CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56571 – media: uvcvideo: Require entities to have a non-zero unique ID
https://notcve.org/view.php?id=CVE-2024-56571
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? • https://git.kernel.org/stable/c/a3fbc2e6bb05a3b1ea341cd29dea09b4a033727b https://git.kernel.org/stable/c/bde4e7c1527151b596089b3f984818ab537eeb7f https://git.kernel.org/stable/c/72ed66623953106d15825513c82533a03ba29ecd https://git.kernel.org/stable/c/19464d73225224dca31e2fd6e7d6418facf5facb https://git.kernel.org/stable/c/b11813bc2f4eee92695075148c9ba996f54feeba https://git.kernel.org/stable/c/4f74bd307f078c0605b9f6f1edb8337dee35fa2e https://git.kernel.org/stable/c/3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56570 – ovl: Filter invalid inodes with missing lookup function
https://notcve.org/view.php?id=CVE-2024-56570
In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. • https://git.kernel.org/stable/c/f9248e2f73fb4afe08324485e98c815ac084d166 https://git.kernel.org/stable/c/5f86e79c0b2287ffdabe6c1b305a36c4e0f40fe3 https://git.kernel.org/stable/c/749eac5a6687ec99116e0691d0d71225254654e3 https://git.kernel.org/stable/c/ff43d008bbf9b27ada434d6455f039a5ef6cee53 https://git.kernel.org/stable/c/065bf5dd21639f80e68450de16bda829784dbb8c https://git.kernel.org/stable/c/72014e7745cc8250bb8f27bd78694dfd3f1b5773 https://git.kernel.org/stable/c/c8b359dddb418c60df1a69beea01d1b3322bfe83 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56569 – ftrace: Fix regression with module command in stack_trace_filter
https://notcve.org/view.php?id=CVE-2024-56569
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. • https://git.kernel.org/stable/c/04ec7bb642b77374b53731b795b5654b5aff1c00 https://git.kernel.org/stable/c/43ca32ce12888fb0eeb2d74dfc558dea60d3473e https://git.kernel.org/stable/c/5dabb7af57bc72308a6e2e81a5dd756eef283803 https://git.kernel.org/stable/c/885109aa0c70639527dd6a65c82e63c9ac055e3d https://git.kernel.org/stable/c/7ae27880de3482e063fcc1f72d9a298d0d391407 https://git.kernel.org/stable/c/8a92dc4df89c50bdb26667419ea70e0abbce456e https://git.kernel.org/stable/c/19cacabdd5a8487ae566cbecb4d03bcb038a067e https://git.kernel.org/stable/c/45af52e7d3b8560f21d139b3759735eea •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-56568 – iommu/arm-smmu: Defer probe of clients after smmu device bound
https://notcve.org/view.php?id=CVE-2024-56568
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment] • https://git.kernel.org/stable/c/021bb8420d44cf56102d44fca9af628625e75482 https://git.kernel.org/stable/c/c2527d07c7e9cda2c6165d5edccf74752baac1b0 https://git.kernel.org/stable/c/dc02407ea952e20c544a078a6be2e6f008327973 https://git.kernel.org/stable/c/f8f794f387ad21c4696e5cd0626cb6f8a5f6aea5 https://git.kernel.org/stable/c/4a9485918a042e3114890dfbe19839a1897f8b2c https://git.kernel.org/stable/c/5018696b19bc6c021e934a8a59f4b1dd8c0ac9f8 https://git.kernel.org/stable/c/229e6ee43d2a160a1592b83aad620d6027084aad •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-56567 – ad7780: fix division by zero in ad7780_write_raw()
https://notcve.org/view.php?id=CVE-2024-56567
In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero. • https://git.kernel.org/stable/c/9085daa4abcc3a1c19ae4eb00e609842ef28275a https://git.kernel.org/stable/c/18fb33df1de83a014d7f784089f9b124facc157f https://git.kernel.org/stable/c/afc1e3c00b3f5f0b4f1bc3e974fb9803cb938a90 https://git.kernel.org/stable/c/68e79b848196a0b0ec006009cc69da1f835d1ae8 https://git.kernel.org/stable/c/022e13518ba6cc1b4fdd291f49e4f57b2d5718e0 https://git.kernel.org/stable/c/7e3a8ea3d1ada7f707de5d9d504774b4191eab66 https://git.kernel.org/stable/c/f25a9f1df1f6738acf1fa05595fb6060a2c08ff1 https://git.kernel.org/stable/c/c174b53e95adf2eece2afc56cd9798374 •