CVE-2024-44940 – fou: remove warn in gue_gro_receive on unsupported protocol
https://notcve.org/view.php?id=CVE-2024-44940
In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks"). • https://git.kernel.org/stable/c/b1453a5616c7bd8acd90633ceba4e59105ba3b51 https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59 https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79 https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c •
CVE-2024-44939 – jfs: fix null ptr deref in dtInsertEntry
https://notcve.org/view.php?id=CVE-2024-44939
In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the previously true judgment "p->header.flag & BT-LEAF" to change to no after writing the name operation, this leads to entering an incorrect branch and accessing the uninitialized object ih when judging this condition for the second time. [Fix] After got the page, check freelist first, if freelist == 0 then exit dtInsert() and return -EINVAL. • https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9 https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6 https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702 https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c •
CVE-2024-44938 – jfs: Fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2024-44938
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. • https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3 https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630 https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 •
CVE-2024-44937 – platform/x86: intel-vbtn: Protect ACPI notify handler against recursion
https://notcve.org/view.php?id=CVE-2024-44937
In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () handlers to run on all CPUs") ACPI notify handlers like the intel-vbtn notify_handler() may run on multiple CPU cores racing with themselves. This race gets hit on Dell Venue 7140 tablets when undocking from the keyboard, causing the handler to try and register priv->switches_dev twice, as can be seen from the dev_info() message getting logged twice: [ 83.861800] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event [ 83.861858] input: Intel Virtual Switches as /devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17 [ 83.861865] intel-vbtn INT33D6:00: Registering Intel Virtual Switches input-dev after receiving a switch event After which things go seriously wrong: [ 83.861872] sysfs: cannot create duplicate filename '/devices/pci0000:00/0000:00:1f.0/PNP0C09:00/INT33D6:00/input/input17' ... [ 83.861967] kobject: kobject_add_internal failed for input17 with -EEXIST, don't try to register things with the same name in the same directory. [ 83.877338] BUG: kernel NULL pointer dereference, address: 0000000000000018 ... Protect intel-vbtn notify_handler() from racing with itself with a mutex to fix this. • https://git.kernel.org/stable/c/e2ffcda1629012a2c1a3706432bc45fdc899a584 https://git.kernel.org/stable/c/5c9618a3b6ea94cf7bdff7702aca8bf2d777d97b https://git.kernel.org/stable/c/e075c3b13a0a142dcd3151b25d29a24f31b7b640 •
CVE-2024-44936 – power: supply: rt5033: Bring back i2c_set_clientdata
https://notcve.org/view.php?id=CVE-2024-44936
In the Linux kernel, the following vulnerability has been resolved: power: supply: rt5033: Bring back i2c_set_clientdata Commit 3a93da231c12 ("power: supply: rt5033: Use devm_power_supply_register() helper") reworked the driver to use devm. While at it, the i2c_set_clientdata was dropped along with the remove callback. Unfortunately other parts of the driver also rely on i2c clientdata so this causes kernel oops. Bring the call back to fix the driver. • https://git.kernel.org/stable/c/3a93da231c12bb153224bbbdd3d9a83da9e0ba33 https://git.kernel.org/stable/c/3c5d0871b0af0184abc6f7f52f8705b39a6251ae https://git.kernel.org/stable/c/d3911f1639e67fc7b12aae0efa5a540976d7443b •