CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27057 – ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
https://notcve.org/view.php?id=CVE-2024-27057
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend When the system is suspended while audio is active, the sof_ipc4_pcm_hw_free() is invoked to reset the pipelines since during suspend the DSP is turned off, streams will be re-started after resume. If the firmware crashes during while audio is running (or when we reset the stream before suspend) then the sof_ipc4_set_multi_pipeline_state() will fail with IPC error and the state change is interrupted. This will cause misalignment between the kernel and firmware state on next DSP boot resulting errors returned by firmware for IPC messages, eventually failing the audio resume. On stream close the errors are ignored so the kernel state will be corrected on the next DSP boot, so the second boot after the DSP panic. If sof_ipc4_trigger_pipelines() is called from sof_ipc4_pcm_hw_free() then state parameter is SOF_IPC4_PIPE_RESET and only in this case. Treat a forced pipeline reset similarly to how we treat a pcm_free by ignoring error on state sending to allow the kernel's state to be consistent with the state the firmware will have after the next boot. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ASoC: SOF: ipc4-pcm: workaround para firmware bloqueado en suspensión del sistema Cuando el sistema se suspende mientras el audio está activo, se invoca sof_ipc4_pcm_hw_free() para restablecer las canalizaciones desde durante la suspensión el DSP está apagado, las transmisiones se reiniciarán después de reanudarse. Si el firmware falla mientras se ejecuta el audio (o cuando reiniciamos la transmisión antes de suspenderla), entonces sof_ipc4_set_multi_pipeline_state() fallará con un error de IPC y se interrumpirá el cambio de estado. Esto provocará una desalineación entre el estado del kernel y del firmware en el siguiente arranque del DSP, lo que provocará errores devueltos por el firmware para los mensajes IPC, lo que eventualmente provocará un error en la reanudación del audio. Al cerrar la transmisión, los errores se ignoran, por lo que el estado del kernel se corregirá en el siguiente inicio del DSP, es decir, en el segundo inicio después del pánico del DSP. • https://git.kernel.org/stable/c/3cac6eebea9b4bc5f041e157e45c76e212ad6759 https://git.kernel.org/stable/c/d153e8b154f9746ac969c85a4e6474760453647c https://git.kernel.org/stable/c/c40aad7c81e5fba34b70123ed7ce3397fa62a4d2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27056 – wifi: iwlwifi: mvm: ensure offloading TID queue exists
https://notcve.org/view.php?id=CVE-2024-27056
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: ensure offloading TID queue exists The resume code path assumes that the TX queue for the offloading TID has been configured. At resume time it then tries to sync the write pointer as it may have been updated by the firmware. In the unusual event that no packets have been send on TID 0, the queue will not have been allocated and this causes a crash. Fix this by ensuring the queue exist at suspend time. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: asegúrese de que exista la cola de descarga TID La ruta del código de reanudación supone que se ha configurado la cola de TX para la descarga de TID. En el momento de la reanudación, intenta sincronizar el puntero de escritura, ya que es posible que el firmware lo haya actualizado. • https://git.kernel.org/stable/c/ed35a509390ef4011ea2226da5dd6f62b73873b5 https://git.kernel.org/stable/c/78f65fbf421a61894c14a1b91fe2fb4437b3fe5f https://access.redhat.com/security/cve/CVE-2024-27056 https://bugzilla.redhat.com/show_bug.cgi?id=2278409 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27043 – media: edia: dvbdev: fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-27043
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: edia: dvbdev: corregir un use-after-free En dvb_register_device, *pdvbdev se establece igual a dvbdev, que se libera en varias rutas de manejo de errores. • https://git.kernel.org/stable/c/b61901024776b25ce7b8edc31bb1757c7382a88e https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856 https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644 https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712 https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62 https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27037 – clk: zynq: Prevent null pointer dereference caused by kmalloc failure
https://notcve.org/view.php?id=CVE-2024-27037
In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to the null address, the null pointer dereference bug will happen. This patch uses a stack variable to replace the kmalloc(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: zynq: evita la desreferencia del puntero nulo causada por una falla de kmalloc. El kmalloc() en zynq_clk_setup() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos snprintf() para escribir datos en la dirección nula, se producirá el error de desreferencia del puntero nulo. • https://git.kernel.org/stable/c/0ee52b157b8ed88550ddd6291e54bb4bfabde364 https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85 https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8 https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6 • CWE-476: NULL Pointer Dereference •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27020 – netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
https://notcve.org/view.php?id=CVE-2024-27020
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: corrige una posible ejecución de datos en __nft_expr_type_get() nft_unregister_expr() puede concurrente con __nft_expr_type_get(), y no hay ninguna protección cuando se itera sobre la lista nf_tables_expressions en __nft_expr_type_get() . Por lo tanto, existe una posible ejecución de datos en la entrada de la lista nf_tables_expressions. Utilice list_for_each_entry_rcu() para iterar sobre la lista nf_tables_expressions en __nft_expr_type_get() y utilice rcu_read_lock() en el llamador nft_expr_type_get() para proteger todo el proceso de consulta de tipos. • https://git.kernel.org/stable/c/ef1f7df9170dbd875ce198ba84e6ab80f6fc139e https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05 https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907 https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5 https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •