CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2024-53112 – ocfs2: uncache inode which has failed entering the group
https://notcve.org/view.php?id=CVE-2024-53112
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? • https://git.kernel.org/stable/c/7909f2bf835376a20d6dbf853eb459a27566eba2 https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73 https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8 https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b0722252d12 https://git.kernel.org/stable/c/737f34137844d6572ab7d473c998c7f977ff30eb •
CVSS: -EPSS: %CPEs: 3EXPL: 0CVE-2024-53108 – drm/amd/display: Adjust VSDB parser for replay feature
https://notcve.org/view.php?id=CVE-2024-53108
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 ... [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Ajustar el analizador VSDB para la función de reproducción En algún momento, se agregó la identificación IEEE ID para la comprobación de reproducción en AMD EDID. Sin embargo, esta comprobación provoca los siguientes problemas fuera de límites al utilizar KASAN: [ 27.804016] ERROR: KASAN: slab-out-of-bounds en amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Lectura de tamaño 1 en la dirección ffff8881647fdb00 por la tarea systemd-udevd/383 ... [ 27.821207] Estado de la memoria alrededor de la dirección con errores: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ===================================================================== Esto se debe a que la extracción de ID se realiza fuera del rango de longitud de edid. Esta confirmación soluciona este problema al considerar el tamaño de amd_vsdb_block. • https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7 https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217 https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2024-53104 – media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
https://notcve.org/view.php?id=CVE-2024-53104
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Omitir el análisis de fotogramas de tipo UVC_VS_UNDEFINED en uvc_parse_format Esto puede provocar escrituras fuera de los límites, ya que los fotogramas de este tipo no se tuvieron en cuenta al calcular el tamaño del búfer de fotogramas en uvc_parse_streaming. • https://git.kernel.org/stable/c/c0efd232929c2cd87238de2cccdaf4e845be5b0c https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8 https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773 https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29 https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6 https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2024-53103 – hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
https://notcve.org/view.php?id=CVE-2024-53103
In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hv_sock: inicialización de vsk->trans en NULL para evitar un puntero colgante. Cuando se lanza hvs, existe la posibilidad de que vsk->trans no se inicialice en NULL, lo que podría provocar un puntero colgante. Este problema se resuelve inicializando vsk->trans en NULL. • https://git.kernel.org/stable/c/ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80 https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497 https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2023-52922 – can: bcm: Fix UAF in bcm_proc_show()
https://notcve.org/view.php?id=CVE-2023-52922
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op. • https://git.kernel.org/stable/c/ffd980f976e7fd666c2e61bf8ab35107efd11828 https://git.kernel.org/stable/c/11b8e27ed448baa385d90154a141466bd5e92f18 https://git.kernel.org/stable/c/9b58d36d0c1ea29a9571e0222a9c29df0ccfb7ff https://git.kernel.org/stable/c/9533dbfac0ff7edd77a5fa2c24974b1d66c8b0a6 https://git.kernel.org/stable/c/cf254b4f68e480e73dab055014e002b77aed30ed https://git.kernel.org/stable/c/3c3941bb1eb53abe7d640ffee5c4d6b559829ab3 https://git.kernel.org/stable/c/995f47d76647708ec26c6e388663ad4f3f264787 https://git.kernel.org/stable/c/dfd0aa26e9a07f2ce546ccf8304ead6a2 •