CVSS: 7.0EPSS: 0%CPEs: 10EXPL: 0CVE-2024-36883 – net: fix out-of-bounds access in ops_init
https://notcve.org/view.php?id=CVE-2024-36883
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array, then to set s.len, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments max_gen_ptrs, which is then used to set s.len with a larger than allocated length for the variable array. Fix it by reading max_gen_ptrs only once in net_alloc_generic. If max_gen_ptrs is later incremented, it will be caught in net_assign_generic. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: corrige el acceso fuera de los límites en ops_init net_alloc_generic es llamado por net_alloc, que se llama sin ningún bloqueo. • https://git.kernel.org/stable/c/073862ba5d249c20bd5c49fc6d904ff0e1f6a672 https://git.kernel.org/stable/c/561331eae0a03d0c4cf60f3cf485aa3e8aa5ab48 https://git.kernel.org/stable/c/a2c82f7bee1ffa9eafa1fb0bd886a7eea8c9e497 https://git.kernel.org/stable/c/3cdc34d76c4f777579e28ad373979d36c030cfd3 https://git.kernel.org/stable/c/7b0e64583eab8c1d896b47e5dd0bf2e7d86ec41f https://git.kernel.org/stable/c/0c3248bc708a7797be573214065cf908ff1f54c7 https://git.kernel.org/stable/c/9518b79bfd2fbf99fa9b7e8e36bcb1825e7ba030 https://git.kernel.org/stable/c/2d60ff5874aefd006717ca5e22ac1e25e • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36882 – mm: use memalloc_nofs_save() in page_cache_ra_order()
https://notcve.org/view.php?id=CVE-2024-36882
In the Linux kernel, the following vulnerability has been resolved: mm: use memalloc_nofs_save() in page_cache_ra_order() See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: use memalloc_nofs_save() en page_cache_ra_order() Consulte el commit f2c817bed58d ("mm: use memalloc_nofs_save en la ruta de lectura anticipada"), asegúrese de que page_cache_ra_order() no intente recuperar archivos respaldados páginas también, o conduce a un punto muerto, se encontró un problema al probar el folio grande ext4. INFORMACIÓN: tarea DataXceiver para:7494 bloqueada durante más de 120 segundos. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" desactiva este mensaje. tarea:DataXceiver para estado:D pila:0 pid:7494 ppid:1 banderas:0x00000200 Rastreo de llamadas: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 Schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 _lote+0x378 /0x918 migrar_páginas+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0 x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174 /0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 empalme_direct_to_actor+ 0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 +0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188 /0x190 • https://git.kernel.org/stable/c/793917d997df2e432f3e9ac126e4482d68256d01 https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4 https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147 https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45 https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36880 – Bluetooth: qca: add missing firmware sanity checks
https://notcve.org/view.php?id=CVE-2024-36880
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: agregar comprobaciones de integridad del firmware faltantes Agregue las comprobaciones de integridad del firmware faltantes al analizar los archivos de firmware antes de descargarlos para evitar acceder y dañar la memoria más allá del búfer vmalloced. • https://git.kernel.org/stable/c/83e81961ff7ef75f97756f316caea5aa6bcc19cc https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307 https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-36032 – Bluetooth: qca: fix info leak when fetching fw build id
https://notcve.org/view.php?id=CVE-2024-36032
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: qca: corrige la fuga de información al recuperar el ID de compilación del firmware. Agregue las comprobaciones de cordura que faltan y mueva el búfer de ID de compilación de 255 bytes fuera de la pila para evitar la filtración de datos de la pila a través de debugfs en en caso de que la respuesta de información de compilación esté mal formada. • https://git.kernel.org/stable/c/c0187b0bd3e94c48050687d87b2c3c9fbae98ae9 https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488 https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1 https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2024-36031 – keys: Fix overwrite of key expiration on instantiation
https://notcve.org/view.php?id=CVE-2024-36031
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: claves: se corrige la sobrescritura de la caducidad de la clave al crear instancias. El tiempo de caducidad de una clave se sobrescribe incondicionalmente durante la creación de instancias, y de forma predeterminada se vuelve permanente. • https://git.kernel.org/stable/c/97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac https://git.kernel.org/stable/c/2552b32b0b349df160a509fe49f5f308cb922f2b https://git.kernel.org/stable/c/791d5409cdb974c31a1bc7a903ea729ddc7d83df https://git.kernel.org/stable/c/afc360e8a1256acb7579a6f5b6f2c30b85b39301 https://git.kernel.org/stable/c/39299bdd2546688d92ed9db4948f6219ca1b9542 https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d • CWE-324: Use of a Key Past its Expiration Date •