CVE-2024-36949 – amd/amdkfd: sync all devices to wait all processes being evicted
https://notcve.org/view.php?id=CVE-2024-36949
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfd_suspend_all_processes() to evict all processes on all devices, this call takes time to finish. other device will start reset and recover without waiting. if the process has not been evicted before doing recover, it will be restored, then caused page fault. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: amd/amdkfd: sincroniza todos los dispositivos para esperar a que se desalojen todos los procesos. Si hay más de un dispositivo reiniciando en paralelo, el primer dispositivo llamará a kfd_suspend_all_processes() para desalojar todos los procesos en todos los dispositivos, esta llamada tarda un tiempo en finalizar. El otro dispositivo comenzará a restablecerse y recuperarse sin esperar. Si el proceso no ha sido desalojado antes de realizar la recuperación, se restaurará y luego provocará un error de página. • https://git.kernel.org/stable/c/b6f6626528fe724b512c34f3fb5946c36a135f58 https://git.kernel.org/stable/c/ed28ef3840bbf93a64376ea7814ce39f86352e14 https://git.kernel.org/stable/c/d06af584be5a769d124b7302b32a033e9559761d •
CVE-2024-36948 – drm/xe/xe_migrate: Cast to output precision before multiplying operands
https://notcve.org/view.php?id=CVE-2024-36948
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_migrate: Cast to output precision before multiplying operands Addressing potential overflow in result of multiplication of two lower precision (u32) operands before widening it to higher precision (u64). -v2 Fix commit message and description. (Rodrigo) (cherry picked from commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/xe/xe_migrate: conversión a precisión de salida antes de multiplicar operandos. Abordar el posible desbordamiento como resultado de la multiplicación de dos operandos de menor precisión (u32) antes de ampliarlo a mayor precisión (u64). -v2 Corregir mensaje de commit y descripción. (Rodrigo) (cereza escogida del commit 34820967ae7b45411f8f4f737c2d63b0c608e0d7) • https://git.kernel.org/stable/c/e23a904dfeb5a9e3d4ec527a365e962478cccf05 https://git.kernel.org/stable/c/9cb46b31f3d08ed3fce86349e8c12f96d7c88717 •
CVE-2024-36947 – qibfs: fix dentry leak
https://notcve.org/view.php?id=CVE-2024-36947
In the Linux kernel, the following vulnerability has been resolved: qibfs: fix dentry leak simple_recursive_removal() drops the pinning references to all positives in subtree. For the cases when its argument has been kept alive by the pinning alone that's exactly the right thing to do, but here the argument comes from dcache lookup, that needs to be balanced by explicit dput(). Fucked-up-by: Al Viro <viro@zeniv.linux.org.uk> En el kernel de Linux, se resolvió la siguiente vulnerabilidad: qibfs: arreglar la fuga de dentry simple_recursive_removal() elimina las referencias de fijación a todos los positivos en el subárbol. Para los casos en los que su argumento se ha mantenido vivo solo mediante la fijación, eso es exactamente lo correcto, pero aquí el argumento proviene de la búsqueda de dcache, que debe equilibrarse con dput() explícito. Jodido por: Al Viro • https://git.kernel.org/stable/c/e41d237818598c0b17458b4d0416b091a7959e55 https://git.kernel.org/stable/c/24dd9b08df718f20ccf2dd1519909fefd8c233ee https://git.kernel.org/stable/c/bd8f78c71defbcb7a9ed331e7f287507df972b00 https://git.kernel.org/stable/c/db71ca93259dd1078bcfea3afafde2143cfc2da7 https://git.kernel.org/stable/c/02ee394a5d899d9bd2f0759382e9481cab6166f8 https://git.kernel.org/stable/c/aa23317d0268b309bb3f0801ddd0d61813ff5afb •
CVE-2024-36946 – phonet: fix rtm_phonet_notify() skb allocation
https://notcve.org/view.php?id=CVE-2024-36946
In the Linux kernel, the following vulnerability has been resolved: phonet: fix rtm_phonet_notify() skb allocation fill_route() stores three components in the skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Therefore, rtm_phonet_notify() should use NLMSG_ALIGN(sizeof(struct rtmsg)) + nla_total_size(1) + nla_total_size(4) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phonet: corrige la asignación de skb de rtm_phonet_notify() fill_route() almacena tres componentes en el skb: - struct rtmsg - RTA_DST (u8) - RTA_OIF (u32) Por lo tanto, rtm_phonet_notify() debería usar NLMSG_ALIGN(tamañode(struct rtmsg)) + nla_total_size(1) + nla_total_size(4) • https://git.kernel.org/stable/c/f062f41d06575744b9eaf725eef8a5d3b5f5b7ca https://git.kernel.org/stable/c/ec1f71c05caeba0f814df77e0f511d8b4618623a https://git.kernel.org/stable/c/dc6beac059f0331de97155a89d84058d4a9e49c7 https://git.kernel.org/stable/c/f085e02f0a32f6dfcfabc6535c9c4a1707cef86b https://git.kernel.org/stable/c/4ff334cade9dae50e4be387f71e94fae634aa9b4 https://git.kernel.org/stable/c/728a83160f98ee6b60df0d890141b9b7240182fe https://git.kernel.org/stable/c/ee9e39a6cb3ca2a3d35b4ae25547ee3526a44d00 https://git.kernel.org/stable/c/9a77226440008cf04ba68faf641a2d50f •
CVE-2024-36945 – net/smc: fix neighbour and rtable leak in smc_ib_find_route()
https://notcve.org/view.php?id=CVE-2024-36945
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix neighbour and rtable leak in smc_ib_find_route() In smc_ib_find_route(), the neighbour found by neigh_lookup() and rtable resolved by ip_route_output_flow() are not released or put before return. It may cause the refcount leak, so fix it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: corrige la fuga de vecino y rtable en smc_ib_find_route() En smc_ib_find_route(), el vecino encontrado por neigh_lookup() y rtable resuelto por ip_route_output_flow() no se liberan ni se colocan antes devolver. Puede causar la fuga de recuento, así que corríjalo. • https://git.kernel.org/stable/c/e5c4744cfb598f98672f8d21d59ef2c1fa9c9b5f https://git.kernel.org/stable/c/d5a466ab6e78d6f2e0f64435f1e17246c8e941ff https://git.kernel.org/stable/c/5df93c029a907b0ff5a4eeadd77ba06ff0a277d2 https://git.kernel.org/stable/c/da91e447d06dc649fcf46e59122e7bf8f0b2e0db https://git.kernel.org/stable/c/2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 https://access.redhat.com/security/cve/CVE-2024-36945 https://bugzilla.redhat.com/show_bug.cgi?id=2284465 • CWE-401: Missing Release of Memory after Effective Lifetime •