CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-42307 – cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path
https://notcve.org/view.php?id=CVE-2024-42307
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential null pointer use in destroy_workqueue in init_cifs error path Dan Carpenter reported a Smack static checker warning: fs/smb/client/cifsfs.c:1981 init_cifs() error: we previously assumed 'serverclose_wq' could be null (see line 1895) The patch which introduced the serverclose workqueue used the wrong oredering in error paths in init_cifs() for freeing it on errors. • https://git.kernel.org/stable/c/8c99dfb49bdc17edffc7ff3d46b400c8c291686c https://git.kernel.org/stable/c/6f17163b9339fac92023a1d9bef22128db3b9a4b https://git.kernel.org/stable/c/173217bd73365867378b5e75a86f0049e1069ee8 https://git.kernel.org/stable/c/40a5d14c9d3b585d55d3209fb5efe202dcaac926 https://git.kernel.org/stable/c/6018971710fdc7739f8655c1540832b4bb903671 https://git.kernel.org/stable/c/160235efb4f9b55212dedff5de0094c606c4b303 https://git.kernel.org/stable/c/3739d711246d8fbc95ff73dbdace9741cdce4777 https://git.kernel.org/stable/c/193cc89ea0ca1da311877d2b4bb5e9f03 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-42306 – udf: Avoid using corrupted block bitmap buffer
https://notcve.org/view.php?id=CVE-2024-42306
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. • https://git.kernel.org/stable/c/7648ea9896b31aff38830d81188f5b7a1773e4a8 https://git.kernel.org/stable/c/4ac54312f623c6d2ca30c36c1ef530c11f5aff64 https://git.kernel.org/stable/c/099bf90d7fc4622da9fd4727f6d318a0f12d10be https://git.kernel.org/stable/c/6ac8f2c8362afd2baa8e7b9c946597589e587d22 https://git.kernel.org/stable/c/1e0d4adf17e7ef03281d7b16555e7c1508c8ed2d https://git.kernel.org/stable/c/f862a9049c3f6e73a5504a1ac10ffd5bc253ab55 https://git.kernel.org/stable/c/4622cc1b6d86013e01c56b60b092b5e4726c8e52 https://git.kernel.org/stable/c/cae9e59cc41683408b70b9ab569f86548 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42305 – ext4: check dot and dotdot of dx_root before making dir indexed
https://notcve.org/view.php?id=CVE-2024-42305
In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dx_root before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD 23ffee067 P4D 23ffee067 PUD 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 PID: 5079 Comm: syz-executor306 Not tainted 6.10.0-rc5-g55027e689933 #0 Call Trace: <TASK> make_indexed_dir+0xdaf/0x13c0 fs/ext4/namei.c:2341 ext4_add_entry+0x222a/0x25d0 fs/ext4/namei.c:2451 ext4_rename fs/ext4/namei.c:3936 [inline] ext4_rename2+0x26e5/0x4370 fs/ext4/namei.c:4214 [...] ============================================ The immediate cause of this problem is that there is only one valid dentry for the block to be split during do_split, so split==0 results in out of bounds accesses to the map triggering the issue. do_split unsigned split dx_make_map count = 1 split = count/2 = 0; continued = hash2 == map[split - 1].hash; ---> map[4294967295] The maximum length of a filename is 255 and the minimum block size is 1024, so it is always guaranteed that the number of entries is greater than or equal to 2 when do_split() is called. But syzbot's crafted image has no dot and dotdot in dir, and the dentry distribution in dirblock is as follows: bus dentry1 hole dentry2 free |xx--|xx-------------|............... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 https://git.kernel.org/stable/c/b80575ffa98b5bb3a5d4d392bfe4c2e03e9557db https://git.kernel.org/stable/c/19e13b4d7f0303186fcc891aba8d0de7c8fdbda8 https://git.kernel.org/stable/c/42d420517072028fb0eb852c358056b7717ba5aa https://git.kernel.org/stable/c/8afe06ed3be7a874b3cd82ef5f8959aca8d6429a https://git.kernel.org/stable/c/abb411ac991810c0bcbe51c2e76d2502bf611b5c https://git.kernel.org/stable/c/9d241b7a39af192d1bb422714a458982c7cc67a2 https://git.kernel.org/stable/c/cdd345321699042ece4a9d2e70754d239 •
CVSS: -EPSS: 0%CPEs: 12EXPL: 0CVE-2024-42304 – ext4: make sure the first directory block is not a hole
https://notcve.org/view.php?id=CVE-2024-42304
In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. • https://git.kernel.org/stable/c/3a17ca864baffc0c6f6e8aad525aa4365775a193 https://git.kernel.org/stable/c/4e19d6b65fb4fc42e352ce9883649e049da14743 https://git.kernel.org/stable/c/3f0307b0d2d8b333a6964fc4c820dc86896fd1cf https://git.kernel.org/stable/c/514631c2225c1fd556c799cc1893fb27b0f48f00 https://git.kernel.org/stable/c/7f1f86276515f6816a98f6ca3ef99c827d54642f https://git.kernel.org/stable/c/5021b7a5bdd6bb859eb648c3da71cdd6aae1d133 https://git.kernel.org/stable/c/d81d7e347d1f1f48a5634607d39eb90c161c8afe https://git.kernel.org/stable/c/e02f9941e8c011aa3eafa799def6a134c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-42303 – media: imx-pxp: Fix ERR_PTR dereference in pxp_probe()
https://notcve.org/view.php?id=CVE-2024-42303
In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case of error. • https://git.kernel.org/stable/c/4e5bd3fdbeb3100d1f120999130afb2a7d41d82a https://git.kernel.org/stable/c/358bc85269d6a359fea597ef9fbb429cd3626e08 https://git.kernel.org/stable/c/5ab6ac4e9e165b0fe8a326308218337007224f05 https://git.kernel.org/stable/c/57e9ce68ae98551da9c161aaab12b41fe8601856 •