CVE-2024-53124 – net: fix data-races around sk->sk_forward_alloc
https://notcve.org/view.php?id=CVE-2024-53124
__pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 ---[ fin del seguimiento 000000000000000 ]--- Es posible que dos subprocesos llamen a tcp_v6_do_rcv()/sk_forward_alloc_add() simultáneamente cuando sk->sk_state == TCP_LISTEN con sk->sk_lock desbloqueado, lo que desencadena una carrera de datos alrededor de sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // establecer variable local recuperable __sk_mem_reclaim sk_forward_alloc_add() En este caso de prueba de syzkaller, dos subprocesos llaman a tcp_v6_do_rcv() con skb->truesize=768, sk_forward_alloc cambia de esta manera: (cpu 1) | (cpu 2) | sk_forward_alloc ... | ... | 0 __sk_mem_schedule() | | +4096 = 4096 | __sk_mem_schedule() | +4096 = 8192 sk_mem_charge() | | -768 = 7424 | sk_mem_charge() | -768 = 6656 ... | ... | sk_mem_uncharge() | | +768 = 7424 recuperable=7424 | | | sk_mem_uncharge() | +768 = 8192 | recuperable=8192 | __sk_mem_reclaim() | | -4096 = 4096 | __sk_mem_reclaim() | -8192 = -4096 ! • https://git.kernel.org/stable/c/e994b2f0fb9229aeff5eea9541320bd7b2ca8714 https://git.kernel.org/stable/c/d285eb9d0641c8344f2836081b4ccb7b3c5cc1b6 https://git.kernel.org/stable/c/073d89808c065ac4c672c0a613a71b27a80691cb •
CVE-2024-53121 – net/mlx5: fs, lock FTE when checking if active
https://notcve.org/view.php?id=CVE-2024-53121
__ ---truncated--- En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: fs, bloquear FTE al verificar si está activo Las confirmaciones a las que se hace referencia introdujeron un proceso de dos pasos para eliminar FTE: - Bloquear el FTE, eliminarlo del hardware, establecer la función de eliminación de hardware en NULL y desbloquear el FTE. - Bloquear el grupo de flujo principal, eliminar la copia de software del FTE y eliminarlo de la matriz x. • https://git.kernel.org/stable/c/718ce4d601dbf73b5dbe024a88c9e34168fe87f2 https://git.kernel.org/stable/c/0d568258f99f2076ab02e9234cbabbd43e12f30e https://git.kernel.org/stable/c/a508c74ceae2f5a4647f67c362126516d6404ed9 https://git.kernel.org/stable/c/5b47c2f47c2fe921681f4a4fe2790375e6c04cdd https://git.kernel.org/stable/c/bfba288f53192db08c68d4c568db9783fb9cb838 https://git.kernel.org/stable/c/094d1a2121cee1e85ab07d74388f94809dcfb5b9 https://git.kernel.org/stable/c/933ef0d17f012b653e9e6006e3f50c8d0238b5ed https://git.kernel.org/stable/c/9ca314419930f9135727e39d77e66262d •
CVE-2024-33063 – Integer Overflow or Wraparound in WLAN Host Communication
https://notcve.org/view.php?id=CVE-2024-33063
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. DOS transitorio mientras se analiza el ML IE cuando una baliza con una longitud de información común del ML IE es mayor que el ML IE dentro del cual está presente este elemento. • https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html • CWE-190: Integer Overflow or Wraparound •
CVE-2024-10490 – Authentication bypass flaw in several mapp components
https://notcve.org/view.php?id=CVE-2024-10490
An “Authentication Bypass Using an Alternate Path or Channel” vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project. • https://www.br-automation.com/fileadmin/SA22P014-90c4aa35.pdf • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2024-20139
https://notcve.org/view.php?id=CVE-2024-20139
This could lead to local denial of service with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/December-2024 • CWE-617: Reachable Assertion •