CVE-2024-26777 – fbdev: sis: Error out if pixclock equals zero
https://notcve.org/view.php?id=CVE-2024-26777
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: sis: error si pixclock es igual a cero. El programa de espacio de usuario podría pasar cualquier valor al controlador a través de la interfaz ioctl(). • https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207 https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313 https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1 https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99 https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239 •
CVE-2024-26776 – spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
https://notcve.org/view.php?id=CVE-2024-26776
In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: complete+0x54/0x100 hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx] __handle_irq_event_percpu+0x64/0x1e0 handle_irq_event+0x7c/0x1cc En el kernel de Linux, se resolvió la siguiente vulnerabilidad: spi: hisi-sfc-v3xx: Devuelve IRQ_NONE si no se detectaron interrupciones. Devuelve IRQ_NONE del controlador de interrupciones cuando no se detectó ninguna interrupción. Porque una interrupción vacía causará un error de puntero nulo: No se puede manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0000000000000008 Seguimiento de llamadas: completo+0x54/0x100 hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx] __handle_irq_event_percpu+0x64/0x1e0 handle_ evento_irq+0x7c/0x1cc • https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5 https://git.kernel.org/stable/c/0399d7eba41d9b28f5bdd7757ec21a5b7046858d https://git.kernel.org/stable/c/f19361d570c67e7e014896fa2dacd7d721bf0aa8 https://git.kernel.org/stable/c/d637b5118274701e8448f35953877daf04df18b4 https://git.kernel.org/stable/c/e4168ac25b4bd378bd7dda322d589482a136c1fd https://git.kernel.org/stable/c/de8b6e1c231a95abf95ad097b993d34b31458ec9 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html •
CVE-2024-26775 – aoe: avoid potential deadlock at set_capacity
https://notcve.org/view.php?id=CVE-2024-26775
In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- [1] lock(&bdev->bd_size_lock); local_irq_disable(); [2] lock(&d->lock); [3] lock(&bdev->bd_size_lock); <Interrupt> [4] lock(&d->lock); *** DEADLOCK *** Where [1](&bdev->bd_size_lock) hold by zram_add()->set_capacity(). [2]lock(&d->lock) hold by aoeblk_gdalloc(). And aoeblk_gdalloc() is trying to acquire [3](&bdev->bd_size_lock) at set_capacity() call. In this situation an attempt to acquire [4]lock(&d->lock) from aoecmd_cfg_rsp() will lead to deadlock. So the simplest solution is breaking lock dependency [2](&d->lock) -> [3](&bdev->bd_size_lock) by moving set_capacity() outside. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: aoe: evita un posible punto muerto en set_capacity Mueve set_capacity() fuera de la sección procesada por (&d->lock). Para evitar una posible interrupción en un escenario de bloqueo inseguro: CPU0 CPU1 ---- ---- [1] lock(&bdev->bd_size_lock); local_irq_disable(); [2] bloquear(&d->bloquear); [3] bloquear(&bdev->bd_size_lock); [4] bloqueo(&d->bloqueo); *** DEADLOCK *** Donde [1](&bdev->bd_size_lock) mantenido por zram_add()->set_capacity(). [2]bloqueo(&d->bloqueo) retenido por aoeblk_gdalloc(). Y aoeblk_gdalloc() está intentando adquirir [3](&bdev->bd_size_lock) en la llamada set_capacity(). • https://git.kernel.org/stable/c/2d623c94fbba3554f4446ba6f3c764994e8b0d26 https://git.kernel.org/stable/c/673629018ba04906899dcb631beec34d871f709c https://git.kernel.org/stable/c/19a77b27163820f793b4d022979ffdca8f659b77 https://git.kernel.org/stable/c/e169bd4fb2b36c4b2bee63c35c740c85daeb2e86 •
CVE-2024-26774 – ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
https://notcve.org/view.php?id=CVE-2024-26774
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evitar dividir por 0 en mb_update_avg_fragment_size() cuando el mapa de bits del bloque está dañado. Determine si bb_fragments es 0 en lugar de determinar bb_free para eliminar el riesgo de dividir por cero cuando el mapa de bits del bloque está dañado. • https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4 https://git.kernel.org/stable/c/8b40eb2e716b503f7a4e1090815a17b1341b2150 https://git.kernel.org/stable/c/f32d2a745b02123258026e105a008f474f896d6a https://git.kernel.org/stable/c/8cf9cc602cfb40085967c0d140e32691c8b71cf3 https://git.kernel.org/stable/c/993bf0f4c393b3667830918f9247438a8f6fdb5b •
CVE-2024-26773 – ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
https://notcve.org/view.php?id=CVE-2024-26773
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_group // Scan group gets ac_b_ex but doesn't use it ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // The block bitmap was corrupted during // the group unlock gap. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Allocating blocks in block bitmap corrupted group En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ext4: evite asignar bloques de un grupo dañado en ext4_mb_try_best_found() Determine si el mapa de bits del bloque del grupo está dañado antes de usar ac_b_ex en ext4_mb_try_best_found() para evitar asignar bloques de un grupo con un bloque dañado mapa de bits en la siguiente concurrencia y empeorando la situación. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // verifica si el bbitmap del grupo está dañado ext4_mb_complex_scan_group // El grupo de escaneo obtiene ac_b_ex pero no lo usa ext4_unlock_group(sb, group) ext4_mark_group_bitmap_corrupted(group) // El mapa de bits del bloque se corrompió durante // el grupo desbloquea la brecha. ext4_mb_try_best_found ext4_lock_group(ac->ac_sb, group) ext4_mb_use_best_found mb_mark_used // Asignación de bloques en un grupo dañado de mapa de bits de bloques A vulnerability was found in the ext4_mb_try_best_found() function in the Linux kernel. This issue could lead to memory corruption or crashes due to the allocation of blocks from a group with a corrupted block bitmap. • https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea https://git.kernel.org/stable/c/260fc96283c0f594de18a1b045faf6d8fb42874d https://git.kernel.org/stable/c/927794a02169778c9c2e7b25c768ab3ea8c1dc03 https://git.kernel.org/stable/c/4c21fa60a6f4606f6214a38f50612b17b2f738f5 https://git.kernel.org/stable/c/f97e75fa4e12b0aa0224e83fcbda8853ac2adf36 https://git.kernel.org/stable/c/0184747b552d6b5a14db3b7fcc3b792ce64dedd1 https://git.kernel.org/stable/c/a2576ae9a35c078e488f2c573e9e6821d651fbbe https://git.kernel.org/stable/c/4530b3660d396a646aad91a787b6ab37c • CWE-229: Improper Handling of Values •