CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27047 – net: phy: fix phy_get_internal_delay accessing an empty array
https://notcve.org/view.php?id=CVE-2024-27047
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test should be delay >= 0. As there is already delay < 0 test just before, the test could only be size == 0. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:phy: fix phy_get_internal_delay accediendo a un array vacío La función phy_get_internal_delay podría intentar acceder a un array vacío en el caso de que el driver esté llamando a phy_get_internal_delay sin definir delay_values y rx-internal- delay-ps o tx-internal-delay-ps se define en 0 en el árbol de dispositivos. Esto provocará que "no se pueda manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0". • https://git.kernel.org/stable/c/92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8 https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563 https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27046 – nfp: flower: handle acti_netdevs allocation failure
https://notcve.org/view.php?id=CVE-2024-27046
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfp: flor: manejar el error de asignación de acti_netdevs El kmalloc_array() en nfp_fl_lag_do_work() devolverá nulo, si la memoria física se ha agotado. Como resultado, si eliminamos la referencia a acti_netdevs, se producirán errores de desreferencia del puntero nulo. Este parche agrega una verificación para juzgar si se produce una falla en la asignación. • https://git.kernel.org/stable/c/bb9a8d031140f186d13d82f57b0f5646d596652f https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5 https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3 https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642 https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27045 – drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
https://notcve.org/view.php?id=CVE-2024-27045
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona un posible desbordamiento del búfer en 'dp_dsc_clock_en_read()' Dile a snprintf() que almacene como máximo 10 bytes en el búfer de salida en lugar de 30. Corrige lo siguiente : drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() está imprimiendo demasiado 30 vs 10 • https://git.kernel.org/stable/c/c06e09b76639657f284bfaf1cce29557a2515e85 https://git.kernel.org/stable/c/ff28893c96c5e0927a4da10cd24a3522ca663515 https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877 https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7 https://git.kernel.org/stable/c/eb9327af3621d26b1d83f767c97a3fe8191a3a65 https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4 https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27044 – drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
https://notcve.org/view.php?id=CVE-2024-27044
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige posibles desreferencias del puntero NULL en 'dcn10_set_output_transfer_func()'. El puntero 'stream' se usa en dcn10_set_output_transfer_func() antes de verificar si 'stream' es NULL. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() advertencia: variable desreferenciada antes de verificar 'flujo' (ver línea 1875) • https://git.kernel.org/stable/c/ddef02de0d71d483ad4398393717cc0d53fc990a https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08 https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0 https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7 https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7 https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27043 – media: edia: dvbdev: fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-27043
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: edia: dvbdev: corregir un use-after-free En dvb_register_device, *pdvbdev se establece igual a dvbdev, que se libera en varias rutas de manejo de errores. • https://git.kernel.org/stable/c/b61901024776b25ce7b8edc31bb1757c7382a88e https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856 https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644 https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712 https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62 https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f •