CVE-2022-48700 – vfio/type1: Unpin zero pages
https://notcve.org/view.php?id=CVE-2022-48700
In the Linux kernel, the following vulnerability has been resolved: vfio/type1: Unpin zero pages There's currently a reference count leak on the zero page. We increment the reference via pin_user_pages_remote(), but the page is later handled as an invalid/reserved page, therefore it's not accounted against the user and not unpinned by our put_pfn(). Introducing special zero page handling in put_pfn() would resolve the leak, but without accounting of the zero page, a single user could still create enough mappings to generate a reference count overflow. The zero page is always resident, so for our purposes there's no reason to keep it pinned. Therefore, add a loop to walk pages returned from pin_user_pages_remote() and unpin any zero pages. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: vfio/type1: Desanclar páginas cero Actualmente hay una pérdida de recuento de referencias en la página cero. Incrementamos la referencia a través de pin_user_pages_remote(), pero la página luego se maneja como una página no válida/reservada, por lo tanto, no se contabiliza contra el usuario y nuestro put_pfn() no la desancla. • https://git.kernel.org/stable/c/578d644edc7d2c1ff53f7e4d0a25da473deb4a03 https://git.kernel.org/stable/c/5321908ef74fb593e0dbc8737d25038fc86c9986 https://git.kernel.org/stable/c/5d721bf222936f5cf3ee15ced53cc483ecef7e46 https://git.kernel.org/stable/c/873aefb376bbc0ed1dd2381ea1d6ec88106fdbd4 •
CVE-2022-48699 – sched/debug: fix dentry leak in update_sched_domain_debugfs
https://notcve.org/view.php?id=CVE-2022-48699
In the Linux kernel, the following vulnerability has been resolved: sched/debug: fix dentry leak in update_sched_domain_debugfs Kuyo reports that the pattern of using debugfs_remove(debugfs_lookup()) leaks a dentry and with a hotplug stress test, the machine eventually runs out of memory. Fix this up by using the newly created debugfs_lookup_and_remove() call instead which properly handles the dentry reference counting logic. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/debug: corrige la fuga de dentry en update_sched_domain_debugfs Kuyo informa que el patrón de uso de debugfs_remove(debugfs_lookup()) pierde un dentry y con una prueba de estrés de conexión en caliente, la máquina eventualmente se queda sin memoria. Solucione este problema utilizando la llamada debugfs_lookup_and_remove() recién creada, que maneja adecuadamente la lógica de conteo de referencias de dentry. • https://git.kernel.org/stable/c/26e9a1ded8923510e5529fbb28390b22228700c2 https://git.kernel.org/stable/c/0c32a93963e03c03e561d5a066eedad211880ba3 https://git.kernel.org/stable/c/c2e406596571659451f4b95e37ddfd5a8ef1d0dc •
CVE-2022-48698 – drm/amd/display: fix memory leak when using debugfs_lookup()
https://notcve.org/view.php?id=CVE-2022-48698
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix memory leak when using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. Fix this up by properly calling dput(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona la pérdida de memoria al usar debugfs_lookup() Al llamar a debugfs_lookup(), el resultado debe tener llamado dput(); de lo contrario, la memoria se perderá con el tiempo. Solucione este problema llamando correctamente a dput(). • https://git.kernel.org/stable/c/58acd2ebae034db3bacf38708f508fbd12ae2e54 https://git.kernel.org/stable/c/3a6279d243cb035eaaff1450980b40cf19748f05 https://git.kernel.org/stable/c/cbfac7fa491651c57926c99edeb7495c6c1aeac2 •
CVE-2022-48697 – nvmet: fix a use-after-free
https://notcve.org/view.php?id=CVE-2022-48697
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a use-after-free Fix the following use-after-free complaint triggered by blktests nvme/004: BUG: KASAN: user-memory-access in blk_mq_complete_request_remote+0xac/0x350 Read of size 4 at addr 0000607bd1835943 by task kworker/13:1/460 Workqueue: nvmet-wq nvme_loop_execute_work [nvme_loop] Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e print_report.cold+0x36/0x1e2 kasan_report+0xb9/0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet] nvmet_req_complete+0x15/0x40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [nvme_loop] process_one_work+0x56e/0xa70 worker_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet: corrige un use-after-free. Solucione la siguiente queja de use-after-free activada por blktests nvme/004: ERROR: KASAN: acceso a la memoria del usuario en blk_mq_complete_request_remote+0xac /0x350 Lectura de tamaño 4 en la dirección 0000607bd1835943 por tarea kworker/13:1/460 Cola de trabajo: nvmet-wq nvme_loop_execute_work [nvme_loop] Seguimiento de llamadas: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e /0x1e2 informe_kasan+0xb9 /0xf0 __asan_load4+0x6b/0x80 blk_mq_complete_request_remote+0xac/0x350 nvme_loop_queue_response+0x1df/0x275 [nvme_loop] __nvmet_req_complete+0x132/0x4f0 [nvmet_req_complete+0x15/0x 40 [nvmet] nvmet_execute_io_connect+0x18a/0x1f0 [nvmet] nvme_loop_execute_work+0x20/0x30 [ nvme_loop] proceso_one_work+0x56e/0xa70 trabajador_thread+0x2d1/0x640 kthread+0x183/0x1c0 ret_from_fork+0x1f/0x30 • https://git.kernel.org/stable/c/a07b4970f464f13640e28e16dad6cfa33647cc99 https://git.kernel.org/stable/c/17f121ca3ec6be0fb32d77c7f65362934a38cc8e https://git.kernel.org/stable/c/8d66989b5f7bb28bba2f8e1e2ffc8bfef4a10717 https://git.kernel.org/stable/c/be01f1c988757b95f11f090a9f491365670a522b https://git.kernel.org/stable/c/ebf46da50beb78066674354ad650606a467e33fa https://git.kernel.org/stable/c/4484ce97a78171668c402e0c45db7f760aea8060 https://git.kernel.org/stable/c/6a02a61e81c231cc5c680c5dbf8665275147ac52 •
CVE-2022-48693 – soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs
https://notcve.org/view.php?id=CVE-2022-48693
In the Linux kernel, the following vulnerability has been resolved: soc: brcmstb: pm-arm: Fix refcount leak and __iomem leak bugs In brcmstb_pm_probe(), there are two kinds of leak bugs: (1) we need to add of_node_put() when for_each__matching_node() breaks (2) we need to add iounmap() for each iomap in fail path En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soc: brcmstb: pm-arm: corrige los errores de fuga de refcount y __iomem En brcmstb_pm_probe(), hay dos tipos de errores de fuga: (1) necesitamos agregar of_node_put() cuando for_each__matching_node() se rompe (2) necesitamos agregar iounmap() para cada iomap en la ruta de error • https://git.kernel.org/stable/c/0b741b8234c86065fb6954d32d427b3f7e14756f https://git.kernel.org/stable/c/0284b4e6dec6088a41607aa3f42bf51edff01883 https://git.kernel.org/stable/c/57b2897ec3ffe4cbe018446be6d04432919dca6b https://git.kernel.org/stable/c/6dc0251638a4a1a998506dbd4627f8317e907558 https://git.kernel.org/stable/c/43245c77d9efd8c9eb91bf225d07954dcf32204d https://git.kernel.org/stable/c/653500b400d5576940b7429690f7197199ddcc82 https://git.kernel.org/stable/c/1085f5080647f0c9f357c270a537869191f7f2a1 • CWE-401: Missing Release of Memory after Effective Lifetime •