CVSS: 7.3EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52628 – netfilter: nftables: exthdr: fix 4-byte stack OOB write
https://notcve.org/view.php?id=CVE-2023-52628
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to clean the remainder of the register in case ->len is NOT a multiple of the register size, so make it conditional just like nft_payload.c does. The bug was added in 4.1 cycle and then copied/inherited when tcp/sctp and ip option support was added. Bug reported by Zero Day Initiative project (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nftables: exthdr: corrige escritura OOB de pila de 4 bytes Si priv->len es múltiplo de 4, entonces dst[len / 4] puede escribir más allá de la matriz de destino que conduce a la corrupción de la pila. Esta construcción es necesaria para limpiar el resto del registro en caso de que ->len NO sea un múltiplo del tamaño del registro, así que hágalo condicional tal como lo hace nft_payload.c. El error se agregó en el ciclo 4.1 y luego se copió/heredó cuando se agregó la compatibilidad con las opciones tcp/sctp e ip. Error informado por el proyecto Zero Day Initiative (ZDI-CAN-21950, ZDI-CAN-21951, ZDI-CAN-21961). • https://git.kernel.org/stable/c/49499c3e6e18b7677a63316f3ff54a16533dc28f https://git.kernel.org/stable/c/28a97c43c9e32f437ebb8d6126f9bb7f3ca9521a https://git.kernel.org/stable/c/cf39c4f77a773a547ac2bcf30ecdd303bb0c80cb https://git.kernel.org/stable/c/a7d86a77c33ba1c357a7504341172cc1507f0698 https://git.kernel.org/stable/c/1ad7b189cc1411048434e8595ffcbe7873b71082 https://git.kernel.org/stable/c/d9ebfc0f21377690837ebbd119e679243e0099cc https://git.kernel.org/stable/c/c8f292322ff16b9a2272a67de396c09a50e09dce https://git.kernel.org/stable/c/fd94d9dadee58e09b49075240fe83423e • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-26651 – sr9800: Add check for usbnet_get_endpoints
https://notcve.org/view.php?id=CVE-2024-26651
In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: sr9800: Agregar verificación para usbnet_get_endpoints Agregar verificación para usbnet_get_endpoints() y devolver el error si falla para transferir el error. • https://git.kernel.org/stable/c/19a38d8e0aa33b4f4d11d3b4baa902ad169daa80 https://git.kernel.org/stable/c/424eba06ed405d557077339edb19ce0ebe39e7c7 https://git.kernel.org/stable/c/8a8b6a24684bc278036c3f159f7b3a31ad89546a https://git.kernel.org/stable/c/6b4a39acafaf0186ed8e97c16e0aa6fca0e52009 https://git.kernel.org/stable/c/276873ae26c8d75b00747c1dadb9561d6ef20581 https://git.kernel.org/stable/c/9c402819620a842cbfe39359a3ddfaac9adc8384 https://git.kernel.org/stable/c/e39a3a14eafcf17f03c037290b78c8f483529028 https://git.kernel.org/stable/c/efba65777f98457773c5b65e3135c6132 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26648 – drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
https://notcve.org/view.php?id=CVE-2024-26648
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() In edp_setup_replay(), 'struct dc *dc' & 'struct dmub_replay *replay' was dereferenced before the pointer 'link' & 'replay' NULL check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() warn: variable dereferenced before check 'link' (see line 933) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: se corrigió la diferenciación de variables antes de la verificación NULL en edp_setup_replay() En edp_setup_replay(), se eliminó la referencia a 'struct dc *dc' y 'struct dmub_replay *replay' antes de la comprobación NULL del puntero 'enlace' y 'repetición'. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/dc/link/protocols/link_edp_panel_control.c:947 edp_setup_replay() advertencia: variable desreferenciada antes de marcar 'enlace' (ver línea 933) • https://git.kernel.org/stable/c/22ae604aea14756954e1c00ae653e34d2afd2935 https://git.kernel.org/stable/c/c02d257c654191ecda1dc1af6875d527e85310e7 https://git.kernel.org/stable/c/7073934f5d73f8b53308963cee36f0d389ea857c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-26647 – drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
https://notcve.org/view.php?id=CVE-2024-26647
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' In link_set_dsc_pps_packet(), 'struct display_stream_compressor *dsc' was dereferenced in a DC_LOGGER_INIT(dsc->ctx->logger); before the 'dsc' NULL pointer check. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() warn: variable dereferenced before check 'dsc' (see line 903) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: se corrigió la verificación de desrefrence tardía 'dsc' en 'link_set_dsc_pps_packet()'. En link_set_dsc_pps_packet(), se eliminó la referencia a 'struct display_stream_compressor *dsc' en un DC_LOGGER_INIT(dsc- >ctx->registrador); antes de la verificación del puntero NULL 'dsc'. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/dc/link/link_dpms.c:905 link_set_dsc_pps_packet() advertencia: variable desreferenciada antes de verificar 'dsc' (consulte la línea 903) • https://git.kernel.org/stable/c/6aa5ede6665122f4c8abce3c6eba06b49e54d25c https://git.kernel.org/stable/c/cf656fc7276e5b3709a81bc9d9639459be2b2647 https://git.kernel.org/stable/c/3bb9b1f958c3d986ed90a3ff009f1e77e9553207 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26646 – thermal: intel: hfi: Add syscore callbacks for system-wide PM
https://notcve.org/view.php?id=CVE-2024-26646
In the Linux kernel, the following vulnerability has been resolved: thermal: intel: hfi: Add syscore callbacks for system-wide PM The kernel allocates a memory buffer and provides its location to the hardware, which uses it to update the HFI table. This allocation occurs during boot and remains constant throughout runtime. When resuming from hibernation, the restore kernel allocates a second memory buffer and reprograms the HFI hardware with the new location as part of a normal boot. The location of the second memory buffer may differ from the one allocated by the image kernel. When the restore kernel transfers control to the image kernel, its HFI buffer becomes invalid, potentially leading to memory corruption if the hardware writes to it (the hardware continues to use the buffer from the restore kernel). It is also possible that the hardware "forgets" the address of the memory buffer when resuming from "deep" suspend. Memory corruption may also occur in such a scenario. To prevent the described memory corruption, disable HFI when preparing to suspend or hibernate. Enable it when resuming. Add syscore callbacks to handle the package of the boot CPU (packages of non-boot CPUs are handled via CPU offline). • https://git.kernel.org/stable/c/28f010dc50df0f7987c04112114fcfa7e0803566 https://git.kernel.org/stable/c/019ccc66d56a696a4dfee3bfa2f04d0a7c3d89ee https://git.kernel.org/stable/c/c9d6d63b6c03afaa6f185df249af693a7939577c https://git.kernel.org/stable/c/97566d09fd02d2ab329774bb89a2cdf2267e86d9 •