CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2023-52659 – x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type
https://notcve.org/view.php?id=CVE-2023-52659
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type On 64-bit platforms, the pfn_to_kaddr() macro requires that the input value is 64 bits in order to ensure that valid address bits don't get lost when shifting that input by PAGE_SHIFT to calculate the physical address to provide a virtual address for. One such example is in pvalidate_pages() (used by SEV-SNP guests), where the GFN in the struct used for page-state change requests is a 40-bit bit-field, so attempts to pass this GFN field directly into pfn_to_kaddr() ends up causing guest crashes when dealing with addresses above the 1TB range due to the above. Fix this issue with SEV-SNP guests, as well as any similar cases that might cause issues in current/future code, by using an inline function, instead of a macro, so that the input is implicitly cast to the expected 64-bit input type prior to performing the shift operation. While it might be argued that the issue is on the caller side, other archs/macros have taken similar approaches to deal with instances like this, such as ARM explicitly casting the input to phys_addr_t: e48866647b48 ("ARM: 8396/1: use phys_addr_t in pfn_to_kaddr()") A C inline function is even better though. [ mingo: Refined the changelog some more & added __always_inline. ] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/mm: garantiza que la entrada a pfn_to_kaddr() se trate como un tipo de 64 bits. En plataformas de 64 bits, la macro pfn_to_kaddr() requiere que el valor de entrada sea de 64 bits en para garantizar que los bits de dirección válidos no se pierdan al cambiar esa entrada mediante PAGE_SHIFT para calcular la dirección física para la que proporcionar una dirección virtual. Un ejemplo de ello es pvalidate_pages() (utilizado por invitados SEV-SNP), donde el GFN en la estructura utilizada para las solicitudes de cambio de estado de página es un campo de bits de 40 bits, por lo que se intenta pasar este campo GFN directamente a pfn_to_kaddr( ) termina causando fallas en los invitados cuando se trata de direcciones por encima del rango de 1 TB debido a lo anterior. Solucione este problema con los invitados SEV-SNP, así como cualquier caso similar que pueda causar problemas en el código actual/futuro, utilizando una función en línea, en lugar de una macro, de modo que la entrada se convierta implícitamente a la entrada esperada de 64 bits. tipo antes de realizar la operación de cambio. Si bien se podría argumentar que el problema está en el lado de la persona que llama, otros arcos/macros han adoptado enfoques similares para lidiar con casos como este, como ARM que envía explícitamente la entrada a phys_addr_t: e48866647b48 ("ARM: 8396/1: use phys_addr_t in pfn_to_kaddr()") La función en línea AC es aún mejor. • https://git.kernel.org/stable/c/6c3211796326a9d35618b866826ca556c8f008a8 https://git.kernel.org/stable/c/325956b0173f11e98f90462be4829a8b8b0682ce https://git.kernel.org/stable/c/7e1471888a5e6e846e9b4d306e5327db2b58e64e https://git.kernel.org/stable/c/814305b5c23cb815ada68d43019f39050472b25f https://git.kernel.org/stable/c/8e5647a723c49d73b9f108a8bb38e8c29d3948ea •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27431 – cpumap: Zero-initialise xdp_rxq_info struct before running XDP program
https://notcve.org/view.php?id=CVE-2024-27431
In the Linux kernel, the following vulnerability has been resolved: cpumap: Zero-initialise xdp_rxq_info struct before running XDP program When running an XDP program that is attached to a cpumap entry, we don't initialise the xdp_rxq_info data structure being used in the xdp_buff that backs the XDP program invocation. Tobias noticed that this leads to random values being returned as the xdp_md->rx_queue_index value for XDP programs running in a cpumap. This means we're basically returning the contents of the uninitialised memory, which is bad. Fix this by zero-initialising the rxq data structure before running the XDP program. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cpumap: Inicializa a cero la estructura xdp_rxq_info antes de ejecutar el programa XDP Cuando ejecutas un programa XDP que está adjunto a una entrada de cpumap, no inicializamos la estructura de datos xdp_rxq_info que se utiliza en xdp_buff que respalda la invocación del programa XDP. Tobias notó que esto lleva a que se devuelvan valores aleatorios como el valor xdp_md->rx_queue_index para programas XDP que se ejecutan en un cpumap. • https://git.kernel.org/stable/c/9216477449f33cdbc9c9a99d49f500b7fbb81702 https://git.kernel.org/stable/c/5f4e51abfbe6eb444fa91906a5cd083044278297 https://git.kernel.org/stable/c/f0363af9619c77730764f10360e36c6445c12f7b https://git.kernel.org/stable/c/3420b3ff1ff489c177ea1cb7bd9fbbc4e9a0be95 https://git.kernel.org/stable/c/f562e4c4aab00986dde3093c4be919c3f2b85a4a https://git.kernel.org/stable/c/eaa7cb836659ced2d9f814ac32aa3ec193803ed6 https://git.kernel.org/stable/c/2487007aa3b9fafbd2cb14068f49791ce1d7ede5 https://lists.debian.org/debian-lts-announce/2024/06/ • CWE-908: Use of Uninitialized Resource •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27419 – netrom: Fix data-races around sysctl_net_busy_read
https://notcve.org/view.php?id=CVE-2024-27419
In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netrom: corrige carreras de datos alrededor de sysctl_net_busy_read Necesitamos proteger al lector que lee el valor de sysctl porque el valor se puede cambiar simultáneamente. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/d623fd5298d95b65d27ef5a618ebf39541074856 https://git.kernel.org/stable/c/f9055fa2b2931261d5f89948ee5bc315b6a22d4a https://git.kernel.org/stable/c/bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3 https://git.kernel.org/stable/c/0866afaff19d8460308b022345ed116a12b1d0e1 https://git.kernel.org/stable/c/43464808669ba9d23996f0b6d875450191687caf https://git.kernel.org/stable/c/34cab94f7473e7b09f5205d4583fb5096cb63b5b https://git.kernel.org/stable/c/16d71319e29d5825ab53f263b59fdd8dc •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52658 – Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
https://notcve.org/view.php?id=CVE-2023-52658
In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Revertir "net/mlx5: Block entering switchdev mode with ns inconsistency" Esto revierte la confirmación 662404b24a4c4d839839ed25e3097571f5938b9b. La reversión es necesaria debido a la sospecha de que no sirve para nada y provoca un bloqueo. • https://git.kernel.org/stable/c/662404b24a4c4d839839ed25e3097571f5938b9b https://git.kernel.org/stable/c/93260bd809e0ce44fda463ebc590376e24d8cc11 https://git.kernel.org/stable/c/882b988a3897062abed5f935de527797913f5876 https://git.kernel.org/stable/c/3fba8eab2cfc7334e0f132d29dfd2552f2f2a579 https://git.kernel.org/stable/c/1bcdd66d33edb446903132456c948f0b764ef2f9 https://git.kernel.org/stable/c/8deeefb24786ea7950b37bde4516b286c877db00 https://access.redhat.com/security/cve/CVE-2023-52658 https://bugzilla.redhat.com/show_bug.cgi?id=2281149 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27418 – net: mctp: take ownership of skb in mctp_local_output
https://notcve.org/view.php?id=CVE-2024-27418
In the Linux kernel, the following vulnerability has been resolved: net: mctp: take ownership of skb in mctp_local_output Currently, mctp_local_output only takes ownership of skb on success, and we may leak an skb if mctp_local_output fails in specific states; the skb ownership isn't transferred until the actual output routing occurs. Instead, make mctp_local_output free the skb on all error paths up to the route action, so it always consumes the passed skb. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: mctp: toma posesión de skb en mctp_local_output Actualmente, mctp_local_output solo toma propiedad de skb en caso de éxito, y podemos filtrar un fallo skb si mctp_local_output en estados específicos; la propiedad del skb no se transfiere hasta que se produce el enrutamiento de salida real. En su lugar, haga que mctp_local_output libere el skb en todas las rutas de error hasta la acción de ruta, de modo que siempre consuma el skb pasado. • https://git.kernel.org/stable/c/833ef3b91de692ef33b800bca6b1569c39dece74 https://git.kernel.org/stable/c/a3c8fa54e904b0ddb52a08cc2d8ac239054f61fd https://git.kernel.org/stable/c/cbebc55ceacef1fc0651e80e0103cc184552fc68 https://git.kernel.org/stable/c/a639441c880ac479495e5ab37e3c29f21ae5771b https://git.kernel.org/stable/c/3773d65ae5154ed7df404b050fd7387a36ab5ef3 •