CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35916 – dma-buf: Fix NULL pointer dereference in sanitycheck()
https://notcve.org/view.php?id=CVE-2024-35916
In the Linux kernel, the following vulnerability has been resolved: dma-buf: Fix NULL pointer dereference in sanitycheck() If due to a memory allocation failure mock_chain() returns NULL, it is passed to dma_fence_enable_sw_signaling() resulting in NULL pointer dereference there. Call dma_fence_enable_sw_signaling() only if mock_chain() succeeds. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dma-buf: corrige la desreferencia del puntero NULL en sanitycheck(). Si debido a un error en la asignación de memoria, mock_chain() devuelve NULL, se pasa a dma_fence_enable_sw_signaling(), lo que genera una desreferencia del puntero NULL allí. . Llame a dma_fence_enable_sw_signaling() solo si mock_chain() tiene éxito. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/d62c43a953ce02d54521ec06217d0c2ed6d489af https://git.kernel.org/stable/c/0336995512cdab0c65e99e4cdd47c4606debe14e https://git.kernel.org/stable/c/156c226cbbdcf5f3bce7b2408a33b59fab7fae2c https://git.kernel.org/stable/c/eabf131cba1db12005a68378305f13b9090a7a6b https://git.kernel.org/stable/c/2295bd846765c766701e666ed2e4b35396be25e6 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-35915 – nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet
https://notcve.org/view.php?id=CVE-2024-35915
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet syzbot reported the following uninit-value access issue [1][2]: nci_rx_work() parses and processes received packet. When the payload length is zero, each message type handler reads uninitialized payload and KMSAN detects this issue. The receipt of a packet with a zero-size payload is considered unexpected, and therefore, such packets should be silently discarded. This patch resolved this issue by checking payload size before calling each message type handler codes. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: nci: corrigió el valor uninit en nci_dev_up y nci_ntf_packet syzbot informó el siguiente problema de acceso al valor uninit [1][2]: nci_rx_work() analiza y procesa el paquete recibido. Cuando la longitud del payload es cero, cada controlador de tipo de mensaje lee el payload no inicializado y KMSAN detecta este problema. • https://git.kernel.org/stable/c/6a2968aaf50c7a22fced77a5e24aa636281efca8 https://git.kernel.org/stable/c/11387b2effbb55f58dc2111ef4b4b896f2756240 https://git.kernel.org/stable/c/03fe259649a551d336a7f20919b641ea100e3fff https://git.kernel.org/stable/c/755e53bbc61bc1aff90eafa64c8c2464fd3dfa3c https://git.kernel.org/stable/c/ac68d9fa09e410fa3ed20fb721d56aa558695e16 https://git.kernel.org/stable/c/b51ec7fc9f877ef869c01d3ea6f18f6a64e831a7 https://git.kernel.org/stable/c/a946ebee45b09294c8b0b0e77410b763c4d2817a https://git.kernel.org/stable/c/8948e30de81faee87eeee01ef42a1f600 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35914 – nfsd: Fix error cleanup path in nfsd_rename()
https://notcve.org/view.php?id=CVE-2024-35914
In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix error cleanup path in nfsd_rename() Commit a8b0026847b8 ("rename(): avoid a deadlock in the case of parents having no common ancestor") added an error bail out path. However this path does not drop the remount protection that has been acquired. Fix the cleanup path to properly drop the remount protection. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: corrigió la ruta de limpieza de errores en nfsd_rename() Confirme a8b0026847b8 ("rename(): evite un punto muerto en el caso de que los padres no tengan un ancestro común") agregó una ruta de rescate de errores . Sin embargo, este camino no elimina la protección de remontaje adquirida. • https://git.kernel.org/stable/c/a8b0026847b8c43445c921ad2c85521c92eb175f https://git.kernel.org/stable/c/331e125e02c08ffaecc1074af78a988a278039bd https://git.kernel.org/stable/c/9fe6e9e7b58944037714442384075c17cfde1c56 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-35913 – wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF
https://notcve.org/view.php?id=CVE-2024-35913
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF When we want to know whether we should look for the mac_id or the link_id in struct iwl_mvm_session_prot_notif, we should look at the version of SESSION_PROTECTION_NOTIF. This causes WARNINGs: WARNING: CPU: 0 PID: 11403 at drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] RIP: 0010:iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] Code: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff <0f> 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9ae63a361000 RCX: ffff9ae4a98b60d4 RDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358 RBP: ffffb4bb00003d68 R08: 0000000000000003 R09: 0000000000000010 R10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050 R13: ffff9ae4761329e8 R14: 0000000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0 PKRU: 55555554 Call Trace: <IRQ> ? show_regs+0x69/0x80 ? __warn+0x8d/0x150 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] ? report_bug+0x196/0x1c0 ? • https://git.kernel.org/stable/c/085d33c53012866b6c088b69b603af7cf69c0a53 https://git.kernel.org/stable/c/222abd95f503e28c0404e596291fe472fe90929c https://git.kernel.org/stable/c/bbe806c294c9c4cd1221140d96e5f367673e393a •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-35912 – wifi: iwlwifi: mvm: rfi: fix potential response leaks
https://notcve.org/view.php?id=CVE-2024-35912
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: rfi: fix potential response leaks If the rx payload length check fails, or if kmemdup() fails, we still need to free the command response. Fix that. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: iwlwifi: mvm: rfi: corrige posibles fugas de respuesta Si falla la verificación de la longitud de la payload de rx, o si falla kmemdup(), aún necesitamos liberar la respuesta del comando. Arregla eso. • https://git.kernel.org/stable/c/21254908cbe995a3982a23da32c30d1b43467043 https://git.kernel.org/stable/c/28db0ae86cb91a4ab0e855cff779daead936b7d5 https://git.kernel.org/stable/c/99a75d75007421d8e08ba139e24f77395cd08f62 https://git.kernel.org/stable/c/c0a40f2f8eba07416f695ffe2011bf3f8b0b6dc8 https://git.kernel.org/stable/c/f7f0e784894dfcb265f0f9fa499103b0ca7eabde https://git.kernel.org/stable/c/06a093807eb7b5c5b29b6cff49f8174a4e702341 https://access.redhat.com/security/cve/CVE-2024-35912 https://bugzilla.redhat.com/show_bug.cgi?id=2281636 •