CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38607 – macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"
https://notcve.org/view.php?id=CVE-2024-38607
In the Linux kernel, the following vulnerability has been resolved: macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" The via-macii ADB driver calls request_irq() after disabling hard interrupts. But disabling interrupts isn't necessary here because the VIA shift register interrupt was masked during VIA1 initialization. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: macintosh/via-macii: Corrección "ERROR: función de suspensión llamada desde un contexto no válido" El controlador ADB via-macii llama a request_irq() después de deshabilitar las interrupciones bruscas. Pero aquí no es necesario deshabilitar las interrupciones porque la interrupción del registro de desplazamiento de VIA se enmascaró durante la inicialización de VIA1. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/e4ff8bcfb2841fe4e17e5901578b632adb89036d https://git.kernel.org/stable/c/1e9c3f2caec548cfa7a65416ec4e6006e542f18e https://git.kernel.org/stable/c/280619bbdeac186fb320fab3d61122d2a085def8 https://git.kernel.org/stable/c/010d4cb19bb13f423e3e746b824f314a9bf3e9a9 https://git.kernel.org/stable/c/787fb79efc15b3b86442ecf079b8148f173376d7 https://git.kernel.org/stable/c/d43a8c7ec0841e0ff91a968770aeca83f0fd4c56 https://git.kernel.org/stable/c/5900a88e897e6deb1bdce09ee34167a81 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38606 – crypto: qat - validate slices count returned by FW
https://notcve.org/view.php?id=CVE-2024-38606
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - validate slices count returned by FW The function adf_send_admin_tl_start() enables the telemetry (TL) feature on a QAT device by sending the ICP_QAT_FW_TL_START message to the firmware. This triggers the FW to start writing TL data to a DMA buffer in memory and returns an array containing the number of accelerators of each type (slices) supported by this HW. The pointer to this array is stored in the adf_tl_hw_data data structure called slice_cnt. The array slice_cnt is then used in the function tl_print_dev_data() to report in debugfs only statistics about the supported accelerators. An incorrect value of the elements in slice_cnt might lead to an out of bounds memory read. At the moment, there isn't an implementation of FW that returns a wrong value, but for robustness validate the slice count array returned by FW. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: qat: valida el recuento de segmentos devueltos por el FW. La función adf_send_admin_tl_start() habilita la función de telemetría (TL) en un dispositivo QAT enviando el mensaje ICP_QAT_FW_TL_START al firmware. Esto hace que el FW comience a escribir datos TL en un búfer DMA en la memoria y devuelve una matriz que contiene la cantidad de aceleradores de cada tipo (porciones) admitidos por este HW. • https://git.kernel.org/stable/c/69e7649f7cc2aaa7889174456d39319a623c1a18 https://git.kernel.org/stable/c/e57ed345e2e6043629fc74aa5be051415dcc4f77 https://git.kernel.org/stable/c/9b284b915e2a5e63ca133353f8c456eff4446f82 https://git.kernel.org/stable/c/483fd65ce29317044d1d00757e3fd23503b6b04c •
CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38605 – ALSA: core: Fix NULL module pointer assignment at card init
https://notcve.org/view.php?id=CVE-2024-38605
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and it also wraps the code around it with '#ifdef MODULE'. This works in most cases, but the devils are always in details. "MODULE" is defined when the target code (i.e. the sound core) is built as a module; but this doesn't mean that the caller is also built-in or not. Namely, when only the sound core is built-in (CONFIG_SND=y) while the driver is a module (CONFIG_SND_USB_AUDIO=m), the passed module pointer is ignored even if it's non-NULL, and card->module remains as NULL. This would result in the missing module reference up/down at the device open/close, leading to a race with the code execution after the module removal. For addressing the bug, move the assignment of card->module again out of ifdef. • https://git.kernel.org/stable/c/81033c6b584b44514cbb16fffc26ca29a0fa6270 https://git.kernel.org/stable/c/d7ff29a429b56f04783152ad7bbd7233b740e434 https://git.kernel.org/stable/c/e7e0ca200772bdb2fdc6d43d32d341e87a36f811 https://git.kernel.org/stable/c/e007476725730c1a68387b54b7629486d8a8301e https://git.kernel.org/stable/c/e644036a3e2b2c9b3eee3c61b5d31c2ca8b5ba92 https://git.kernel.org/stable/c/c935e72139e6d523defd60fe875c01eb1f9ea5c5 https://git.kernel.org/stable/c/6b8374ee2cabcf034faa34e69a855dc496a9ec12 https://git.kernel.org/stable/c/39381fe7394e5eafac76e7e9367e73511 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38604 – block: refine the EOF check in blkdev_iomap_begin
https://notcve.org/view.php?id=CVE-2024-38604
In the Linux kernel, the following vulnerability has been resolved: block: refine the EOF check in blkdev_iomap_begin blkdev_iomap_begin rounds down the offset to the logical block size before stashing it in iomap->offset and checking that it still is inside the inode size. Check the i_size check to the raw pos value so that we don't try a zero size write if iter->pos is unaligned. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: refina la comprobación de EOF en blkdev_iomap_begin blkdev_iomap_begin redondea hacia abajo el desplazamiento al tamaño del bloque lógico antes de guardarlo en iomap->offset y comprobar que todavía está dentro del tamaño del inodo. Verifique la verificación i_size en el valor pos sin formato para que no intentemos una escritura de tamaño cero si iter->pos no está alineado. • https://git.kernel.org/stable/c/487c607df790d366e67a7d6a30adf785cdd98e55 https://git.kernel.org/stable/c/910717920c8c3f9386277a44c44d448058a18084 https://git.kernel.org/stable/c/72c54e063c32aeb38d43a2bd897821e6e5a1757d https://git.kernel.org/stable/c/10b723bcba8986537a484aa94dbfc9093fd776a1 https://git.kernel.org/stable/c/0c12028aec837f5a002009bbf68d179d506510e8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38603 – drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset()
https://notcve.org/view.php?id=CVE-2024-38603
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action() fails, the irq vector is not freed, which leads to a memory leak. Replace the devm_add_action with devm_add_action_or_reset to ensure the irq vector can be destroyed when it fails. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drivers/perf: hisi: hns3: en realidad usa devm_add_action_or_reset() pci_alloc_irq_vectors() asigna un vector irq. Cuando devm_add_action() falla, el vector irq no se libera, lo que provoca una pérdida de memoria. Reemplace devm_add_action con devm_add_action_or_reset para garantizar que el vector irq pueda destruirse cuando falla. • https://git.kernel.org/stable/c/66637ab137b44914356a9dc7a9b3f8ebcf0b0695 https://git.kernel.org/stable/c/1491a01ef5a98149048b12e208f6ed8e86ad10b9 https://git.kernel.org/stable/c/a7678a16c25b6ece1667ac681e3e783ff3de7a6f https://git.kernel.org/stable/c/2fcffaaf529d5fe3fdc6c0ee65a6f266b74de782 https://git.kernel.org/stable/c/b1e86f1ef8fa796f8935be392457639f3a907d91 https://git.kernel.org/stable/c/582c1aeee0a9e73010cf1c4cef338709860deeb0 •