CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-46763 – fou: Fix null-ptr-deref in GRO.
https://notcve.org/view.php?id=CVE-2024-46763
In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host... fou_gro_receive (net/ipv4/fou.c:233) [fou] udp_gro_receive (include/linux/netdevice.h:2552 net/ipv4/udp_offload.c:559) udp4_gro_receive (net/ipv4/udp_offload.c:604) inet_gro_receive (net/ipv4/af_inet.c:1549 (discriminator 7)) dev_gro_receive (net/core/dev.c:6035 (discriminator 4)) napi_gro_receive (net/core/dev.c:6170) ena_clean_rx_irq (drivers/amazon/net/ena/ena_netdev.c:1558) [ena] ena_io_poll (drivers/amazon/net/ena/ena_netdev.c:1742) [ena] napi_poll (net/core/dev.c:6847) net_rx_action (net/core/dev.c:6917) __do_softirq (arch/x86/include/asm/jump_label.h:25 include/linux/jump_label.h:200 include/trace/events/irq.h:142 kernel/softirq.c:299) asm_call_irq_on_stack (arch/x86/entry/entry_64.S:809) </IRQ> do_softirq_own_stack (arch/x86/include/asm/irq_stack.h:27 arch/x86/include/asm/irq_stack.h:77 arch/x86/kernel/irq_64.c:77) irq_exit_rcu (kernel/softirq.c:393 kernel/softirq.c:423 kernel/softirq.c:435) common_interrupt (arch/x86/kernel/irq.c:239) asm_common_interrupt (arch/x86/include/asm/idtentry.h:626) RIP: 0010:acpi_idle_do_entry (arch/x86/include/asm/irqflags.h:49 arch/x86/include/asm/irqflags.h:89 drivers/acpi/processor_idle.c:114 drivers/acpi/processor_idle.c:575) Code: 8b 15 d1 3c c4 02 ed c3 cc cc cc cc 65 48 8b 04 25 40 ef 01 00 48 8b 00 a8 08 75 eb 0f 1f 44 00 00 0f 00 2d d5 09 55 00 fb f4 <fa> c3 cc cc cc cc e9 be fc ff ff 66 66 2e 0f 1f 84 00 00 00 00 00 RSP: 0018:ffffffffb5603e58 EFLAGS: 00000246 RAX: 0000000000004000 RBX: ffff93dac0929c00 RCX: ffff93daee833900 RDX: ffff93daee800000 RSI: ffff93d ---truncated--- • https://git.kernel.org/stable/c/d92283e338f6d6503b7417536bf3478f466cbc01 https://git.kernel.org/stable/c/231c235d2f7a66f018f172e26ffd47c363f244ef https://git.kernel.org/stable/c/4494bccb52ffda22ce5a1163a776d970e6229e08 https://git.kernel.org/stable/c/d7567f098f54cb53ee3cee1c82e3d0ed9698b6b3 https://git.kernel.org/stable/c/1df42be305fe478ded1ee0c1d775f4ece713483b https://git.kernel.org/stable/c/c46cd6aaca81040deaea3500ba75126963294bd9 https://git.kernel.org/stable/c/7e4196935069947d8b70b09c1660b67b067e75cb •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46762 – xen: privcmd: Fix possible access to a freed kirqfd instance
https://notcve.org/view.php?id=CVE-2024-46762
In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmd_irqfd_assign() and privcmd_irqfd_deassign(). • https://git.kernel.org/stable/c/e997b357b13a7d95de31681fc54fcc34235fa527 https://git.kernel.org/stable/c/112fd2f02b308564724b8e81006c254d20945c4b https://git.kernel.org/stable/c/611ff1b1ae989a7bcce3e2a8e132ee30e968c557 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46761 – pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
https://notcve.org/view.php?id=CVE-2024-46761
In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-unplug path and it has been assigned with NULL, still during unregistration the code was again trying to explicitly disable the MSI which causes the NULL pointer dereference and kernel crash. The patch fixes the check during unregistration path to prevent invoking pci_disable_msi/msix() since its data structure is already freed. • https://git.kernel.org/stable/c/4eb4085c1346d19d4a05c55246eb93e74e671048 https://git.kernel.org/stable/c/c4c681999d385e28f84808bbf3a85ea8e982da55 https://git.kernel.org/stable/c/bc1faed19db95abf0933b104910a3fb01b138f59 https://git.kernel.org/stable/c/c0d8094dc740cfacf3775bbc6a1c4720459e8de4 https://git.kernel.org/stable/c/438d522227374042b5c8798f8ce83bbe479dca4d https://git.kernel.org/stable/c/b82d4d5c736f4fd2ed224c35f554f50d1953d21e https://git.kernel.org/stable/c/bfc44075b19740d372f989f21dd03168bfda0689 https://git.kernel.org/stable/c/335e35b748527f0c06ded9eebb65387f6 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-46760 – wifi: rtw88: usb: schedule rx work after everything is set up
https://notcve.org/view.php?id=CVE-2024-46760
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after everything is set up Right now it's possible to hit NULL pointer dereference in rtw_rx_fill_rx_status on hw object and/or its fields because initialization routine can start getting USB replies before rtw_dev is fully setup. The stack trace looks like this: rtw_rx_fill_rx_status rtw8821c_query_rx_desc rtw_usb_rx_handler ... queue_work rtw_usb_read_port_complete ... usb_submit_urb rtw_usb_rx_resubmit rtw_usb_init_rx rtw_usb_probe So while we do the async stuff rtw_usb_probe continues and calls rtw_register_hw, which does all kinds of initialization (e.g. via ieee80211_register_hw) that rtw_rx_fill_rx_status relies on. Fix this by moving the first usb_submit_urb after everything is set up. For me, this bug manifested as: [ 8.893177] rtw_8821cu 1-1:1.2: band wrong, packet dropped [ 8.910904] rtw_8821cu 1-1:1.2: hw->conf.chandef.chan NULL in rtw_rx_fill_rx_status because I'm using Larry's backport of rtw88 driver with the NULL checks in rtw_rx_fill_rx_status. • https://git.kernel.org/stable/c/c83d464b82a8ad62ec9077637f75d73fe955635a https://git.kernel.org/stable/c/25eaef533bf3ccc6fee5067aac16f41f280e343e https://git.kernel.org/stable/c/adc539784c98a7cc602cbf557debfc2e7b9be8b3 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-46759 – hwmon: (adc128d818) Fix underflows seen when writing limit attributes
https://notcve.org/view.php?id=CVE-2024-46759
In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. • https://git.kernel.org/stable/c/05419d0056dcf7088687e561bb583cc06deba777 https://git.kernel.org/stable/c/7645d783df23878342d5d8d22030c3861d2d5426 https://git.kernel.org/stable/c/2a3add62f183459a057336381ef3a896da01ce38 https://git.kernel.org/stable/c/019ef2d396363ecddc46e826153a842f8603799b https://git.kernel.org/stable/c/f7f5101af5b47a331cdbfa42ba64c507b47dd1fe https://git.kernel.org/stable/c/6891b11a0c6227ca7ed15786928a07b1c0e4d4af https://git.kernel.org/stable/c/b0bdb43852bf7f55ba02f0cbf00b4ea7ca897bff https://git.kernel.org/stable/c/8cad724c8537fe3e0da8004646abc0029 •