CVE-2023-52676 – bpf: Guard stack limits against 32bit overflow
https://notcve.org/view.php?id=CVE-2023-52676
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding together a 64-bit register with a int offset. The register was checked to be below 1<<29 when it was variable, but not when it was fixed. The offset either comes from an instruction (in which case it is 16 bit), from another register (in which case the caller checked it to be below 1<<29 [1]), or from the size of an argument to a kfunc (in which case it can be a u32 [2]). Between the register being inconsistently checked to be below 1<<29, and the offset being up to an u32, it appears that we were open to overflowing the `int`s which were currently used for arithmetic. [1] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L7494-L7498 [2] https://github.com/torvalds/linux/blob/815fb87b753055df2d9e50f6cd80eb10235fe3e9/kernel/bpf/verifier.c#L11904 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Proteger los límites de la pila contra el desbordamiento de 32 bits. • https://git.kernel.org/stable/c/ad140fc856f0b1d5e2215bcb6d0cc247a86805a2 https://git.kernel.org/stable/c/e5ad9ecb84405637df82732ee02ad741a5f782a6 https://git.kernel.org/stable/c/1d38a9ee81570c4bd61f557832dead4d6f816760 •
CVE-2024-35837 – net: mvpp2: clear BM pool before initialization
https://notcve.org/view.php?id=CVE-2024-35837
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mvpp2: borre el grupo de BM antes de la inicialización. El valor del registro persiste después de iniciar el kernel usando kexec, lo que genera pánico en el kernel. Por lo tanto, borre los registros del grupo BM antes de la inicialización para solucionar el problema. • https://git.kernel.org/stable/c/3f518509dedc99f0b755d2ce68d24f610e3a005a https://git.kernel.org/stable/c/83f99138bf3b396f761600ab488054396fb5768f https://git.kernel.org/stable/c/af47faa6d3328406038b731794e7cf508c71affa https://git.kernel.org/stable/c/cec65f09c47d8c2d67f2bcad6cf05c490628d1ec https://git.kernel.org/stable/c/938729484cfa535e9987ed0f86f29a2ae3a8188b https://git.kernel.org/stable/c/dc77f6ab5c3759df60ff87ed24f4d45df0f3b4c4 https://git.kernel.org/stable/c/9f538b415db862e74b8c5d3abbccfc1b2b6caa38 https://lists.debian.org/debian-lts-announce/2024/06/ •
CVE-2023-52673 – drm/amd/display: Fix a debugfs null pointer error
https://notcve.org/view.php?id=CVE-2023-52673
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige un error de puntero null de debugfs [POR QUÉ Y CÓMO] Verifique si la devolución de llamada get_subvp_en() existe antes de llamarla. • https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a https://git.kernel.org/stable/c/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7 •
CVE-2023-52671 – drm/amd/display: Fix hang/underflow when transitioning to ODM4:1
https://notcve.org/view.php?id=CVE-2023-52671
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being properly disconnected from the disabled OPTC. [How] Ensure that all OPPs are unassigned from an OPTC when it gets disabled. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrigió bloqueo/desbordamiento insuficiente al realizar la transición a ODM4:1 [Por qué] En algunas circunstancias, deshabilitar un OPTC e intentar reclamar sus OPP para otro OPTC podría causar un bloqueo/desbordamiento insuficiente debido a que los OPP no se desconectan correctamente del OPTC deshabilitado. [Cómo] Asegúrese de que todos los OPP estén desasignados de un OPTC cuando se deshabilite. • https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239 https://git.kernel.org/stable/c/4b6b479b2da6badff099b2e3abf0248936eefbf5 https://git.kernel.org/stable/c/e7b2b108cdeab76a7e7324459e50b0c1214c0386 •
CVE-2023-52669 – crypto: s390/aes - Fix buffer overread in CTR mode
https://notcve.org/view.php?id=CVE-2023-52669
In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: s390/aes - Corrige la sobrelectura del buffer en modo CTR Al procesar el último bloque, el código ctr s390 siempre leerá un bloque completo, incluso si no hay un bloque completo de datos restantes. Solucione este problema utilizando la longitud real restante y cópielo primero en un búfer para procesarlo. • https://git.kernel.org/stable/c/0200f3ecc19660bebeabbcbaf212957fcf1dbf8f https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79 https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285 https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23 https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874 https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b https://lists.debian.org/debian-lts-announce/2024/06/ •