CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56572 – media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()
https://notcve.org/view.php?id=CVE-2024-56572
In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer when allegro_alloc_buffer fails. • https://git.kernel.org/stable/c/f20387dfd065693ba7ea2788a2f893bf653c9cb8 https://git.kernel.org/stable/c/cf642904be39ae0d441dbdfa8f485e0a46260be4 https://git.kernel.org/stable/c/74a65313578b35e1239966adfa7ac2bdd60caf00 https://git.kernel.org/stable/c/64f72a738864b506ab50b4a6cb3ce3c3e04b71af https://git.kernel.org/stable/c/17e5613666209be4e5be1f1894f1a6014a8a0658 https://git.kernel.org/stable/c/6712a28a4f923ffdf51cff267ad05a634ee1babc https://git.kernel.org/stable/c/891b5790bee8fc6ddba17874dd87a646128d0b99 https://git.kernel.org/stable/c/0f514068fbc5d4d189c817adc7c4e32cf •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56571 – media: uvcvideo: Require entities to have a non-zero unique ID
https://notcve.org/view.php?id=CVE-2024-56571
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? • https://git.kernel.org/stable/c/a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b https://git.kernel.org/stable/c/bde4e7c1527151b596089b3f984818ab537eeb7f https://git.kernel.org/stable/c/72ed66623953106d15825513c82533a03ba29ecd https://git.kernel.org/stable/c/19464d73225224dca31e2fd6e7d6418facf5facb https://git.kernel.org/stable/c/b11813bc2f4eee92695075148c9ba996f54feeba https://git.kernel.org/stable/c/4f74bd307f078c0605b9f6f1edb8337dee35fa2e https://git.kernel.org/stable/c/3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56570 – ovl: Filter invalid inodes with missing lookup function
https://notcve.org/view.php?id=CVE-2024-56570
In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. • https://git.kernel.org/stable/c/f9248e2f73fb4afe08324485e98c815ac084d166 https://git.kernel.org/stable/c/5f86e79c0b2287ffdabe6c1b305a36c4e0f40fe3 https://git.kernel.org/stable/c/749eac5a6687ec99116e0691d0d71225254654e3 https://git.kernel.org/stable/c/ff43d008bbf9b27ada434d6455f039a5ef6cee53 https://git.kernel.org/stable/c/065bf5dd21639f80e68450de16bda829784dbb8c https://git.kernel.org/stable/c/72014e7745cc8250bb8f27bd78694dfd3f1b5773 https://git.kernel.org/stable/c/c8b359dddb418c60df1a69beea01d1b3322bfe83 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56569 – ftrace: Fix regression with module command in stack_trace_filter
https://notcve.org/view.php?id=CVE-2024-56569
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. • https://git.kernel.org/stable/c/04ec7bb642b77374b53731b795b5654b5aff1c00 https://git.kernel.org/stable/c/43ca32ce12888fb0eeb2d74dfc558dea60d3473e https://git.kernel.org/stable/c/5dabb7af57bc72308a6e2e81a5dd756eef283803 https://git.kernel.org/stable/c/885109aa0c70639527dd6a65c82e63c9ac055e3d https://git.kernel.org/stable/c/7ae27880de3482e063fcc1f72d9a298d0d391407 https://git.kernel.org/stable/c/8a92dc4df89c50bdb26667419ea70e0abbce456e https://git.kernel.org/stable/c/19cacabdd5a8487ae566cbecb4d03bcb038a067e https://git.kernel.org/stable/c/45af52e7d3b8560f21d139b3759735eea •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56568 – iommu/arm-smmu: Defer probe of clients after smmu device bound
https://notcve.org/view.php?id=CVE-2024-56568
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment] • https://git.kernel.org/stable/c/021bb8420d44cf56102d44fca9af628625e75482 https://git.kernel.org/stable/c/c2527d07c7e9cda2c6165d5edccf74752baac1b0 https://git.kernel.org/stable/c/dc02407ea952e20c544a078a6be2e6f008327973 https://git.kernel.org/stable/c/f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5 https://git.kernel.org/stable/c/4a9485918a042e3114890dfbe19839a1897f8b2c https://git.kernel.org/stable/c/5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8 https://git.kernel.org/stable/c/229e6ee43d2a160a1592b83aad620d6027084aad •