CVE-2024-35835 – net/mlx5e: fix a double-free in arfs_create_groups
https://notcve.org/view.php?id=CVE-2024-35835
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_groups, will hold this error and call to mlx5e_destroy_flow_table, in which the ft->g will be freed again. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/mlx5e: corregido un double free en arfs_create_groups Cuando falla `in` asignado por kvzalloc, arfs_create_groups liberará ft->g y devolverá un error. Sin embargo, arfs_create_table, el único llamador de arfs_create_groups, mantendrá este error y llamará a mlx5e_destroy_flow_table, en el que ft->g se liberará nuevamente. A double-free vulnerability was found in the `arfs_create_groups` function in the Linux kernel's `net/mlx5e` driver. • https://git.kernel.org/stable/c/1cabe6b0965ec067ac60e8f182f16d479a3b9a5c https://git.kernel.org/stable/c/e3d3ed8c152971dbe64c92c9ecb98fdb52abb629 https://git.kernel.org/stable/c/2501afe6c4c9829d03abe9a368b83d9ea1b611b7 https://git.kernel.org/stable/c/cf116d9c3c2aebd653c2dfab5b10c278e9ec3ee5 https://git.kernel.org/stable/c/c57ca114eb00e03274dd38108d07a3750fa3c056 https://git.kernel.org/stable/c/42876db001bbea7558e8676d1019f08f9390addb https://git.kernel.org/stable/c/b21db3f1ab7967a81d6bbd328d28fe5a4c07a8a7 https://git.kernel.org/stable/c/66cc521a739ccd5da057a1cb3d6346c6d •
CVE-2023-52673 – drm/amd/display: Fix a debugfs null pointer error
https://notcve.org/view.php?id=CVE-2023-52673
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige un error de puntero null de debugfs [POR QUÉ Y CÓMO] Verifique si la devolución de llamada get_subvp_en() existe antes de llamarla. • https://git.kernel.org/stable/c/43235db21fc23559f50a62f8f273002eeb506f5a https://git.kernel.org/stable/c/efb91fea652a42fcc037d2a9ef4ecd1ffc5ff4b7 •
CVE-2023-52671 – drm/amd/display: Fix hang/underflow when transitioning to ODM4:1
https://notcve.org/view.php?id=CVE-2023-52671
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix hang/underflow when transitioning to ODM4:1 [Why] Under some circumstances, disabling an OPTC and attempting to reclaim its OPP(s) for a different OPTC could cause a hang/underflow due to OPPs not being properly disconnected from the disabled OPTC. [How] Ensure that all OPPs are unassigned from an OPTC when it gets disabled. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrigió bloqueo/desbordamiento insuficiente al realizar la transición a ODM4:1 [Por qué] En algunas circunstancias, deshabilitar un OPTC e intentar reclamar sus OPP para otro OPTC podría causar un bloqueo/desbordamiento insuficiente debido a que los OPP no se desconectan correctamente del OPTC deshabilitado. [Cómo] Asegúrese de que todos los OPP estén desasignados de un OPTC cuando se deshabilite. • https://git.kernel.org/stable/c/ae62f1dde66a6f0eee98defc4c7a346bd5acd239 https://git.kernel.org/stable/c/4b6b479b2da6badff099b2e3abf0248936eefbf5 https://git.kernel.org/stable/c/e7b2b108cdeab76a7e7324459e50b0c1214c0386 •
CVE-2023-52670 – rpmsg: virtio: Free driver_override when rpmsg_remove()
https://notcve.org/view.php?id=CVE-2023-52670
In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s) hex dump (first 32 bytes): 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320 [<000000002300d89b>] __kmalloc_node_track_caller+0x44/0x70 [<00000000228a60c3>] kstrndup+0x4c/0x90 [<0000000077158695>] driver_set_override+0xd0/0x164 [<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170 [<000000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30 [<000000008bbf8fa2>] rpmsg_probe+0x2e0/0x3ec [<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280 [<00000000443331cc>] really_probe+0xbc/0x2dc [<00000000391064b1>] __driver_probe_device+0x78/0xe0 [<00000000a41c9a5b>] driver_probe_device+0xd8/0x160 [<000000009c3bd5df>] __device_attach_driver+0xb8/0x140 [<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4 [<000000003b929a36>] __device_attach+0x9c/0x19c [<00000000a94e0ba8>] device_initial_probe+0x14/0x20 [<000000003c999637>] bus_probe_device+0xa0/0xac En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rpmsg: virtio: Free driver_overridecuando rpmsg_remove() Free driver_override cuando rpmsg_remove(); de lo contrario, se producirá la siguiente pérdida de memoria: objeto sin referencia 0xffff0000d55d7080 (tamaño 128): comm "kworker/u8 :2", pid 56, santiamén 4294893188 (edad 214.272s) volcado hexadecimal (primeros 32 bytes): 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso: [<000000009c94c9c1>] __kmem_cache_alloc_node+0x1f8/0x320 [<000000002300d89b>] +0x44/ 0x70 [<00000000228a60c3>] kstrndup+0x4c/0x90 [<0000000077158695>] driver_set_override+0xd0/0x164 [<000000003e9c4ea5>] rpmsg_register_device_override+0x98/0x170 0000001c0c89a8>] rpmsg_ns_register_device+0x24/0x30 [<000000008bbf8fa2>] rpmsg_probe+0x2e0/ 0x3ec [<00000000e65a68df>] virtio_dev_probe+0x1c0/0x280 [<00000000443331cc>] very_probe+0xbc/0x2dc [<00000000391064b1>] __driver_probe_device+0x78/0xe0 [<00 000000a41c9a5b>] driver_probe_device+0xd8/0x160 [<000000009c3bd5df>] __device_attach_driver+0xb8/ 0x140 [<0000000043cd7614>] bus_for_each_drv+0x7c/0xd4 [<000000003b929a36>] __device_attach+0x9c/0x19c [<00000000a94e0ba8>] dispositivo_initial_probe+0x14/0x20 [<000 000003c999637>] bus_probe_device+0xa0/0xac • https://git.kernel.org/stable/c/b0b03b8119633de0649da9bd506e4850c401ff2b https://git.kernel.org/stable/c/229ce47cbfdc7d3a9415eb676abbfb77d676cb08 https://git.kernel.org/stable/c/dd50fe18c234bd5ff22f658f4d414e8fa8cd6a5d https://git.kernel.org/stable/c/69ca89d80f2c8a1f5af429b955637beea7eead30 https://git.kernel.org/stable/c/2d27a7b19cb354c6d04bcdc9239e261ff29858d6 https://git.kernel.org/stable/c/f4bb1d5daf77b1a95a43277268adf0d1430c2346 https://git.kernel.org/stable/c/4e6cef3fae5c164968118a13f3fe293700adc81a https://git.kernel.org/stable/c/9a416d624e5fb7246ea97c11fbfea7e0e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2023-52669 – crypto: s390/aes - Fix buffer overread in CTR mode
https://notcve.org/view.php?id=CVE-2023-52669
In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn't a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: s390/aes - Corrige la sobrelectura del buffer en modo CTR Al procesar el último bloque, el código ctr s390 siempre leerá un bloque completo, incluso si no hay un bloque completo de datos restantes. Solucione este problema utilizando la longitud real restante y cópielo primero en un búfer para procesarlo. • https://git.kernel.org/stable/c/0200f3ecc19660bebeabbcbaf212957fcf1dbf8f https://git.kernel.org/stable/c/cd51e26a3b89706beec64f2d8296cfb1c34e0c79 https://git.kernel.org/stable/c/a7f580cdb42ec3d53bbb7c4e4335a98423703285 https://git.kernel.org/stable/c/dbc9a791a70ea47be9f2acf251700fe254a2ab23 https://git.kernel.org/stable/c/d68ac38895e84446848b7647ab9458d54cacba3e https://git.kernel.org/stable/c/e78f1a43e72daf77705ad5b9946de66fc708b874 https://git.kernel.org/stable/c/d07f951903fa9922c375b8ab1ce81b18a0034e3b https://lists.debian.org/debian-lts-announce/2024/06/ •