CVE-2021-46906 – HID: usbhid: fix info leak in hid_submit_ctrl
https://notcve.org/view.php?id=CVE-2021-46906
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: usbhid: corrige fuga de información en hid_submit_ctrl En hid_submit_ctrl(), la forma de calcular la longitud del informe no tiene en cuenta que el tamaño del informe->puede ser cero. • https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366 https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0 https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82 https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1 https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9 https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8 https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5d • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2020-36775 – f2fs: fix to avoid potential deadlock
https://notcve.org/view.php?id=CVE-2020-36775
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential deadlock like we did in f2fs_write_single_data_page(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: corrección para evitar un posible interbloqueo Usando f2fs_trylock_op() en f2fs_write_compressed_pages() para evitar un posible interbloqueo como lo hicimos en f2fs_write_single_data_page(). • https://git.kernel.org/stable/c/0478ccdc8ea016de1ebaf6fe6da0275c2b258c5b https://git.kernel.org/stable/c/8e8542437bb4070423c9754d5ba270ffdbae8c8d https://git.kernel.org/stable/c/df77fbd8c5b222c680444801ffd20e8bbc90a56e • CWE-667: Improper Locking •
CVE-2019-25160 – netlabel: fix out-of-bounds memory accesses
https://notcve.org/view.php?id=CVE-2019-25160
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the fixes are straightforward. As a FYI for anyone backporting this patch to kernels prior to v4.8, you'll want to apply the netlbl_bitmap_walk() patch to cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before Linux v4.8. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netlabel: corrige accesos a memoria fuera de los límites Hay dos accesos a memoria fuera de los límites de matriz, uno en cipso_v4_map_lvl_valid() y el otro en netlbl_bitmap_walk(). Ambos errores son vergonzosamente simples y las soluciones son sencillas. Para su información, cualquiera que esté implementando este parche en kernels anteriores a v4.8, querrá aplicar el parche netlbl_bitmap_walk() a cipso_v4_bitmap_walk() ya que netlbl_bitmap_walk() no existe antes de Linux v4.8. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272 https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950 https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000 https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba6413 • CWE-125: Out-of-bounds Read •
CVE-2024-26606 – binder: signal epoll threads of self-work
https://notcve.org/view.php?id=CVE-2024-26606
In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: carpeta: señal de epoll de subprocesos de autotrabajo En el modo (e)poll, los subprocesos a menudo dependen de eventos de E/S para determinar cuándo los datos están listos para el consumo. • https://git.kernel.org/stable/c/457b9a6f09f011ebcb9b52cc203a6331a6fc2de7 https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240 •
CVE-2022-48626 – moxart: fix potential use-after-free on remove path
https://notcve.org/view.php?id=CVE-2022-48626
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and using it instead of the pointer dereference. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: moxart: corrige el posible use-after-free en la ruta de eliminación. Se informó que se podía acceder a la estructura del host mmc después de que se liberó en moxart_remove(), así que solucione este problema guardando el registro base del dispositivo y usarlo en lugar de la desreferencia del puntero. • https://git.kernel.org/stable/c/f5dc193167591e88797262ec78515a0cbe79ff5f https://git.kernel.org/stable/c/e6f580d0b3349646d4ee1ce0057eb273e8fb7e2e https://git.kernel.org/stable/c/9c25d5ff1856b91bd4365e813f566cb59aaa9552 https://git.kernel.org/stable/c/3a0a7ec5574b510b067cfc734b8bdb6564b31d4e https://git.kernel.org/stable/c/be93028d306dac9f5b59ebebd9ec7abcfc69c156 https://git.kernel.org/stable/c/af0e6c49438b1596e4be8a267d218a0c88a42323 https://git.kernel.org/stable/c/7f901d53f120d1921f84f7b9b118e87e94b403c5 https://git.kernel.org/stable/c/bd2db32e7c3e35bd4d9b8bbff689434a5 • CWE-416: Use After Free •