CVE-2024-42102 – Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again"
https://notcve.org/view.php?id=CVE-2024-42102
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This patch (of 2): This reverts commit 9319b647902cbd5cc884ac08a8a6d54ce111fc78. The commit is broken in several ways. Firstly, the removed (u64) cast from the multiplication will introduce a multiplication overflow on 32-bit archs if wb_thresh * bg_thresh >= 1<<32 (which is actually common - the default settings with 4GB of RAM will trigger this). Secondly, the div64_u64() is unnecessarily expensive on 32-bit archs. We have div64_ul() in case we want to be safe & cheap. • https://git.kernel.org/stable/c/c593d26fb5d577ef31b6e49a31e08ae3ebc1bc1e https://git.kernel.org/stable/c/1f12e4b3284d6c863f272eb2de0d4248ed211cf4 https://git.kernel.org/stable/c/81e7d2530d458548b90a5c5e76b77ad5e5d1c0df https://git.kernel.org/stable/c/5099871b370335809c0fd1abad74d9c7c205d43f https://git.kernel.org/stable/c/16b1025eaa8fc223ab4273ece20d1c3a4211a95d https://git.kernel.org/stable/c/ec18ec230301583395576915d274b407743d8f6c https://git.kernel.org/stable/c/9319b647902cbd5cc884ac08a8a6d54ce111fc78 https://git.kernel.org/stable/c/65977bed167a92e87085e757fffa5798f • CWE-369: Divide By Zero •
CVE-2024-42101 – drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
https://notcve.org/view.php?id=CVE-2024-42101
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. A flaw was found in the Linux kernel’s nouveau module. The return value of the drm_mode_duplicate function is not checked in the nouveau_connector_get_modes function in the drivers/gpu/drm/nouveau/nouveau_connector.c file, possibly causing a NULL pointer dereference and resulting in a denial of service. • https://git.kernel.org/stable/c/6ee738610f41b59733f63718f0bdbcba7d3a3f12 https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07 https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9 https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16 • CWE-476: NULL Pointer Dereference •
CVE-2024-42100 – clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common
https://notcve.org/view.php?id=CVE-2024-42100
In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: common: Don't call hw_to_ccu_common on hw without common In order to set the rate range of a hw sunxi_ccu_probe calls hw_to_ccu_common() assuming all entries in desc->ccu_clks are contained in a ccu_common struct. This assumption is incorrect and, in consequence, causes invalid pointer de-references. Remove the faulty call. Instead, add one more loop that iterates over the ccu_clks and sets the rate range, if required. • https://git.kernel.org/stable/c/547263745e15a038ec3954b5c283805529377626 https://git.kernel.org/stable/c/b914ec33b391ec766545a41f0cfc0de3e0b388d7 https://git.kernel.org/stable/c/761cbd9c0e4ed082b548bf6a0de25eebad24309d https://git.kernel.org/stable/c/14c78d69dbca6a28af14095f639ec4318ec07fdc https://git.kernel.org/stable/c/7a0e2738cb6da5a55c9908dff333600aeb263e07 https://git.kernel.org/stable/c/ea977d742507e534d9fe4f4d74256f6b7f589338 •
CVE-2023-52888 – media: mediatek: vcodec: Only free buffer VA that is not NULL
https://notcve.org/view.php?id=CVE-2023-52888
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. • https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91 https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04 https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32 •
CVE-2024-42098 – crypto: ecdh - explicitly zeroize private_key
https://notcve.org/view.php?id=CVE-2024-42098
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails. • https://git.kernel.org/stable/c/39173b04abda87872b43c331468a4a14f8f05ce8 https://git.kernel.org/stable/c/fd7ef325911eba1b7191b83cb580463242f2090d https://git.kernel.org/stable/c/80575b252ab0358b7e93895b2a510beb3cb3f975 https://git.kernel.org/stable/c/d96187eb8e59b572a8e6a68b6a9837a867ea29df https://git.kernel.org/stable/c/73e5984e540a76a2ee1868b91590c922da8c24c9 •