CVE-2024-36882 – mm: use memalloc_nofs_save() in page_cache_ra_order()
https://notcve.org/view.php?id=CVE-2024-36882
In the Linux kernel, the following vulnerability has been resolved: mm: use memalloc_nofs_save() in page_cache_ra_order() See commit f2c817bed58d ("mm: use memalloc_nofs_save in readahead path"), ensure that page_cache_ra_order() do not attempt to reclaim file-backed pages too, or it leads to a deadlock, found issue when test ext4 large folio. INFO: task DataXceiver for:7494 blocked for more than 120 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:DataXceiver for state:D stack:0 pid:7494 ppid:1 flags:0x00000200 Call trace: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 migrate_pages_batch+0x378/0x918 migrate_pages+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174/0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 splice_direct_to_actor+0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: use memalloc_nofs_save() en page_cache_ra_order() Consulte el commit f2c817bed58d ("mm: use memalloc_nofs_save en la ruta de lectura anticipada"), asegúrese de que page_cache_ra_order() no intente recuperar archivos respaldados páginas también, o conduce a un punto muerto, se encontró un problema al probar el folio grande ext4. INFORMACIÓN: tarea DataXceiver para:7494 bloqueada durante más de 120 segundos. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" desactiva este mensaje. tarea:DataXceiver para estado:D pila:0 pid:7494 ppid:1 banderas:0x00000200 Rastreo de llamadas: __switch_to+0x14c/0x240 __schedule+0x82c/0xdd0 Schedule+0x58/0xf0 io_schedule+0x24/0xa0 __folio_lock+0x130/0x300 _lote+0x378 /0x918 migrar_páginas+0x350/0x700 compact_zone+0x63c/0xb38 compact_zone_order+0xc0/0x118 try_to_compact_pages+0xb0/0x280 __alloc_pages_direct_compact+0x98/0x248 __alloc_pages+0x510/0x1110 alloc_pages+0 x9c/0x130 folio_alloc+0x20/0x78 filemap_alloc_folio+0x8c/0x1b0 page_cache_ra_order+0x174 /0x308 ondemand_readahead+0x1c8/0x2b8 page_cache_async_ra+0x68/0xb8 filemap_readahead.isra.0+0x64/0xa8 filemap_get_pages+0x3fc/0x5b0 filemap_splice_read+0xf4/0x280 ext4_file_splice_read+0x2c/0x48 [ext4] vfs_splice_read.part.0+0xa8/0x118 empalme_direct_to_actor+ 0xbc/0x288 do_splice_direct+0x9c/0x108 do_sendfile+0x328/0x468 __arm64_sys_sendfile64+0x8c/0x148 invoke_syscall+0x4c/0x118 el0_svc_common.constprop.0+0xc8/0xf0 +0x24/0x38 el0_svc+0x4c/0x1f8 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188 /0x190 • https://git.kernel.org/stable/c/793917d997df2e432f3e9ac126e4482d68256d01 https://git.kernel.org/stable/c/7629ef6dda1564098aadeef38e5fbd11ee8627c4 https://git.kernel.org/stable/c/468971c3f4b8187f25334503b68050a0e1370147 https://git.kernel.org/stable/c/cf6a1d16c6df3c30b03f0c6a92a2ba7f86dffb45 https://git.kernel.org/stable/c/30153e4466647a17eebfced13eede5cbe4290e69 •
CVE-2024-36881 – mm/userfaultfd: reset ptes when close() for wr-protected ones
https://notcve.org/view.php?id=CVE-2024-36881
In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: reset ptes when close() for wr-protected ones Userfaultfd unregister includes a step to remove wr-protect bits from all the relevant pgtable entries, but that only covered an explicit UFFDIO_UNREGISTER ioctl, not a close() on the userfaultfd itself. Cover that too. This fixes a WARN trace. The only user visible side effect is the user can observe leftover wr-protect bits even if the user close()ed on an userfaultfd when releasing the last reference of it. However hopefully that should be harmless, and nothing bad should happen even if so. This change is now more important after the recent page-table-check patch we merged in mm-unstable (446dd9ad37d0 ("mm/page_table_check: support userfault wr-protect entries")), as we'll do sanity check on uffd-wp bits without vma context. So it's better if we can 100% guarantee no uffd-wp bit leftovers, to make sure each report will be valid. • https://git.kernel.org/stable/c/f369b07c861435bd812a9d14493f71b34132ed6f https://git.kernel.org/stable/c/3e2747c3ddfa717697c3cc2aa6ab989e48d6587d https://git.kernel.org/stable/c/377f3a9a3d032a52325a5b110379a25dd1ab1931 https://git.kernel.org/stable/c/8d8b68a5b0c9fb23d37df06bb273ead38fd5a29d https://git.kernel.org/stable/c/c88033efe9a391e72ba6b5df4b01d6e628f4e734 •
CVE-2024-36880 – Bluetooth: qca: add missing firmware sanity checks
https://notcve.org/view.php?id=CVE-2024-36880
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: add missing firmware sanity checks Add the missing sanity checks when parsing the firmware files before downloading them to avoid accessing and corrupting memory beyond the vmalloced buffer. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: qca: agregar comprobaciones de integridad del firmware faltantes Agregue las comprobaciones de integridad del firmware faltantes al analizar los archivos de firmware antes de descargarlos para evitar acceder y dañar la memoria más allá del búfer vmalloced. • https://git.kernel.org/stable/c/83e81961ff7ef75f97756f316caea5aa6bcc19cc https://git.kernel.org/stable/c/ed53949cc92e28aaa3463d246942bda1fbb7f307 https://git.kernel.org/stable/c/1caceadfb50432dbf6d808796cb6c34ebb6d662c https://git.kernel.org/stable/c/427281f9498ed614f9aabc80e46ec077c487da6d https://git.kernel.org/stable/c/02f05ed44b71152d5e11d29be28aed91c0489b4e https://git.kernel.org/stable/c/2e4edfa1e2bd821a317e7d006517dcf2f3fac68d •
CVE-2024-36032 – Bluetooth: qca: fix info leak when fetching fw build id
https://notcve.org/view.php?id=CVE-2024-36032
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: qca: corrige la fuga de información al recuperar el ID de compilación del firmware. Agregue las comprobaciones de cordura que faltan y mueva el búfer de ID de compilación de 255 bytes fuera de la pila para evitar la filtración de datos de la pila a través de debugfs en en caso de que la respuesta de información de compilación esté mal formada. • https://git.kernel.org/stable/c/c0187b0bd3e94c48050687d87b2c3c9fbae98ae9 https://git.kernel.org/stable/c/62d5550ab62042dcceaf18844d0feadbb962cffe https://git.kernel.org/stable/c/57062aa13e87b1a78a4a8f6cb5fab6ba24f5f488 https://git.kernel.org/stable/c/6b63e0ef4d3ce0080395e5091fba2023f246c45a https://git.kernel.org/stable/c/a571044cc0a0c944e7c12237b6768aeedd7480e1 https://git.kernel.org/stable/c/cda0d6a198e2a7ec6f176c36173a57bdd8af7af2 •
CVE-2024-36031 – keys: Fix overwrite of key expiration on instantiation
https://notcve.org/view.php?id=CVE-2024-36031
In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a problem for DNS resolution as the expiration set by user-space is overwritten to TIME64_MAX, disabling further DNS updates. Fix this by restoring the condition that key_set_expiry is only called when the pre-parser sets a specific expiry. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: claves: se corrige la sobrescritura de la caducidad de la clave al crear instancias. El tiempo de caducidad de una clave se sobrescribe incondicionalmente durante la creación de instancias, y de forma predeterminada se vuelve permanente. • https://git.kernel.org/stable/c/97be1e865e70e5a0ad0a5b5f5dca5031ca0b53ac https://git.kernel.org/stable/c/2552b32b0b349df160a509fe49f5f308cb922f2b https://git.kernel.org/stable/c/791d5409cdb974c31a1bc7a903ea729ddc7d83df https://git.kernel.org/stable/c/afc360e8a1256acb7579a6f5b6f2c30b85b39301 https://git.kernel.org/stable/c/39299bdd2546688d92ed9db4948f6219ca1b9542 https://git.kernel.org/stable/c/ad2011ea787928b2accb5134f1e423b11fe80a8a https://git.kernel.org/stable/c/ed79b93f725cd0da39a265dc23d77add1527b9be https://git.kernel.org/stable/c/e4519a016650e952ad9eb27937f8c447d • CWE-324: Use of a Key Past its Expiration Date •