CVE-2024-50304 – ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()
https://notcve.org/view.php?id=CVE-2024-50304
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() The per-netns IP tunnel hash table is protected by the RTNL mutex and ip_tunnel_find() is only called from the control path where the mutex is taken. Add a lockdep expression to hlist_for_each_entry_rcu() in ip_tunnel_find() in order to validate that the mutex is held and to silence the suspicious RCU usage warning [1]. [1] WARNING: suspicious RCU usage 6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted ----------------------------- net/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!! • https://git.kernel.org/stable/c/c54419321455631079c7d6e60bc732dd0c5914c5 https://git.kernel.org/stable/c/27c1c98bd3b44b7c5f5c0ecfe1a1ec1240b73829 https://git.kernel.org/stable/c/f20fe2cfe06ca1b008b09da4f2b4e0c5547ccef6 https://git.kernel.org/stable/c/90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12 •
CVE-2024-50303 – resource,kexec: walk_system_ram_res_rev must retain resource flags
https://notcve.org/view.php?id=CVE-2024-50303
In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passing the information to the callback. This causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory to have these resources selected during kexec to store kexec buffers if that memory happens to be at placed above normal system ram. This leads to undefined behavior after reboot. • https://git.kernel.org/stable/c/7acf164b259d9007264d9d8501da1023f140a3b4 https://git.kernel.org/stable/c/dc9031b7919bd346514ea9a720f433b8daf3970d https://git.kernel.org/stable/c/b125a0def25a082ae944c9615208bf359abdb61c •
CVE-2024-50302 – HID: core: zero-initialize the report buffer
https://notcve.org/view.php?id=CVE-2024-50302
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. • https://git.kernel.org/stable/c/27ce405039bfe6d3f4143415c638f56a3df77dca https://git.kernel.org/stable/c/b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 https://git.kernel.org/stable/c/fe6c9b48ebc920ff21c10c50ab2729440c734254 https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26 https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5 https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d17 •
CVE-2024-50301 – security/keys: fix slab-out-of-bounds in key_task_permission
https://notcve.org/view.php?id=CVE-2024-50301
In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline] BUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410 security/keys/permission.c:54 Read of size 4 at addr ffff88813c3ab618 by task stress-ng/4362 CPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:123 print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 __kuid_val include/linux/uidgid.h:36 [inline] uid_eq include/linux/uidgid.h:63 [inline] key_task_permission+0x394/0x410 security/keys/permission.c:54 search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793 This issue was also reported by syzbot. It can be reproduced by following these steps(more details [1]): 1. ... As mentioned above, If a slot(slot 6) of the root points to a shortcut, it may be mistakenly transferred to a key*, leading to a read out-of-bounds read. To fix this issue, one should jump to descend_to_node if the ptr is a shortcut, regardless of whether the node is root or not. [1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/ [jarkko: tweaked the commit message a bit to have an appropriate closes tag.] • https://git.kernel.org/stable/c/b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 https://git.kernel.org/stable/c/c3ce634ad953ce48c75c39bdfd8b711dd95f346f https://git.kernel.org/stable/c/4efb69a0e294ef201bcdf7ce3d6202cd0a545a5d https://git.kernel.org/stable/c/1e4332581cd4eed75aea77af6f66cdcdda8b49b9 https://git.kernel.org/stable/c/199c20fb7499c79557a075dc24e9a7dae7d9f1ce https://git.kernel.org/stable/c/bbad2d5b6c99db468d8f88b6ba6a56ed409b4881 https://git.kernel.org/stable/c/3e79ad156bedf2da0ab909a118d2cec6c9c22b79 https://git.kernel.org/stable/c/e0a317ad68e4ea48a0158187238c5407e •
CVE-2024-50300 – regulator: rtq2208: Fix uninitialized use of regulator_config
https://notcve.org/view.php?id=CVE-2024-50300
In the Linux kernel, the following vulnerability has been resolved: regulator: rtq2208: Fix uninitialized use of regulator_config Fix rtq2208 driver uninitialized use to cause kernel error. • https://git.kernel.org/stable/c/85a11f55621a0c18b22b43ab4219450ac1d19386 https://git.kernel.org/stable/c/9b7c0405af667857b3ad24a7ef6723f5475a9e43 https://git.kernel.org/stable/c/64fbab934ae59be9caffc80a75450984b1e108e0 https://git.kernel.org/stable/c/2feb023110843acce790e9089e72e9a9503d9fa5 •