CVE-2024-49997 – net: ethernet: lantiq_etop: fix memory disclosure
https://notcve.org/view.php?id=CVE-2024-49997
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiq_etop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is observed on the wire. This patch uses skb_put_padto() to pad Ethernet frames properly. The mentioned function zeroes the expanded buffer. In case the packet cannot be padded it is silently dropped. Statistics are also not incremented. • https://git.kernel.org/stable/c/504d4721ee8e432af4b5f196a08af38bc4dac5fe https://git.kernel.org/stable/c/905f06a34f960676e7dc77bea00f2f8fe18177ad https://git.kernel.org/stable/c/60c068444c20bf9a3e22b65b5f6f3d9edc852931 https://git.kernel.org/stable/c/185df159843d30fb71f821e7ea4368c2a3bfcd36 https://git.kernel.org/stable/c/469856f76f4802c5d7e3d20e343185188de1e2db https://git.kernel.org/stable/c/2bf4c101d7c99483b8b15a0c8f881e3f399f7e18 https://git.kernel.org/stable/c/e66e38d07b31e177ca430758ed97fbc79f27d966 https://git.kernel.org/stable/c/1097bf16501ed5e35358d848b0a94ad28 •
CVE-2024-49995 – tipc: guard against string buffer overrun
https://notcve.org/view.php?id=CVE-2024-49995
In the Linux kernel, the following vulnerability has been resolved: tipc: guard against string buffer overrun Smatch reports that copying media_name and if_name to name_parts may overwrite the destination. .../bearer.c:166 bearer_name_validate() error: strcpy() 'media_name' too large for 'name_parts->media_name' (32 vs 16) .../bearer.c:167 bearer_name_validate() error: strcpy() 'if_name' too large for 'name_parts->if_name' (1010102 vs 16) This does seem to be the case so guard against this possibility by using strscpy() and failing if truncation occurs. Introduced by commit b97bf3fd8f6a ("[TIPC] Initial merge") Compile tested only. • https://git.kernel.org/stable/c/8298b6e45fb4d8944f356b08e4ea3e54df5e0488 https://git.kernel.org/stable/c/c79768ffba5b6e95569a463a69b3101c95694867 https://git.kernel.org/stable/c/e2b2558971e02ca33eb637a8350d68a48b3e8e46 https://git.kernel.org/stable/c/54dae0e9063ed23c9acf8d5ab9b18d3426a8ac18 https://git.kernel.org/stable/c/80c0be7bcf940ce9308311575c3aff8983c9b97a https://git.kernel.org/stable/c/12d26aa7fd3cbdbc5149b6e516563478d575026e https://git.kernel.org/stable/c/2ed7f42dfd3edb387034128ca5b0f639836d4ddd https://git.kernel.org/stable/c/a18c7b239d02aafb791ae2c45226f6bb4 •
CVE-2024-49994 – block: fix integer overflow in BLKSECDISCARD
https://notcve.org/view.php?id=CVE-2024-49994
In the Linux kernel, the following vulnerability has been resolved: block: fix integer overflow in BLKSECDISCARD I independently rediscovered commit 22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 block: fix overflow in blk_ioctl_discard() but for secure erase. Same problem: uint64_t r[2] = {512, 18446744073709551104ULL}; ioctl(fd, BLKSECDISCARD, r); will enter near infinite loop inside blkdev_issue_secure_erase(): a.out: attempt to access beyond end of device loop0: rw=5, sector=3399043073, nr_sectors = 1024 limit=2048 bio_check_eod: 3286214 callbacks suppressed • https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d https://git.kernel.org/stable/c/697ba0b6ec4ae04afb67d3911799b5e2043b4455 •
CVE-2024-49992 – drm/stm: Avoid use-after-free issues with crtc and plane
https://notcve.org/view.php?id=CVE-2024-49992
In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with parameters allocated with devm_kzalloc() to avoid use-after-free issues [1]. Use allocations managed by the DRM framework. Found by Linux Verification Center (linuxtesting.org). [1] https://lore.kernel.org/lkml/u366i76e3qhh3ra5oxrtngjtm2u5lterkekcz6y2jkndhuxzli@diujon4h7qwb/ • https://git.kernel.org/stable/c/d02611ff001454358be6910cb926799e2d818716 https://git.kernel.org/stable/c/0a1741d10da29aa84955ef89ae9a03c4b6038657 https://git.kernel.org/stable/c/454e5d7e671946698af0f201e48469e5ddb42851 https://git.kernel.org/stable/c/b22eec4b57d04befa90e8554ede34e6c67257606 https://git.kernel.org/stable/c/19dd9780b7ac673be95bf6fd6892a184c9db611f •
CVE-2024-49991 – drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
https://notcve.org/view.php?id=CVE-2024-49991
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set to NULL, this could cause use-after-free bug. • https://git.kernel.org/stable/c/30ceb873cc2e97348d9da2265b2d1ddf07f682e1 https://git.kernel.org/stable/c/71f3240f82987f0f070ea5bed559033de7d4c0e1 https://git.kernel.org/stable/c/6c9289806591807e4e3be9a23df8ee2069180055 https://git.kernel.org/stable/c/c86ad39140bbcb9dc75a10046c2221f657e8083b •