CVE-2024-40941 – wifi: iwlwifi: mvm: don't read past the mfuart notifcation
https://notcve.org/view.php?id=CVE-2024-40941
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove the print of the buffer, we won't see it by default. If needed, we can see the content with tracing. This was reported by KFENCE. • https://git.kernel.org/stable/c/bdccdb854f2fb473f2ac4a6108df3cbfcedd5a87 https://git.kernel.org/stable/c/15b37c6fab9d5e40ac399fa1c725118588ed649c https://git.kernel.org/stable/c/6532f18e66b384b8d4b7e5c9caca042faaa9e8de https://git.kernel.org/stable/c/46c59a25337049a2a230ce7f7c3b9f21d0aaaad7 https://git.kernel.org/stable/c/65686118845d427df27ee83a6ddd4885596b0805 https://git.kernel.org/stable/c/a8bc8276af9aeacabb773f0c267cfcdb847c6f2d https://git.kernel.org/stable/c/a05018739a5e6b9dc112c95bd4c59904062c8940 https://git.kernel.org/stable/c/acdfa33c3cf5e1cd185cc1e0486bd0ea9 • CWE-125: Out-of-bounds Read •
CVE-2024-40940 – net/mlx5: Fix tainted pointer delete is case of flow rules creation fail
https://notcve.org/view.php?id=CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5_lag_create_port_sel_table(), instead of previously created rules, the tainted pointer is deleted deveral times. Fix this bug by using correct flow rules pointers. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/352899f384d4aefa77ede6310d08c1b515612a8f https://git.kernel.org/stable/c/531eab2da27dd42d68dfb841d82e987f4a6738b8 https://git.kernel.org/stable/c/d857df86837ac1c30592e8a068204d16feac9930 https://git.kernel.org/stable/c/a03a3fa12769e25f4385bee587afe1445aee7f7a https://git.kernel.org/stable/c/229bedbf62b13af5aba6525ad10b62ad38d9ccb5 https://access.redhat.com/security/cve/CVE-2024-40940 https://bugzilla.redhat.com/show_bug.cgi?id=2297524 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVE-2024-40939 – net: wwan: iosm: Fix tainted pointer delete is case of region creation fail
https://notcve.org/view.php?id=CVE-2024-40939
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail In case of region creation fail in ipc_devlink_create_region(), previously created regions delete process starts from tainted pointer which actually holds error code value. Fix this bug by decreasing region index before delete. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/4dcd183fbd67b105decc8be262311937730ccdbf https://git.kernel.org/stable/c/fe394d59cdae81389dbf995e87c83c1acd120597 https://git.kernel.org/stable/c/040d9384870386eb5dc55472ac573ac7756b2050 https://git.kernel.org/stable/c/37a438704d19bdbe246d51d3749b6b3a8fe65afd https://git.kernel.org/stable/c/b0c9a26435413b81799047a7be53255640432547 https://access.redhat.com/security/cve/CVE-2024-40939 https://bugzilla.redhat.com/show_bug.cgi?id=2297523 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVE-2024-40938 – landlock: Fix d_parent walk
https://notcve.org/view.php?id=CVE-2024-40938
In the Linux kernel, the following vulnerability has been resolved: landlock: Fix d_parent walk The WARN_ON_ONCE() in collect_domain_accesses() can be triggered when trying to link a root mount point. This cannot work in practice because this directory is mounted, but the VFS check is done after the call to security_path_link(). Do not use source directory's d_parent when the source directory is the mount point. [mic: Fix commit message] • https://git.kernel.org/stable/c/b91c3e4ea756b12b7d992529226edce1cfd854d7 https://git.kernel.org/stable/c/b6e5e696435832b33e40775f060ef5c95f4fda1f https://git.kernel.org/stable/c/cc30d05b34f9a087a6928d09b131f7b491e9ab11 https://git.kernel.org/stable/c/c7618c7b0b8c45bcef34410cc1d1e953eb17f8f6 https://git.kernel.org/stable/c/88da52ccd66e65f2e63a6c35c9dff55d448ef4dc •
CVE-2024-40937 – gve: Clear napi->skb before dev_kfree_skb_any()
https://notcve.org/view.php?id=CVE-2024-40937
In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed. • https://git.kernel.org/stable/c/9b8dd5e5ea48bbb7532d20c4093a79d8283e4029 https://git.kernel.org/stable/c/75afd8724739ee5ed8165acde5f6ac3988b485cc https://git.kernel.org/stable/c/d221284991118c0ab16480b53baecd857c0bc442 https://git.kernel.org/stable/c/2ce5341c36993b776012601921d7688693f8c037 https://git.kernel.org/stable/c/a68184d5b420ea4fc7e6b7ceb52bbc66f90d3c50 https://git.kernel.org/stable/c/6f4d93b78ade0a4c2cafd587f7b429ce95abb02e •