CVE-2024-40994 – ptp: fix integer overflow in max_vclocks_store
https://notcve.org/view.php?id=CVE-2024-40994
In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this. • https://git.kernel.org/stable/c/44c494c8e30e35713c7d11ca3c5ab332cbfabacf https://git.kernel.org/stable/c/4b03da87d0b7074c93d9662c6e1a8939f9b8b86e https://git.kernel.org/stable/c/d50d62d5e6ee6aa03c00bddb91745d0b632d3b0f https://git.kernel.org/stable/c/666e934d749e50a37f3796caaf843a605f115b6f https://git.kernel.org/stable/c/e1fccfb4638ee6188377867f6015d0ce35764a8e https://git.kernel.org/stable/c/81d23d2a24012e448f651e007fac2cfd20a45ce0 •
CVE-2024-40992 – RDMA/rxe: Fix responder length checking for UD request packets
https://notcve.org/view.php?id=CVE-2024-40992
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix responder length checking for UD request packets According to the IBA specification: If a UD request packet is detected with an invalid length, the request shall be an invalid request and it shall be silently dropped by the responder. The responder then waits for a new request packet. commit 689c5421bfe0 ("RDMA/rxe: Fix incorrect responder length checking") defers responder length check for UD QPs in function `copy_data`. But it introduces a regression issue for UD QPs. When the packet size is too large to fit in the receive buffer. `copy_data` will return error code -EINVAL. Then `send_data_in` will return RESPST_ERR_MALFORMED_WQE. UD QP will transfer into ERROR state. • https://git.kernel.org/stable/c/689c5421bfe0eac65526bd97a466b9590a6aad3c https://git.kernel.org/stable/c/163868ec1f6c610d16da9e458fe1dd7d5de97341 https://git.kernel.org/stable/c/943c94f41dfe36536dc9aaa12c9efdf548ceb996 https://git.kernel.org/stable/c/f67ac0061c7614c1548963d3ef1ee1606efd8636 •
CVE-2024-40991 – dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id()
https://notcve.org/view.php?id=CVE-2024-40991
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix of_k3_udma_glue_parse_chn_by_id() The of_k3_udma_glue_parse_chn_by_id() helper function erroneously invokes "of_node_put()" on the "udmax_np" device-node passed to it, without having incremented its reference count at any point. Fix it. • https://git.kernel.org/stable/c/81a1f90f20af71728f900f245aa69e9425fdef84 https://git.kernel.org/stable/c/a5ab5f413d1e4c7ed5f64271b025f0726374509e https://git.kernel.org/stable/c/ba27e9d2207784da748b19170a2e56bd7770bd81 •
CVE-2024-40990 – RDMA/mlx5: Add check for srq max_sge attribute
https://notcve.org/view.php?id=CVE-2024-40990
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. • https://git.kernel.org/stable/c/e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c https://git.kernel.org/stable/c/7186b81c1f15e39069b1af172c6a951728ed3511 https://git.kernel.org/stable/c/1e692244bf7dd827dd72edc6c4a3b36ae572f03c https://git.kernel.org/stable/c/999586418600b4b3b93c2a0edd3a4ca71ee759bf https://git.kernel.org/stable/c/e0deb0e9c967b61420235f7f17a4450b4b4d6ce2 https://git.kernel.org/stable/c/4ab99e3613139f026d2d8ba954819e2876120ab3 https://git.kernel.org/stable/c/36ab7ada64caf08f10ee5a114d39964d1f91e81d •
CVE-2024-40989 – KVM: arm64: Disassociate vcpus from redistributor region on teardown
https://notcve.org/view.php?id=CVE-2024-40989
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu. A vulnerability was found in the Linux kernel's KVM for ARM64 within the vgic-init.c, vgic-mmio-v3.c, and vgic.h files. The virtual vCPUs may retain dangling pointers in a redistributor region after they have been torn down, leading to potential memory corruption. • https://git.kernel.org/stable/c/e5a35635464bc5304674b84ea42615a3fd0bd949 https://git.kernel.org/stable/c/68df4fc449fcc24347209e500ce26d5816705a77 https://git.kernel.org/stable/c/48bb62859d47c5c4197a8c01128d0fa4f46ee58c https://git.kernel.org/stable/c/152b4123f21e6aff31cea01158176ad96a999c76 https://git.kernel.org/stable/c/0d92e4a7ffd5c42b9fa864692f82476c0bf8bcc8 https://access.redhat.com/security/cve/CVE-2024-40989 https://bugzilla.redhat.com/show_bug.cgi?id=2297573 • CWE-825: Expired Pointer Dereference •