CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38577 – rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow
https://notcve.org/view.php?id=CVE-2024-38577
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are unrealistically high, but buffer overflow is still possible. Use snprintf() with buffer size instead of sprintf(). Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rcu-tasks: Corrige show_rcu_tasks_trace_gp_kthread desbordamiento del búfer. Existe la posibilidad de que se produzca un desbordamiento del búfer en show_rcu_tasks_trace_gp_kthread() si los contadores pasados a sprintf() son enormes. Los números de contador necesarios para esto son excesivamente altos, pero aún es posible un desbordamiento del búfer. • https://git.kernel.org/stable/c/edf3775f0ad66879796f594983163f672c4bf1a2 https://git.kernel.org/stable/c/17c43211d45f13d1badea3942b76bf16bcc49281 https://git.kernel.org/stable/c/af7b560c88fb420099e29890aa682b8a3efc8784 https://git.kernel.org/stable/c/08186d0c5fb64a1cc4b43e009314ee6b173ed222 https://git.kernel.org/stable/c/32d988f48ed287e676a29a15ac30701c35849aec https://git.kernel.org/stable/c/6593d857ce5b5b802fb73d8091ac9c84b92c1697 https://git.kernel.org/stable/c/1a240e138071b25944ded0f5b3e357aa99fabcb7 https://git.kernel.org/stable/c/cc5645fddb0ce28492b15520306d09273 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38576 – rcu: Fix buffer overflow in print_cpu_stall_info()
https://notcve.org/view.php?id=CVE-2024-38576
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers sometimes get very confused about time, which can result in full-sized integers, and, in this case, buffer overflow. Also, the unsigned jiffies difference is printed using %ld, which is normally for signed integers. This is intentional for debugging purposes, but it is not obvious from the code. This commit therefore changes sprintf() to snprintf() and adds a clarifying comment about intention of %ld format. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: rcu: corrige el desbordamiento del búfer en print_cpu_stall_info() La salida rcuc-starvation de print_cpu_stall_info() podría desbordar el búfer si hay una gran diferencia en santiamén. La situación puede parecer improbable, pero las computadoras a veces se confunden mucho con el tiempo, lo que puede resultar en números enteros de tamaño completo y, en este caso, en un desbordamiento del búfer. • https://git.kernel.org/stable/c/245a62982502255314b63dd2c4daaedd1cd595a6 https://git.kernel.org/stable/c/e2228ed3fe7aa838fba87c79a76fb1ad9ea47138 https://git.kernel.org/stable/c/afb39909bfb5c08111f99e21bf5be7505f59ff1c https://git.kernel.org/stable/c/9351e1338539cb7f319ffc1210fa9b2aa27384b5 https://git.kernel.org/stable/c/4c3e2ef4d8ddd313c8ce3ac30505940bea8d6257 https://git.kernel.org/stable/c/3758f7d9917bd7ef0482c4184c0ad673b4c4e069 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38573 – cppc_cpufreq: Fix possible null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38573
In the Linux kernel, the following vulnerability has been resolved: cppc_cpufreq: Fix possible null pointer dereference cppc_cpufreq_get_rate() and hisi_cppc_cpufreq_get_rate() can be called from different places with various parameters. So cpufreq_cpu_get() can return null as 'policy' in some circumstances. Fix this bug by adding null return check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cppc_cpufreq: se corrige la posible desreferencia del puntero nulo. cppc_cpufreq_get_rate() y hisi_cppc_cpufreq_get_rate() se pueden llamar desde diferentes lugares con varios parámetros. Entonces cpufreq_cpu_get() puede devolver nulo como 'política' en algunas circunstancias. Corrija este error agregando una verificación de devolución nula. • https://git.kernel.org/stable/c/a28b2bfc099c6b9caa6ef697660408e076a32019 https://git.kernel.org/stable/c/9a185cc5a79ba408e1c73375706630662304f618 https://git.kernel.org/stable/c/769c4f355b7962895205b86ad35617873feef9a5 https://git.kernel.org/stable/c/f84b9b25d045e67a7eee5e73f21278c8ab06713c https://git.kernel.org/stable/c/b18daa4ec727c0266de5bfc78e818d168cc4aedf https://git.kernel.org/stable/c/dfec15222529d22b15e5b0d63572a9e39570cab4 https://git.kernel.org/stable/c/cf7de25878a1f4508c69dc9f6819c21ba177dbfe https://access.redhat.com/security/cve/CVE-2024-38573 • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38571 – thermal/drivers/tsens: Fix null pointer dereference
https://notcve.org/view.php?id=CVE-2024-38571
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) which lead to null pointer dereference (if DEBUG or DYNAMIC_DEBUG set). Fix this bug by adding null pointer check. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Thermal/drivers/tsens: se corrigió la desreferencia del puntero nulo Compute_intercept_slope() se llama desde calibrate_8960() (en tsens-8960.c) como Compute_intercept_slope(priv, p1, NULL, ONE_PT_CALIB) lo que conduce a la desreferencia del puntero nulo (si DEBUG o DYNAMIC_DEBUG están configurados). Corrija este error agregando una verificación de puntero nulo. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/dfc1193d4dbd6c3cb68c944413146c940bde290a https://git.kernel.org/stable/c/27600e0c5272a262b0903e35ae1df37d33c5c1ad https://git.kernel.org/stable/c/11c731386ed82053c2759b6fea1a82ae946e5e0f https://git.kernel.org/stable/c/2d5ca6e4a2872e92a32fdfd87e04dd7d3ced7278 https://git.kernel.org/stable/c/06d17744b77bc6cb29a6c785f4fad8c4163ee653 https://git.kernel.org/stable/c/fcf5f1b5f308f2eb422f6aca55d295b25890906b https://git.kernel.org/stable/c/d998ddc86a27c92140b9f7984ff41e3d1d07a48f •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38570 – gfs2: Fix potential glock use-after-free on unmount
https://notcve.org/view.php?id=CVE-2024-38570
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to speed up filesystem unmount: gfs2 would simply free glocks it didn't want to unlock and then release the lockspace. This didn't take the bast callbacks for asynchronous lock contention notifications into account, which remain active until until a lock is unlocked or its lockspace is released. To prevent those callbacks from accessing deallocated objects, put the glocks that should not be unlocked on the sd_dead_glocks list, release the lockspace, and only then free those glocks. As an additional measure, ignore unexpected ast and bast callbacks if the receiving glock is dead. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: gfs2: soluciona el posible use-after-free de glock al desmontar Cuando se libera un espacio de bloqueo de DLM y todavía hay bloqueos en ese espacio de bloqueo, DLM desbloqueará esos bloqueos automáticamente. El commit fb6791d100d1b comenzó a explotar este comportamiento para acelerar el desmontaje del sistema de archivos: gfs2 simplemente liberaría las glocks que no quería desbloquear y luego liberaría el espacio de bloqueo. • https://git.kernel.org/stable/c/fb6791d100d1bba20b5cdbc4912e1f7086ec60f8 https://git.kernel.org/stable/c/0636b34b44589b142700ac137b5f69802cfe2e37 https://git.kernel.org/stable/c/e42e8a24d7f02d28763d16ca7ec5fc6d1f142af0 https://git.kernel.org/stable/c/501cd8fabf621d10bd4893e37f6ce6c20523c8ca https://git.kernel.org/stable/c/d98779e687726d8f8860f1c54b5687eec5f63a73 https://access.redhat.com/security/cve/CVE-2024-38570 https://bugzilla.redhat.com/show_bug.cgi?id=2293423 • CWE-416: Use After Free •