CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27033 – f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic
https://notcve.org/view.php?id=CVE-2024-27033
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic verify_blkaddr() will trigger panic once we inject fault into f2fs_is_valid_blkaddr(), fix to remove this unnecessary f2fs_bug_on(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: f2fs: solución para eliminar f2fs_bug_on() innecesario para evitar el pánico. verificar_blkaddr() provocará pánico una vez que inyectemos el error en f2fs_is_valid_blkaddr(), solución para eliminar este f2fs_bug_on() innecesario. • https://git.kernel.org/stable/c/18792e64c86dd7e34ba28e4f61faba472b7bf5fc https://git.kernel.org/stable/c/0386408036bfc8b50296d9e544ff91c4d52af2db https://git.kernel.org/stable/c/6633cdc8b2ebefcddcfcdacfd063105e60f39a49 https://git.kernel.org/stable/c/abe98a05e7162f64759bf9111108ebcb11322dec https://git.kernel.org/stable/c/b896e302f79678451a94769ddd9e52e954c64fbb •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27032 – f2fs: fix to avoid potential panic during recovery
https://notcve.org/view.php?id=CVE-2024-27032
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let's change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: f2fs: corrección para evitar un posible pánico durante la recuperación. Durante la recuperación, si FAULT_BLOCK está activado, es posible que f2fs_reserve_new_block() devuelva -ENOSPC durante la recuperación, lo que puede provocar pánico. Además, si la tasa de inyección de fallas es 1 y solo el tipo de falla FAULT_BLOCK está activado, es posible que se produzca un bucle muerto en el bucle de reserva de bloque. Cambiemos como se muestra a continuación para solucionar estos problemas: - elimine bug_on() para evitar el pánico. - limitar el número de bucles de reserva de bloques para evitar posibles bucles muertos. • https://git.kernel.org/stable/c/b1020a546779139eec5d930e15ce534c1101b89c https://git.kernel.org/stable/c/2a7b12d4705bc308cf18eae2b69ec8db34881cc3 https://git.kernel.org/stable/c/b29cc6e29b5e6037e1bcd2b2ac67b7d89acd194c https://git.kernel.org/stable/c/956fa1ddc132e028f3b7d4cf17e6bfc8cb36c7fd https://git.kernel.org/stable/c/bc1fb291f36dd1d9d667241d9fe30b835dbb8ee8 https://git.kernel.org/stable/c/9fceaf8182d453639cddb7f4a6877a1e1564de39 https://git.kernel.org/stable/c/80c69f576ff39d6ae8a6e2107da3dc03b533759c https://git.kernel.org/stable/c/b4fb0807a1d60f8642a5fd62bd659cd60 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27031 – NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
https://notcve.org/view.php?id=CVE-2024-27031
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt The loop inside nfs_netfs_issue_read() currently does not disable interrupts while iterating through pages in the xarray to submit for NFS read. This is not safe though since after taking xa_lock, another page in the mapping could be processed for writeback inside an interrupt, and deadlock can occur. The fix is simple and clean if we use xa_for_each_range(), which handles the iteration with RCU while reducing code complexity. The problem is easily reproduced with the following test: mount -o vers=3,fsc 127.0.0.1:/export /mnt/nfs dd if=/dev/zero of=/mnt/nfs/file1.bin bs=4096 count=1 echo 3 > /proc/sys/vm/drop_caches dd if=/mnt/nfs/file1.bin of=/dev/null umount /mnt/nfs On the console with a lockdep-enabled kernel a message similar to the following will be seen: ================================ WARNING: inconsistent lock state 6.7.0-lockdbg+ #10 Not tainted -------------------------------- inconsistent {IN-SOFTIRQ-W} -> {SOFTIRQ-ON-W} usage. test5/1708 [HC0[0]:SC0[0]:HE1:SE1] takes: ffff888127baa598 (&xa->xa_lock#4){+.?.}-{3:3}, at: nfs_netfs_issue_read+0x1b2/0x4b0 [nfs] {IN-SOFTIRQ-W} state was registered at: lock_acquire+0x144/0x380 _raw_spin_lock_irqsave+0x4e/0xa0 __folio_end_writeback+0x17e/0x5c0 folio_end_writeback+0x93/0x1b0 iomap_finish_ioend+0xeb/0x6a0 blk_update_request+0x204/0x7f0 blk_mq_end_request+0x30/0x1c0 blk_complete_reqs+0x7e/0xa0 __do_softirq+0x113/0x544 __irq_exit_rcu+0xfe/0x120 irq_exit_rcu+0xe/0x20 sysvec_call_function_single+0x6f/0x90 asm_sysvec_call_function_single+0x1a/0x20 pv_native_safe_halt+0xf/0x20 default_idle+0x9/0x20 default_idle_call+0x67/0xa0 do_idle+0x2b5/0x300 cpu_startup_entry+0x34/0x40 start_secondary+0x19d/0x1c0 secondary_startup_64_no_verify+0x18f/0x19b irq event stamp: 176891 hardirqs last enabled at (176891): [<ffffffffa67a0be4>] _raw_spin_unlock_irqrestore+0x44/0x60 hardirqs last disabled at (176890): [<ffffffffa67a0899>] _raw_spin_lock_irqsave+0x79/0xa0 softirqs last enabled at (176646): [<ffffffffa515d91e>] __irq_exit_rcu+0xfe/0x120 softirqs last disabled at (176633): [<ffffffffa515d91e>] __irq_exit_rcu+0xfe/0x120 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&xa->xa_lock#4); <Interrupt> lock(&xa->xa_lock#4); *** DEADLOCK *** 2 locks held by test5/1708: #0: ffff888127baa498 (&sb->s_type->i_mutex_key#22){++++}-{4:4}, at: nfs_start_io_read+0x28/0x90 [nfs] #1: ffff888127baa650 (mapping.invalidate_lock#3){.+.+}-{4:4}, at: page_cache_ra_unbounded+0xa4/0x280 stack backtrace: CPU: 6 PID: 1708 Comm: test5 Kdump: loaded Not tainted 6.7.0-lockdbg+ Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-1.fc39 04/01/2014 Call Trace: dump_stack_lvl+0x5b/0x90 mark_lock+0xb3f/0xd20 __lock_acquire+0x77b/0x3360 _raw_spin_lock+0x34/0x80 nfs_netfs_issue_read+0x1b2/0x4b0 [nfs] netfs_begin_read+0x77f/0x980 [netfs] nfs_netfs_readahead+0x45/0x60 [nfs] nfs_readahead+0x323/0x5a0 [nfs] read_pages+0xf3/0x5c0 page_cache_ra_unbounded+0x1c8/0x280 filemap_get_pages+0x38c/0xae0 filemap_read+0x206/0x5e0 nfs_file_read+0xb7/0x140 [nfs] vfs_read+0x2a9/0x460 ksys_read+0xb7/0x140 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFS: corrige el bloqueo de matriz x de nfs_netfs_issue_read() para interrupción de escritura regresiva. El bucle dentro de nfs_netfs_issue_read() actualmente no deshabilita las interrupciones mientras se itera a través de páginas en la matriz x para enviarlas a lectura NFS. • https://git.kernel.org/stable/c/000dbe0bec058cbf2ca9e156e4a5584f5158b0f9 https://git.kernel.org/stable/c/ad27382f8495f8ef6d2c66c413d756bfd13c0598 https://git.kernel.org/stable/c/8df1678c021ffeb20ef8a203bd9413f3ed9b0e9a https://git.kernel.org/stable/c/8a2e5977cecd3cde6a0e3e86b7b914d00240e5dc https://git.kernel.org/stable/c/fd5860ab6341506004219b080aea40213b299d2e •
CVSS: 5.8EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27030 – octeontx2-af: Use separate handlers for interrupts
https://notcve.org/view.php?id=CVE-2024-27030
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: octeontx2-af: utilice controladores separados para las interrupciones. Para el vector de interrupción PF a AF y el vector VF a AF, se registra el mismo controlador de interrupciones, lo que provoca la condición de ejecución. Cuando se generan dos interrupciones en dos CPU al mismo tiempo, dos núcleos atienden el mismo evento y corrompen los datos. • https://git.kernel.org/stable/c/7304ac4567bcb72fd57cc79582bf53ca7840136f https://git.kernel.org/stable/c/94cb17e5cf3a3c484063abc0ce4b8a2b2e8c1cb2 https://git.kernel.org/stable/c/766c2627acb2d9d1722cce2e24837044d52d888a https://git.kernel.org/stable/c/772f18ded0e240cc1fa2b7020cc640e3e5c32b70 https://git.kernel.org/stable/c/29d2550d79a8cbd31e0fbaa5c0e2a2efdc444e44 https://git.kernel.org/stable/c/dc29dd00705a62c77de75b6d752259b869aac49d https://git.kernel.org/stable/c/ad6759e233db6fcc131055f8e23b4eafbe81053c https://git.kernel.org/stable/c/4fedae8f9eafa2ac8cdaca58e315f52a7 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27029 – drm/amdgpu: fix mmhub client id out-of-bounds access
https://notcve.org/view.php?id=CVE-2024-27029
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mmhub client id out-of-bounds access Properly handle cid 0x140. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige el acceso fuera de los límites del ID del cliente mmhub. Maneja correctamente el cid 0x140. • https://git.kernel.org/stable/c/aba2be41470a11629c8378c3651323d7e5416df6 https://git.kernel.org/stable/c/e1e076bda4fd6378ae650f2c6ef1a4ff93c5aea5 https://git.kernel.org/stable/c/1f24b3040f2b6ffcb97151fabb3070328254d923 https://git.kernel.org/stable/c/6540ff6482c1a5a6890ae44b23d0852ba1986d9e •