CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35968 – pds_core: Fix pdsc_check_pci_health function to use work thread
https://notcve.org/view.php?id=CVE-2024-35968
In the Linux kernel, the following vulnerability has been resolved: pds_core: Fix pdsc_check_pci_health function to use work thread When the driver notices fw_status == 0xff it tries to perform a PCI reset on itself via pci_reset_function() in the context of the driver's health thread. However, pdsc_reset_prepare calls pdsc_stop_health_thread(), which attempts to stop/flush the health thread. This results in a deadlock because the stop/flush will never complete since the driver called pci_reset_function() from the health thread context. Fix by changing the pdsc_check_pci_health_function() to queue a newly introduced pdsc_pci_reset_thread() on the pdsc's work queue. Unloading the driver in the fw_down/dead state uncovered another issue, which can be seen in the following trace: WARNING: CPU: 51 PID: 6914 at kernel/workqueue.c:1450 __queue_work+0x358/0x440 [...] RIP: 0010:__queue_work+0x358/0x440 [...] Call Trace: <TASK> ? __warn+0x85/0x140 ? • https://git.kernel.org/stable/c/d9407ff11809c6812bb84fe7be9c1367d758e5c8 https://git.kernel.org/stable/c/bd8740928aacda3d9a4cbb77e2ca3a951f20ba6b https://git.kernel.org/stable/c/46826a3844068c0d3919eb4a24c3ba7bf5d24449 https://git.kernel.org/stable/c/38407914d48273d7f8ab765b9243658afe1c3ab6 https://git.kernel.org/stable/c/81665adf25d28a00a986533f1d3a5df76b79cad9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35967 – Bluetooth: SCO: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35967
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in sco_sock_setsockopt+0xc0b/0xf90 net/bluetooth/sco.c:893 Read of size 4 at addr ffff88805f7b15a3 by task syz-executor.5/12578 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: SCO: la solución no valida la entrada del usuario de setsockopt. syzbot informó que sco_sock_setsockopt() está copiando datos sin verificar la longitud de la entrada del usuario. BUG: KASAN: slab fuera de los límites en copy_from_sockptr_offset include/linux/sockptr.h:49 [en línea] BUG: KASAN: slab fuera de los límites en copy_from_sockptr include/linux/sockptr.h:55 [en línea] BUG: KASAN: slab fuera de los límites en sco_sock_setsockopt+0xc0b/0xf90 net/bluetooth/sco.c:893 Lectura de tamaño 4 en la dirección ffff88805f7b15a3 mediante la tarea syz-executor.5/12578 • https://git.kernel.org/stable/c/b96e9c671b05f95126753a22145d4509d45ca197 https://git.kernel.org/stable/c/b0e30c37695b614bee69187f86eaf250e36606ce https://git.kernel.org/stable/c/7bc65d23ba20dcd7ecc094a12c181e594e5eb315 https://git.kernel.org/stable/c/72473db90900da970a16ee50ad23c2c38d107d8c https://git.kernel.org/stable/c/419a0ffca7010216f0fc265b08558d7394fa0ba7 https://git.kernel.org/stable/c/51eda36d33e43201e7a4fd35232e069b2c850b01 https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35966 – Bluetooth: RFCOMM: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35966
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [inline] BUG: KASAN: slab-out-of-bounds in rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/sock.c:673 Read of size 4 at addr ffff8880209a8bc3 by task syz-executor632/5064 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: RFCOMM: solución al no validar la entrada del usuario de setsockopt. Syzbot informó que rfcomm_sock_setsockopt_old() está copiando datos sin verificar la longitud de la entrada del usuario. BUG: KASAN: slab fuera de los límites en copy_from_sockptr_offset include/linux/sockptr.h:49 [en línea] BUG: KASAN: slab fuera de los límites en copy_from_sockptr include/linux/sockptr.h:55 [en línea] ERROR: KASAN: losa fuera de los límites en rfcomm_sock_setsockopt_old net/bluetooth/rfcomm/sock.c:632 [en línea] BUG: KASAN: losa fuera de los límites en rfcomm_sock_setsockopt+0x893/0xa70 net/bluetooth/rfcomm/ sock.c:673 Lectura de tamaño 4 en addr ffff8880209a8bc3 por tarea syz-executor632/5064 • https://git.kernel.org/stable/c/9f2c8a03fbb3048cf38b158f87aa0c3c09bca084 https://git.kernel.org/stable/c/eea40d33bf936a5c7fb03c190e61e0cfee00e872 https://git.kernel.org/stable/c/4ea65e2095e9bd151d0469328dd7fc2858feb546 https://git.kernel.org/stable/c/c3f787a3eafe519c93df9abbb0ca5145861c8d0f https://git.kernel.org/stable/c/a97de7bff13b1cc825c1b1344eaed8d6c2d3e695 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-35965 – Bluetooth: L2CAP: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35965
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: L2CAP: solución que no valida la entrada del usuario de setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. • https://git.kernel.org/stable/c/33575df7be6748292f88453f29319af6d639c5c8 https://git.kernel.org/stable/c/9d42f373391211c7c8af66a3a316533a32b8a607 https://git.kernel.org/stable/c/8ee0c132a61df9723813c40e742dc5321824daa9 https://git.kernel.org/stable/c/4f3951242ace5efc7131932e2e01e6ac6baed846 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35964 – Bluetooth: ISO: Fix not validating setsockopt user input
https://notcve.org/view.php?id=CVE-2024-35964
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix not validating setsockopt user input Check user input length before copying data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Bluetooth: ISO: Corrección al no validar la entrada del usuario setsockopt. Verifique la longitud de la entrada del usuario antes de copiar datos. • https://git.kernel.org/stable/c/ccf74f2390d60a2f9a75ef496d2564abb478f46a https://git.kernel.org/stable/c/0c4a89f4690478969729c7ba5f69d53d8516aa12 https://git.kernel.org/stable/c/9e8742cdfc4b0e65266bb4a901a19462bda9285e •