CVE-2024-35995 – ACPI: CPPC: Use access_width over bit_width for system memory accesses
https://notcve.org/view.php?id=CVE-2024-35995
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use access_width over bit_width for system memory accesses To align with ACPI 6.3+, since bit_width can be any 8-bit value, it cannot be depended on to be always on a clean 8b boundary. This was uncovered on the Cobalt 100 platform. SError Interrupt on CPU26, code 0xbe000011 -- SError CPU: 26 PID: 1510 Comm: systemd-udevd Not tainted 5.15.2.1-13 #1 Hardware name: MICROSOFT CORPORATION, BIOS MICROSOFT CORPORATION pstate: 62400009... • https://git.kernel.org/stable/c/4949affd5288b867cdf115f5b08d6166b2027f87 •
CVE-2024-35992 – phy: marvell: a3700-comphy: Fix out of bounds read
https://notcve.org/view.php?id=CVE-2024-35992
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: marvell: a3700-comphy: Fix out of bounds read There is an out of bounds read access of 'gbe_phy_init_fix[fix_idx].addr' every iteration after 'fix_idx' reaches 'ARRAY_SIZE(gbe_phy_init_fix)'. Make sure 'gbe_phy_init[addr]' is used when all elements of 'gbe_phy_init_fix' array are handled. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: marvell: a3... • https://git.kernel.org/stable/c/934337080c6c59b75db76b180b509f218640ad48 • CWE-125: Out-of-bounds Read •
CVE-2024-35990 – dma: xilinx_dpdma: Fix locking
https://notcve.org/view.php?id=CVE-2024-35990
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dma: xilinx_dpdma: Fix locking There are several places where either chan->lock or chan->vchan.lock was not held. Add appropriate locking. This fixes lockdep warnings like [ 31.077578] ------------[ cut here ]------------ [ 31.077831] WARNING: CPU: 2 PID: 40 at drivers/dma/xilinx/xilinx_dpdma.c:834 xilinx_dpdma_chan_queue_transfer+0x274/0x5e0 [ 31.077953] Modules linked in: [ 31.078019] CPU: 2 PID: 40 Comm: kworker/u12:1 Not tainted 6.6.20+... • https://git.kernel.org/stable/c/7cbb0c63de3fc218fd06ecfedb477772a4d12f76 • CWE-667: Improper Locking •
CVE-2024-35989 – dmaengine: idxd: Fix oops during rmmod on single-CPU platforms
https://notcve.org/view.php?id=CVE-2024-35989
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms During the removal of the idxd driver, registered offline callback is invoked as part of the clean up process. However, on systems with only one CPU online, no valid target is available to migrate the perf context, resulting in a kernel oops: BUG: unable to handle page fault for address: 000000000002a2b8 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-p... • https://git.kernel.org/stable/c/81dd4d4d6178306ab31db91bdc7353d485bdafce •
CVE-2024-35988 – riscv: Fix TASK_SIZE on 64-bit NOMMU
https://notcve.org/view.php?id=CVE-2024-35988
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: riscv: Fix TASK_SIZE on 64-bit NOMMU On NOMMU, userspace memory can come from anywhere in physical RAM. The current definition of TASK_SIZE is wrong if any RAM exists above 4G, causing spurious failures in the userspace access routines. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: riscv: corrige TASK_SIZE en NOMMU de 64 bits En NOMMU, la memoria del espacio de usuario puede provenir de cualquier lugar de la RAM física. La... • https://git.kernel.org/stable/c/6bd33e1ece528f67646db33bf97406b747dafda0 •
CVE-2024-35986 – phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered
https://notcve.org/view.php?id=CVE-2024-35986
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The power_supply frame-work is not really designed for there to be long living in kernel references to power_supply devices. Specifically unregistering a power_supply while some other code has a reference to it triggers a WARN in power_supply_unregister(): WARN_ON(atomic_dec_return(&psy->use_cnt)); Folllowed by the power_supply still getting removed and the backing ... • https://git.kernel.org/stable/c/48969a5623ed918713552e2b4f9d391c89b5e838 •
CVE-2024-35984 – i2c: smbus: fix NULL function pointer dereference
https://notcve.org/view.php?id=CVE-2024-35984
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being available. Fix this by always checking the pointer in __i2c_transfer. [wsa: dropped the simplification in core-smbus to avoid theoretical regressions] En el kernel de Linux, se resolvió la siguiente vulnerabilidad: i2c: smbus: corrige la de... • https://git.kernel.org/stable/c/63453b59e41173241c4efe9335815f6432fa8586 • CWE-476: NULL Pointer Dereference •
CVE-2024-35983 – bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS
https://notcve.org/view.php?id=CVE-2024-35983
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: bounds: Use the right number of bits for power-of-two CONFIG_NR_CPUS bits_per() rounds up to the next power of two when passed a power of two. This causes crashes on some machines and configurations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: límites: utilice el número correcto de bits para potencia de dos CONFIG_NR_CPUS bits_per() redondea a la siguiente potencia de dos cuando se pasa una potencia de dos. Esto provo... • https://git.kernel.org/stable/c/d6077e0d38b4953c863d0db4a5b3f41d21e0d546 •
CVE-2024-35982 – batman-adv: Avoid infinite loop trying to resize local TT
https://notcve.org/view.php?id=CVE-2024-35982
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a single packet. But if the MTU becomes too low to transmit even the header + the VLAN specific part then the resizing of the local TT will never succeed. This can for example happen when the usable space is 110 byt... • https://git.kernel.org/stable/c/a19d3d85e1b854e4a483a55d740a42458085560d • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2024-35981 – virtio_net: Do not send RSS key if it is not supported
https://notcve.org/view.php?id=CVE-2024-35981
20 May 2024 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: Do not send RSS key if it is not supported There is a bug when setting the RSS options in virtio_net that can break the whole machine, getting the kernel into an infinite loop. Running the following command in any QEMU virtual machine with virtionet will reproduce this problem: # ethtool -X eth0 hfunc toeplitz This is how the problem happens: 1) ethtool_set_rxfh() calls virtnet_set_rxfh() 2) virtnet_set_rxfh() calls virtnet_comm... • https://git.kernel.org/stable/c/c7114b1249fa3b5f3a434606ba4cc89c4a27d618 •