CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44940 – fou: remove warn in gue_gro_receive on unsupported protocol
https://notcve.org/view.php?id=CVE-2024-44940
In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks"). • https://git.kernel.org/stable/c/5a2e37bc648a2503bf6d687aed27b9f4455d82eb https://git.kernel.org/stable/c/3db4395332e7050ef9ddeb3052e6b5019f2a2a59 https://git.kernel.org/stable/c/440ab7f97261bc28501636a13998e1b1946d2e79 https://git.kernel.org/stable/c/dd89a81d850fa9a65f67b4527c0e420d15bf836c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44939 – jfs: fix null ptr deref in dtInsertEntry
https://notcve.org/view.php?id=CVE-2024-44939
In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 0 PID: 5061 Comm: syz-executor404 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 RIP: 0010:dtInsertEntry+0xd0c/0x1780 fs/jfs/jfs_dtree.c:3713 ... [Analyze] In dtInsertEntry(), when the pointer h has the same value as p, after writing name in UniStrncpy_to_le(), p->header.flag will be cleared. This will cause the previously true judgment "p->header.flag & BT-LEAF" to change to no after writing the name operation, this leads to entering an incorrect branch and accessing the uninitialized object ih when judging this condition for the second time. [Fix] After got the page, check freelist first, if freelist == 0 then exit dtInsert() and return -EINVAL. • https://git.kernel.org/stable/c/53023ab11836ac56fd75f7a71ec1356e50920fa9 https://git.kernel.org/stable/c/6ea10dbb1e6c58384136e9adfd75f81951e423f6 https://git.kernel.org/stable/c/9c2ac38530d1a3ee558834dfa16c85a40fd0e702 https://git.kernel.org/stable/c/ce6dede912f064a855acf6f04a04cbb2c25b8c8c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44938 – jfs: Fix shift-out-of-bounds in dbDiscardAG
https://notcve.org/view.php?id=CVE-2024-44938
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. • https://git.kernel.org/stable/c/bd04a149e3a29e7f71b7956ed41dba34e42d539e https://git.kernel.org/stable/c/f650148b43949ca9e37e820804bb6026fff404f3 https://git.kernel.org/stable/c/234e6ea0855cdb5673d54ecaf7dc5c78f3e84630 https://git.kernel.org/stable/c/7063b80268e2593e58bee8a8d709c2f3ff93e2f2 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-44935 – sctp: Fix null-ptr-deref in reuseport_add_sock().
https://notcve.org/view.php?id=CVE-2024-44935
In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in reuseport_add_sock(). [0] The repro first creates a listener with SO_REUSEPORT. Then, it creates another listener on the same port and concurrently closes the first listener. The second listen() calls reuseport_add_sock() with the first listener as sk2, where sk2->sk_reuseport_cb is not expected to be cleared concurrently, but the close() does clear it by reuseport_detach_sock(). The problem is SCTP does not properly synchronise reuseport_alloc(), reuseport_add_sock(), and reuseport_detach_sock(). The caller of reuseport_alloc() and reuseport_{add,detach}_sock() must provide synchronisation for sockets that are classified into the same reuseport group. Otherwise, such sockets form multiple identical reuseport groups, and all groups except one would be silently dead. 1. Two sockets call listen() concurrently 2. No socket in the same group found in sctp_ep_hashtable[] 3. Two sockets call reuseport_alloc() and form two reuseport groups 4. • https://git.kernel.org/stable/c/6ba84574026792ce33a40c7da721dea36d0f3973 https://git.kernel.org/stable/c/c9b3fc4f157867e858734e31022ebee8a24f0de7 https://git.kernel.org/stable/c/52319d9d2f522ed939af31af70f8c3a0f0f67e6c https://git.kernel.org/stable/c/54b303d8f9702b8ab618c5032fae886b16356928 https://git.kernel.org/stable/c/05e4a0fa248240efd99a539853e844f0f0a9e6a5 https://git.kernel.org/stable/c/1407be30fc17eff918a98e0a990c0e988f11dc84 https://git.kernel.org/stable/c/e809a84c802377ef61525a298a1ec1728759b913 https://git.kernel.org/stable/c/9ab0faa7f9ffe31296dbb9bbe6f76c72c •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44931 – gpio: prevent potential speculation leaks in gpio_device_get_desc()
https://notcve.org/view.php?id=CVE-2024-44931
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the gpio descriptor without sanitization in gpio_device_get_desc(). This change ensures that the offset is sanitized by using array_index_nospec() to mitigate any possibility of speculative information leaks. This bug was discovered and resolved using Coverity Static Analysis Security Testing (SAST) by Synopsys, Inc. • https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc https://git.kernel.org/stable/c/d776c0486b03a5c4afca65b8ff44573592bf93bb https://git.kernel.org/stable/c/d795848ecce24a75dfd46481aee066ae6fe39775 •