CVE-2024-38780 – dma-buf/sw-sync: don't enable IRQ from sync_print_obj()
https://notcve.org/view.php?id=CVE-2024-38780
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugfs_show() is already using spin_{lock,unlock}_irq(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf/sw-sync: no habilitar IRQ desde sync_print_obj() Desde el commit a6aa8fca4d79 ("dma-buf/sw-sync: reducir irqsave/irqrestore desde el contexto conocido" ) por error reemplazó spin_unlock_irqrestore() con spin_unlock_irq() tanto para sync_debugfs_show() como para sync_print_obj() a pesar de que sync_print_obj() se llama desde sync_debugfs_show(), lockdep se queja de una advertencia de estado de bloqueo inconsistente. Utilice spin_{lock,unlock}() simple para sync_print_obj(), ya que sync_debugfs_show() ya está usando spin_{lock,unlock}_irq(). • https://git.kernel.org/stable/c/a6aa8fca4d792c72947e341d7842d2f700534335 https://git.kernel.org/stable/c/f14ad42b8743897d140808467ed4ae3ce93bd0a5 https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8 https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878 https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc54396 • CWE-667: Improper Locking •
CVE-2024-38659 – enic: Validate length of nl attributes in enic_set_vf_port
https://notcve.org/view.php?id=CVE-2024-38659
In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID are of length PORT_UUID_MAX. These attributes are validated (in the function do_setlink in rtnetlink.c) using the nla_policy ifla_port_policy. The policy defines IFLA_PORT_PROFILE as NLA_STRING, IFLA_PORT_INSTANCE_UUID as NLA_BINARY and IFLA_PORT_HOST_UUID as NLA_STRING. That means that the length validation using the policy is for the max size of the attributes and not on exact size so the length of these attributes might be less than the sizes that enic_set_vf_port expects. This might cause an out of bands read access in the memcpys of the data of these attributes in enic_set_vf_port. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: enic: Validar la longitud de los atributos nl en enic_set_vf_port enic_set_vf_port supone que el atributo nl IFLA_PORT_PROFILE tiene una longitud PORT_PROFILE_MAX y que los atributos nl IFLA_PORT_INSTANCE_UUID, IFLA_PORT_HOST_UUID tienen una longitud PORT_UUID_MAX. • https://git.kernel.org/stable/c/f8bd909183acffad68780b10c1cdf36161cfd5d1 https://git.kernel.org/stable/c/2b649d7e0cb42a660f0260ef25fd55fdc9c6c600 https://git.kernel.org/stable/c/ca63fb7af9d3e531aa25f7ae187bfc6c7166ec2d https://git.kernel.org/stable/c/3c0d36972edbe56fcf98899622d9b90ac9965227 https://git.kernel.org/stable/c/25571a12fbc8a1283bd8380d461267956fd426f7 https://git.kernel.org/stable/c/7077c22f84f41974a711604a42fd0e0684232ee5 https://git.kernel.org/stable/c/f6638e955ca00c489894789492776842e102af9c https://git.kernel.org/stable/c/aee1955a1509a921c05c70dad5d6fc856 •
CVE-2024-38637 – greybus: lights: check return of get_channel_from_mode
https://notcve.org/view.php?id=CVE-2024-38637
In the Linux kernel, the following vulnerability has been resolved: greybus: lights: check return of get_channel_from_mode If channel for the given node is not found we return null from get_channel_from_mode. Make sure we validate the return pointer before using it in two of the missing places. This was originally reported in [0]: Found by Linux Verification Center (linuxtesting.org) with SVACE. [0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru En el kernel de Linux, se resolvió la siguiente vulnerabilidad: greybus: luces: verificar el retorno de get_channel_from_mode Si no se encuentra el canal para el nodo dado, devolvemos nulo de get_channel_from_mode. Asegúrese de validar el puntero de retorno antes de usarlo en dos de los lugares que faltan. Esto se informó originalmente en [0]: Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. [0] https://lore.kernel.org/all/20240301190425.120605-1-m.lobanov@rosalinux.ru • https://git.kernel.org/stable/c/2870b52bae4c81823ffcb3ed2b0626fb39d64f48 https://git.kernel.org/stable/c/8f4a76d477f0cc3c54d512f07f6f88c8e1c1e07b https://git.kernel.org/stable/c/e2c64246e5dc8c0d35ec41770b85e2b4cafdff21 https://git.kernel.org/stable/c/eac10cf3a97ffd4b4deb0a29f57c118225a42850 https://git.kernel.org/stable/c/330f6bcdcef03f70f81db5f2ed6747af656a09f2 https://git.kernel.org/stable/c/9b41a9b9c8be8c552f10633453fdb509e83b66f8 https://git.kernel.org/stable/c/518e2c46b5dbce40b1aa0100001d03c3ceaa7d38 https://git.kernel.org/stable/c/895cdd9aa9546523df839f9cc1488a0ec •
CVE-2024-38635 – soundwire: cadence: fix invalid PDI offset
https://notcve.org/view.php?id=CVE-2024-38635
In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an out-of-bounds access. We were just lucky so far since we used only a couple of PDIs and remained within the PDI array bounds. A Fixes: tag is not provided since there are no known platforms where the out-of-bounds would be accessed, and the initial code had problems as well. A follow-up patch completely removes this useless offset. • https://git.kernel.org/stable/c/002364b2d594a9afc0385c09e00994c510b1d089 https://git.kernel.org/stable/c/fd4bcb991ebaf0d1813d81d9983cfa99f9ef5328 https://git.kernel.org/stable/c/902f6d656441a511ac25c6cffce74496db10a078 https://git.kernel.org/stable/c/2ebcaa0e5db9b6044bb487ae1cf41bc601761567 https://git.kernel.org/stable/c/7eeef1e935d23db5265233d92395bd5c648a4021 https://git.kernel.org/stable/c/4e99103f757cdf636c6ee860994a19a346a11785 https://git.kernel.org/stable/c/8ee1b439b1540ae543149b15a2a61b9dff937d91 •
CVE-2024-38634 – serial: max3100: Lock port->lock when calling uart_handle_cts_change()
https://notcve.org/view.php?id=CVE-2024-38634
In the Linux kernel, the following vulnerability has been resolved: serial: max3100: Lock port->lock when calling uart_handle_cts_change() uart_handle_cts_change() has to be called with port lock taken, Since we run it in a separate work, the lock may not be taken at the time of running. Make sure that it's taken by explicitly doing that. Without it we got a splat: WARNING: CPU: 0 PID: 10 at drivers/tty/serial/serial_core.c:3491 uart_handle_cts_change+0xa6/0xb0 ... Workqueue: max3100-0 max3100_work [max3100] RIP: 0010:uart_handle_cts_change+0xa6/0xb0 ... max3100_handlerx+0xc5/0x110 [max3100] max3100_work+0x12a/0x340 [max3100] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: serial: max3100: Bloquear puerto->bloquear al llamar a uart_handle_cts_change() uart_handle_cts_change() debe llamarse con el bloqueo de puerto tomado. Dado que lo ejecutamos en un trabajo separado, el bloqueo puede No se tomará en el momento de correr. Asegúrese de que se tome haciéndolo explícitamente. • https://git.kernel.org/stable/c/7831d56b0a3544cbb6f82f76c34ca95e24d5b676 https://git.kernel.org/stable/c/44b38924135d2093e2ec1812969464845dd66dc9 https://git.kernel.org/stable/c/ea9b35372b58ac2931bfc1d5bc25e839d1221e30 https://git.kernel.org/stable/c/cc121e3722a0a2c8f716ef991e5425b180a5fb94 https://git.kernel.org/stable/c/78dbda51bb4241b88a52d71620f06231a341f9ba https://git.kernel.org/stable/c/8296bb9e5925b6634259c5d4daee88f0cc0884ec https://git.kernel.org/stable/c/93df2fba6c7dfa9a2f08546ea9a5ca4728758458 https://git.kernel.org/stable/c/865b30c8661924ee9145f442bf32cea54 •