CVE-2024-46721 – apparmor: fix possible NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-46721
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state that the path of its parent is not existed yet. BUG: kernel NULL pointer dereference, address: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser Not tainted 6.8.0-24-generic #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 Code: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Call Trace: <TASK> ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? • https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346 https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363 https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85 https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9 https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8 https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64 https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f •
CVE-2024-46720 – drm/amdgpu: fix dereference after null check
https://notcve.org/view.php?id=CVE-2024-46720
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use. • https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517 https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50 https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441 •
CVE-2024-46719 – usb: typec: ucsi: Fix null pointer dereference in trace
https://notcve.org/view.php?id=CVE-2024-46719
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Fix null pointer dereference in trace ucsi_register_altmode checks IS_ERR for the alt pointer and treats NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled, ucsi_register_displayport returns NULL which causes a NULL pointer dereference in trace. Rather than return NULL, call typec_port_register_altmode to register DisplayPort alternate mode as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled. • https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870 https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9 https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7 https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830 https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5 •
CVE-2024-46718 – drm/xe: Don't overmap identity VRAM mapping
https://notcve.org/view.php?id=CVE-2024-46718
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't overmap identity VRAM mapping Overmapping the identity VRAM mapping is triggering hardware bugs on certain platforms. Use 2M pages for the last unaligned (to 1G) VRAM chunk. v2: - Always use 2M pages for last chunk (Fei Yang) - break loop when 2M pages are used - Add assert for usable_size being 2M aligned v3: - Fix checkpatch • https://git.kernel.org/stable/c/dd08ebf6c3525a7ea2186e636df064ea47281987 https://git.kernel.org/stable/c/bb706e92c87beb9f2543faa1705ccc330b9e7c65 https://git.kernel.org/stable/c/6d3581edffea0b3a64b0d3094d3f09222e0024f7 •
CVE-2024-46717 – net/mlx5e: SHAMPO, Fix incorrect page release
https://notcve.org/view.php?id=CVE-2024-46717
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the last page fragment of a SHAMPO header page) a new skb is formed with a page that is NOT a SHAMPO header page (it is a regular data page). Further down in the same function (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from header_index is released. This is wrong and it leads to SHAMPO header pages being released more than once. • https://git.kernel.org/stable/c/03924d117625ecb10ee3c9b65930bcb2c37ae629 https://git.kernel.org/stable/c/ae9018e3f61ba5cc1f08a6e51d3c0bef0a79f3ab https://git.kernel.org/stable/c/c909ab41df2b09cde919801c7a7b6bb2cc37ea22 https://git.kernel.org/stable/c/70bd03b89f20b9bbe51a7f73c4950565a17a45f7 •