-2024-36924
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() lpfc_worker_wake_up() calls the lpfc_work_done() routine, which takes the hbalock. Thus, lpfc_worker_wake_up() should not be called while holding the hbalock to avoid potential deadlock. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Libere hbalock antes de llamar a lpfc_worker_wake_up() lpfc_worker_wake_up() llama a la rutina lpfc_work_done(), que toma el hbalock. Por lo tanto, no se debe llamar a lpfc_worker_wake_up() mientras se mantiene presionado el hbalock para evitar un posible punto muerto. • https://git.kernel.org/stable/c/6503c39398506cadda9f4c81695a9655ca5fb4fd https://git.kernel.org/stable/c/e8bf2c05e8ad68e90f9d5889a9e4ef3f6fe00683 https://git.kernel.org/stable/c/ee833d7e62de2b84ed1332d501b67f12e7e5678f https://git.kernel.org/stable/c/ded20192dff31c91cef2a04f7e20e60e9bb887d3 https://access.redhat.com/security/cve/CVE-2024-36924 https://bugzilla.redhat.com/show_bug.cgi?id=2284506 • CWE-833: Deadlock •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-36923 – fs/9p: fix uninitialized values during inode evict
https://notcve.org/view.php?id=CVE-2024-36923
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix uninitialized values during inode evict If an iget fails due to not being able to retrieve information from the server then the inode structure is only partially initialized. When the inode gets evicted, references to uninitialized structures (like fscache cookies) were being made. This patch checks for a bad_inode before doing anything other than clearing the inode from the cache. Since the inode is bad, it shouldn't have any state associated with it that needs to be written back (and there really isn't a way to complete those anyways). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/9p: corrige valores no inicializados durante el desalojo de inodo. Si un iget falla debido a que no puede recuperar información del servidor, entonces la estructura del inodo solo se inicializa parcialmente. • https://git.kernel.org/stable/c/1b4cb6e91f19b81217ad98142ee53a1ab25893fd https://git.kernel.org/stable/c/6630036b7c228f57c7893ee0403e92c2db2cd21d •
CVSS: 4.4EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36922 – wifi: iwlwifi: read txq->read_ptr under lock
https://notcve.org/view.php?id=CVE-2024-36922
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: read txq->read_ptr under lock If we read txq->read_ptr without lock, we can read the same value twice, then obtain the lock, and reclaim from there to two different places, but crucially reclaim the same entry twice, resulting in the WARN_ONCE() a little later. Fix that by reading txq->read_ptr under lock. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: leer txq->read_ptr bajo bloqueo Si leemos txq->read_ptr sin bloqueo, podemos leer el mismo valor dos veces, luego obtener el bloqueo y reclamar desde allí a dos lugares diferentes, pero fundamentalmente reclama la misma entrada dos veces, lo que resulta en WARN_ONCE() un poco más tarde. Solucione eso leyendo txq->read_ptr bajo bloqueo. • https://git.kernel.org/stable/c/b83db8e756dec68a950ed2f056248b1704b3deaa https://git.kernel.org/stable/c/43d07103df670484cdd26f9588eabef80f69db89 https://git.kernel.org/stable/c/c2ace6300600c634553657785dfe5ea0ed688ac2 https://access.redhat.com/security/cve/CVE-2024-36922 https://bugzilla.redhat.com/show_bug.cgi?id=2284511 • CWE-413: Improper Resource Locking •