CVE-2024-42142 – net/mlx5: E-switch, Create ingress ACL when needed
https://notcve.org/view.php?id=CVE-2024-42142
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can be disabled using the following devlink command: # devlink dev param set pci/0000:08:00.0 name esw_port_metadata \ value false cmode runtime If ingress acl is not created, will hit panic when creating drop rule for active-backup lag mode. • https://git.kernel.org/stable/c/1749c4c51c16e3e078faae0a876d01bafb187a74 https://git.kernel.org/stable/c/bc3ff8d3c05044de57865ebbb78cca8f7da3e595 https://git.kernel.org/stable/c/3e3551f8702978cd2221d2614ca6d6727e785324 https://git.kernel.org/stable/c/83bc1a129f7fd0d7d05036ceb7ee69102624e320 https://git.kernel.org/stable/c/b20c2fb45470d0c7a603613c9cfa5d45720e17f2 •
CVE-2024-42141 – Bluetooth: ISO: Check socket flag instead of hcon
https://notcve.org/view.php?id=CVE-2024-42141
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Check socket flag instead of hcon This fixes the following Smatch static checker warning: net/bluetooth/iso.c:1364 iso_sock_recvmsg() error: we previously assumed 'pi->conn->hcon' could be null (line 1359) net/bluetooth/iso.c 1347 static int iso_sock_recvmsg(struct socket *sock, struct msghdr *msg, 1348 size_t len, int flags) 1349 { 1350 struct sock *sk = sock->sk; 1351 struct iso_pinfo *pi = iso_pi(sk); 1352 1353 BT_DBG("sk %p", sk); 1354 1355 if (test_and_clear_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 1356 lock_sock(sk); 1357 switch (sk->sk_state) { 1358 case BT_CONNECT2: 1359 if (pi->conn->hcon && ^^^^^^^^^^^^^^ If ->hcon is NULL 1360 test_bit(HCI_CONN_PA_SYNC, &pi->conn->hcon->flags)) { 1361 iso_conn_big_sync(sk); 1362 sk->sk_state = BT_LISTEN; 1363 } else { --> 1364 iso_conn_defer_accept(pi->conn->hcon); ^^^^^^^^^^^^^^ then we're toast 1365 sk->sk_state = BT_CONFIG; 1366 } 1367 release_sock(sk); 1368 return 0; 1369 case BT_CONNECTED: 1370 if (test_bit(BT_SK_PA_SYNC, • https://git.kernel.org/stable/c/fbdc4bc47268953c80853489f696e02d61f9a2c6 https://git.kernel.org/stable/c/c03a10bd5b6ccb22921e04bcddc987410df7e7a9 https://git.kernel.org/stable/c/045669710464a21c67e690ef14698fd71857cb11 https://git.kernel.org/stable/c/33fabef489169c6db87843ef23351ed0d5e51ad8 https://git.kernel.org/stable/c/596b6f081336e77764ca35cfeab66d0fcdbe544e •
CVE-2024-42140 – riscv: kexec: Avoid deadlock in kexec crash path
https://notcve.org/view.php?id=CVE-2024-42140
In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64, riscv only requires irq_eoi handler to complete EOI and keeping irq_set_irqchip_state() will only leave this possible deadlock without any use. So we simply remove it. • https://git.kernel.org/stable/c/12f237200c169a8667cf9dca7a40df8d7917b9fd https://git.kernel.org/stable/c/b17d19a5314a37f7197afd1a0200affd21a7227d https://git.kernel.org/stable/c/7594956fec8902dfc18150bf1dca0940cd4ad025 https://git.kernel.org/stable/c/bb80a7911218bbab2a69b5db7d2545643ab0073d https://git.kernel.org/stable/c/653deee48a4682ea17a05b96fb6842795ab5943c https://git.kernel.org/stable/c/7692c9b6baacdee378435f58f19baf0eb69e4155 https://git.kernel.org/stable/c/484dd545271d02d1571e1c6b62ea7df9dbe5e692 https://git.kernel.org/stable/c/c562ba719df570c986caf0941fea24491 •
CVE-2024-42139 – ice: Fix improper extts handling
https://notcve.org/view.php?id=CVE-2024-42139
In the Linux kernel, the following vulnerability has been resolved: ice: Fix improper extts handling Extts events are disabled and enabled by the application ts2phc. However, in case where the driver is removed when the application is running, a specific extts event remains enabled and can cause a kernel crash. As a side effect, when the driver is reloaded and application is started again, remaining extts event for the channel from a previous run will keep firing and the message "extts on unexpected channel" might be printed to the user. To avoid that, extts events shall be disabled when PTP is released. • https://git.kernel.org/stable/c/172db5f91d5f7b91670c68a7547798b0b5374158 https://git.kernel.org/stable/c/9f69b31ae9e25dec27ad31fbc64dd99af16ee3d3 https://git.kernel.org/stable/c/00d3b4f54582d4e4a02cda5886bb336eeab268cc https://access.redhat.com/security/cve/CVE-2024-42139 https://bugzilla.redhat.com/show_bug.cgi?id=2301504 • CWE-476: NULL Pointer Dereference •
CVE-2024-42138 – mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file
https://notcve.org/view.php?id=CVE-2024-42138
In the Linux kernel, the following vulnerability has been resolved: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file In case of invalid INI file mlxsw_linecard_types_init() deallocates memory but doesn't reset pointer to NULL and returns 0. In case of any error occurred after mlxsw_linecard_types_init() call, mlxsw_linecards_init() calls mlxsw_linecard_types_fini() which performs memory deallocation again. Add pointer reset to NULL. Found by Linux Verification Center (linuxtesting.org) with SVACE. • https://git.kernel.org/stable/c/b217127e5e4ee0ecfce7c5f84cfe082238123bda https://git.kernel.org/stable/c/ab557f5cd993a3201b09593633d04b891263d5c0 https://git.kernel.org/stable/c/f8b55a465b0e8a500179808166fe9420f5c091a1 https://git.kernel.org/stable/c/9af7437669b72f804fc4269f487528dbbed142a2 https://git.kernel.org/stable/c/8ce34dccbe8fa7d2ef86f2d8e7db2a9b67cabfc3 •