CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36945 – net/smc: fix neighbour and rtable leak in smc_ib_find_route()
https://notcve.org/view.php?id=CVE-2024-36945
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable resolved by ip_route_output_flow() are not released or put before return. It may cause the refcount leak, so fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: corrige la fuga de vecino y rtable en smc_ib_find_route() En smc_ib_find_route(), el vecino encontrado por neigh_lookup() y rtable resuelto por ip_route_output_flow() no se liberan ni se colocan antes devolver. Puede causar la fuga de recuento, así que corríjalo. • https://git.kernel.org/stable/c/e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2 https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 https://access.redhat.com/security/cve/CVE-2024-36945 https://bugzilla.redhat.com/show_bug.cgi?id=2284465 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36944 – Reapply "drm/qxl: simplify qxl_fence_wait"
https://notcve.org/view.php?id=CVE-2024-36944
In the Linux kernel, the following vulnerability has been resolved: Reapply "drm/qxl: simplify qxl_fence_wait" This reverts commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reports: "I went to run my tests on my VMs and the tests hung on boot up. Unfortunately, the most I ever got out was: [ 93.607888] Testing event system initcall: OK [ 93.667730] Running tests on all trace events: [ 93.669757] Testing all events: OK [ 95.631064] ------------[ cut here ]------------ Timed out after 60 seconds" and further debugging points to a possible circular locking dependency between the console_owner locking and the worker pool locking. Reverting the commit allows Steve's VM to boot to completion again. [ This may obviously result in the "[TTM] Buffer eviction failed" messages again, which was the reason for that original revert. But at this point this seems preferable to a non-booting system... ] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Vuelva a aplicar "drm/qxl: simplificar qxl_fence_wait" Esto revierte el commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt informa: "Fui a ejecutar mis pruebas en mis máquinas virtuales y las pruebas se colgaron al arrancar. Desafortunadamente, lo máximo que obtuve fue: [ 93.607888] Probando evento de initcall del sistema: OK [ 93.667730] Ejecutando pruebas en todos los eventos de seguimiento : [93.669757] Probando todos los eventos: OK [95.631064] ------------[ cortar aquí ]------------ Se agotó el tiempo de espera después de 60 segundos" y más puntos de depuración a una posible dependencia de bloqueo circular entre el bloqueo del propietario de la consola y el bloqueo del grupo de trabajadores. Revertir el commit permite que la máquina virtual de Steve se inicie nuevamente. • https://git.kernel.org/stable/c/4a89ac4b0921c4ea21eb1b4cf3a469a91bacfcea https://git.kernel.org/stable/c/b548c53bc3ab83dc6fc86c8e840f013b2032267a https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97 https://git.kernel.org/stable/c/3dfe35d8683daf9ba69278643efbabe40000bbf6 https://git.kernel.org/stable/c/3628e0383dd349f02f882e612ab6184e4bb3dc10 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36942 – Bluetooth: qca: fix firmware check error path
https://notcve.org/view.php?id=CVE-2024-36942
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix firmware check error path A recent commit fixed the code that parses the firmware files before downloading them to the controller but introduced a memory leak in case the sanity checks ever fail. Make sure to free the firmware buffer before returning on errors. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: corregir ruta de error de verificación de firmware Una confirmación reciente corrigió el código que analiza los archivos de firmware antes de descargarlos al controlador, pero introdujo una pérdida de memoria en caso de que las comprobaciones de cordura alguna vez fallaran. Asegúrese de liberar el búfer de firmware antes de regresar con errores. • https://git.kernel.org/stable/c/580bcd6bf24f9975f97d81d5ef1b64cca9240df9 https://git.kernel.org/stable/c/064688d70c33bb5b49dde6e972b9379a8b045d8a https://git.kernel.org/stable/c/7bcba557d5c37cd09ecd5abbe7d50deb86c36d3f https://git.kernel.org/stable/c/d1f768214320852766a60a815a0be8f14fba0cc3 https://git.kernel.org/stable/c/40d442f969fb1e871da6fca73d3f8aef1f888558 •
CVSS: 5.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36941 – wifi: nl80211: don't free NULL coalescing rule
https://notcve.org/view.php?id=CVE-2024-36941
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: nl80211: no liberar la regla de fusión NULL Si el análisis falla, podemos desreferenciar un puntero NULL aquí. • https://git.kernel.org/stable/c/be29b99a9b51b0338eea3c66a58de53bbd01de24 https://git.kernel.org/stable/c/327382dc0f16b268950b96e0052595efd80f7b0a https://git.kernel.org/stable/c/97792d0611ae2e6fe3ccefb0a94a1d802317c457 https://git.kernel.org/stable/c/5a730a161ac2290d46d49be76b2b1aee8d2eb307 https://git.kernel.org/stable/c/ad12c74e953b68ad85c78adc6408ed8435c64af4 https://git.kernel.org/stable/c/b0db4caa10f2e4e811cf88744fbf0d074b67ec1f https://git.kernel.org/stable/c/244822c09b4f9aedfb5977f03c0deeb39da8ec7d https://git.kernel.org/stable/c/f92772a642485394db5c9a17bd0ee73fc • CWE-476: NULL Pointer Dereference •
CVSS: 2.3EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36940 – pinctrl: core: delete incorrect free in pinctrl_enable()
https://notcve.org/view.php?id=CVE-2024-36940
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freeing it in pinctrl_enable() will lead to a double free. The devm_pinctrl_dev_release() function frees the pindescs and destroys the mutex as well. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: core: eliminar incorrecto gratis en pinctrl_enable() La estructura "pctldev" está asignada en devm_pinctrl_register_and_init(). Es un puntero administrado por devm_ que se libera mediante devm_pinctrl_dev_release(), por lo que liberarlo en pinctrl_enable() generará una doble liberación. La función devm_pinctrl_dev_release() libera los pindescs y también destruye el mutex. • https://git.kernel.org/stable/c/6118714275f0a313ecc296a87ed1af32d9691bed https://git.kernel.org/stable/c/735f4c6b6771eafe336404c157ca683ad72a040d https://git.kernel.org/stable/c/cdaa171473d98962ae86f2a663d398fda2fbeefd https://git.kernel.org/stable/c/288bc4aa75f150d6f1ee82dd43c6da1b438b6068 https://git.kernel.org/stable/c/41f88ef8ba387a12f4a2b8c400b6c9e8e54b2cca https://git.kernel.org/stable/c/ac7d65795827dc0cf7662384ed27caf4066bd72e https://git.kernel.org/stable/c/558c8039fdf596a584a92c171cbf3298919c448c https://git.kernel.org/stable/c/f9f1e321d53e4c5b666b66e5b43da2984 • CWE-415: Double Free •