CVE-2024-26955 – nilfs2: prevent kernel bug at submit_bh_wbc()
https://notcve.org/view.php?id=CVE-2024-26955
In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at submit_bh_wbc() Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent behavior is not due to a previously fixed bug, then an unexpected race is occurring, so return a temporary error -EAGAIN instead. This prevents callers such as __block_write_begin_int() from requesting a read into a buffer that is not mapped, which would cause the BUG_ON check for the BH_Mapped flag in submit_bh_wbc() to fail. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nilfs2: previene el error del kernel en submit_bh_wbc(). Se corrige un error por el cual nilfs_get_block() devuelve un estado exitoso cuando la búsqueda y la inserción del bloque especificado fallan de manera inconsistente. Si este comportamiento inconsistente no se debe a un error solucionado previamente, entonces se está produciendo una ejecución inesperada, por lo que se devuelve un error temporal -EAGAIN. • https://git.kernel.org/stable/c/1f5abe7e7dbcd83e73212c6cb135a6106cea6a0b https://git.kernel.org/stable/c/91e4c4595fae5e87069e44687ae879091783c183 https://git.kernel.org/stable/c/32eaee72e96590a75445c8a6c7c1057673b47e07 https://git.kernel.org/stable/c/f0fe7ad5aff4f0fcf988913313c497de85f1e186 https://git.kernel.org/stable/c/ca581d237f3b8539c044205bb003de71d75d227c https://git.kernel.org/stable/c/192e9f9078c96be30b31c4b44d6294b24520fce5 https://git.kernel.org/stable/c/0c8aa4cfda4e4adb15d5b6536d155eca9c9cd44c https://git.kernel.org/stable/c/48d443d200237782dc82e6b60663ec414 •
CVE-2024-26954 – ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()
https://notcve.org/view.php?id=CVE-2024-26954
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() If ->NameOffset of smb2_create_req is smaller than Buffer offset of smb2_create_req, slab-out-of-bounds read can happen from smb2_open. This patch set the minimum value of the name offset to the buffer offset to validate name length of smb2_create_req(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige slab-out-of-bounds en smb_strndup_from_utf16() Si ->NameOffset de smb2_create_req es menor que el desplazamiento del búfer de smb2_create_req, puede ocurrir una lectura de slab-out-of-bounds de smb2_open. Este parche establece el valor mínimo del desplazamiento del nombre en el desplazamiento del búfer para validar la longitud del nombre de smb2_create_req(). • https://git.kernel.org/stable/c/3b8da67191e938a63d2736dabb4ac5d337e5de57 https://git.kernel.org/stable/c/4f97e6a9d62cb1fce82fbf4baff44b83221bc178 https://git.kernel.org/stable/c/a80a486d72e20bd12c335bcd38b6e6f19356b0aa •
CVE-2024-26952 – ksmbd: fix potencial out-of-bounds when buffer offset is invalid
https://notcve.org/view.php?id=CVE-2024-26952
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minimum value of buffer offset field to ->Buffer offset to validate buffer length. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ksmbd: corrige posibles límites cuando el desplazamiento del búfer no es válido. Encontré posibles límites cuando los campos de desplazamiento del búfer de algunas solicitudes no son válidos. Este parche establece el valor mínimo del campo de compensación del búfer en ->Desplazamiento del búfer para validar la longitud del búfer. • https://git.kernel.org/stable/c/39bdc4197acf2ed13269167ccf093ee28cfa2a4e https://git.kernel.org/stable/c/2dcda336b6e80b72d58d30d40f2fad9724e5fe63 https://git.kernel.org/stable/c/0c5541b4c980626fa3cab16ba1a451757778bbb5 https://git.kernel.org/stable/c/c6cd2e8d2d9aa7ee35b1fa6a668e32a22a9753da • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read •
CVE-2024-26948 – drm/amd/display: Add a dc_state NULL check in dc_state_release
https://notcve.org/view.php?id=CVE-2024-26948
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add a dc_state NULL check in dc_state_release [How] Check wheather state is NULL before releasing it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: agregue una verificación dc_state NULL en dc_state_release [Cómo] Verifique si el estado es NULL antes de liberarlo. • https://git.kernel.org/stable/c/d37a08f840485995e3fb91dad95e441b9d28a269 https://git.kernel.org/stable/c/334b56cea5d9df5989be6cf1a5898114fa70ad98 •
CVE-2024-26945 – crypto: iaa - Fix nr_cpus < nr_iaa case
https://notcve.org/view.php?id=CVE-2024-26945
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in rebalance_wq_table(). Make sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0 case, even though cpus_per_iaa is never used if nr_iaa == 0, for paranoia. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: iaa - Corrige el caso nr_cpus < nr_iaa Si nr_cpus < nr_iaa, el cpus_per_iaa calculado será 0, lo que provoca una división por 0 en rebalance_wq_table(). Asegúrese de que cpus_per_iaa sea 1 en ese caso, y también en el caso de nr_iaa == 0, aunque cpus_per_iaa nunca se use si nr_iaa == 0, para paranoia. • https://git.kernel.org/stable/c/a5ca1be7f9817de4e93085778b3ee2219bdc2664 https://git.kernel.org/stable/c/5a7e89d3315d1be86aff8a8bf849023cda6547f7 • CWE-369: Divide By Zero •