CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38577 – rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
https://notcve.org/view.php?id=CVE-2024-38577
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu-tasks: Corrige show_rcu_tasks_trace_gp_kthread desbordamiento del búfer. Existe la posibilidad de que se produzca un desbordamiento del búfer en show_rcu_tasks_trace_gp_kthread() si los contadores pasados a sprintf() son enormes. Los números de contador necesarios para esto son excesivamente altos, pero aún es posible un desbordamiento del búfer. • https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281 https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784 https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222 https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697 https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7 https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d09273 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38576 – rcu: Fix buffer overflow in print_cpu_stall_info()
https://notcve.org/view.php?id=CVE-2024-38576
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rcu: corrige el desbordamiento del búfer en print_cpu_stall_info() La salida rcuc-starvation de print_cpu_stall_info() podría desbordar el búfer si hay una gran diferencia en santiamén. La situación puede parecer improbable, pero las computadoras a veces se confunden mucho con el tiempo, lo que puede resultar en números enteros de tamaño completo y, en este caso, en un desbordamiento del búfer. • https://git.kernel.org/stable/c/245a62982502255314b63dd2c4daaedd1cd595a6 https://git.kernel.org/stable/c/e2228ed3fe7aa838fba87c79a76fb1ad9ea47138 https://git.kernel.org/stable/c/afb39909bfb5c08111f99e21bf5be7505f59ff1c https://git.kernel.org/stable/c/9351e1338539cb7f319ffc1210fa9b2aa27384b5 https://git.kernel.org/stable/c/4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257 https://git.kernel.org/stable/c/3758f7d9917bd7ef0482c4184c0ad673b4c4e069 • CWE-121: Stack-based Buffer Overflow •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38575 – wifi: brcmfmac: pcie: handle randbuf allocation failure
https://notcve.org/view.php?id=CVE-2024-38575
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the randbuf, the null pointer dereference bug will happen. In order to prevent allocation failure, this patch adds a separate function using buffer on kernel stack to generate random bytes in the randbuf, which could prevent the kernel stack from overflow. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcmfmac: pcie: manejar fallo de asignación de randbuf El kzalloc() en brcmf_pcie_download_fw_nvram() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos get_random_bytes() para generar bytes aleatorios en randbuf, se producirá el error de desreferencia del puntero nulo. Para evitar fallas en la asignación, este parche agrega una función separada que utiliza el búfer en la pila del kernel para generar bytes aleatorios en randbuf, lo que podría evitar que la pila del kernel se desborde. • https://git.kernel.org/stable/c/c35105f375b530bc27e03ea9250b1c26dd4cae86 https://git.kernel.org/stable/c/91918ce88d9fef408bb12c46a27c73d79b604c20 https://git.kernel.org/stable/c/ba72baed066f3bfa8b489e4b58f1fcaf51c04f83 https://git.kernel.org/stable/c/0eb2c0528e232b3c32cde9d5e1c9f80ba2996e49 https://git.kernel.org/stable/c/c37466406f075476c2702ecc01917928af871f3b https://git.kernel.org/stable/c/7c15eb344b0d4d3468c9b2a7591ad2b859b29b88 https://git.kernel.org/stable/c/3729ca9e48d19a03ae049e2bde510e161c2f3720 https://git.kernel.org/stable/c/316f790ebcf94bdf59f794b7cdea4068d • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38574 – libbpf: Prevent null-pointer dereference when prog to load has no BTF
https://notcve.org/view.php?id=CVE-2024-38574
In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpf_objec_load_prog(), there's no guarantee that obj->btf is non-NULL when passing it to btf__fd(), and this function does not perform any check before dereferencing its argument (as bpf_object__btf_fd() used to do). As a consequence, we get segmentation fault errors in bpftool (for example) when trying to load programs that come without BTF information. v2: Keep btf__fd() in the fix instead of reverting to bpf_object__btf_fd(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: libbpf: evita la desreferencia del puntero nulo cuando el programa a cargar no tiene BTF. En bpf_objec_load_prog(), no hay garantía de que obj->btf no sea NULL al pasarlo a btf__fd() , y esta función no realiza ninguna verificación antes de eliminar la referencia a su argumento (como solía hacer bpf_object__btf_fd()). Como consecuencia, obtenemos errores de segmentación en bpftool (por ejemplo) cuando intentamos cargar programas que vienen sin información BTF. v2: Mantenga btf__fd() en la solución en lugar de volver a bpf_object__btf_fd(). • https://git.kernel.org/stable/c/df7c3f7d3a3ddab31ca8cfa9b86a8729ec43fd2e https://git.kernel.org/stable/c/ef80b59acfa4dee4b5eaccb15572b69248831104 https://git.kernel.org/stable/c/1fd91360a75833b7110af9834ae26c977e1273e0 https://git.kernel.org/stable/c/9bf48fa19a4b1d186e08b20bf7e5de26a15644fb •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38573 – cppc_cpufreq: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38573
In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cppc_cpufreq: se corrige la posible desreferencia del puntero nulo. cppc_cpufreq_get_rate() y hisi_cppc_cpufreq_get_rate() se pueden llamar desde diferentes lugares con varios parámetros. Entonces cpufreq_cpu_get() puede devolver nulo como 'política' en algunas circunstancias. Corrija este error agregando una verificación de devolución nula. • https://git.kernel.org/stable/c/a28b2bfc099c6b9caa6ef697660408e076a32019 https://git.kernel.org/stable/c/9a185cc5a79ba408e1c73375706630662304f618 https://git.kernel.org/stable/c/769c4f355b7962895205b86ad35617873feef9a5 https://git.kernel.org/stable/c/f84b9b25d045e67a7eee5e73f21278c8ab06713c https://git.kernel.org/stable/c/b18daa4ec727c0266de5bfc78e818d168cc4aedf https://git.kernel.org/stable/c/dfec15222529d22b15e5b0d63572a9e39570cab4 https://git.kernel.org/stable/c/cf7de25878a1f4508c69dc9f6819c21ba177dbfe https://access.redhat.com/security/cve/CVE-2024-38573 • CWE-476: NULL Pointer Dereference •