CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-27072 – media: usbtv: Remove useless locks in usbtv_video_free()
https://notcve.org/view.php?id=CVE-2024-27072
In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. [hverkuil: fix minor spelling mistake in log message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: usbtv: Eliminar bloqueos inútiles en usbtv_video_free() Eliminar llamadas de bloqueos en usbtv_video_free() porque son inútiles y pueden provocar un punto muerto como se informa aquí: https://syzkaller.appspot .com/x/bisect.txt?x=166dc872180000 También elimine la llamada usbtv_stop() ya que se llamará al cancelar el registro del dispositivo. Antes de 'c838530d230b', este problema solo se notaba si se desconectaba mientras se transmitía y ahora se nota incluso cuando se desconecta mientras no se transmite. [hverkuil: corrige un error ortográfico menor en el mensaje de registro] • https://git.kernel.org/stable/c/f3d27f34fdd7701e499617d2c1d94480a98f6d07 https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2 https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27068 – thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2024-27068
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path If devm_krealloc() fails, then 'efuse' is leaking. So free it to avoid a leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/mediatek/lvts_thermal: corrige una pérdida de memoria en una ruta de manejo de errores. Si devm_krealloc() falla, entonces 'efuse' tiene una fuga. Así que libérelo para evitar una fuga. • https://git.kernel.org/stable/c/f5f633b18234cecb0e6ee6e5fbb358807dda15c3 https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218 https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27066 – virtio: packed: fix unmap leak for indirect desc table
https://notcve.org/view.php?id=CVE-2024-27066
In the Linux kernel, the following vulnerability has been resolved: virtio: packed: fix unmap leak for indirect desc table When use_dma_api and premapped are true, then the do_unmap is false. Because the do_unmap is false, vring_unmap_extra_packed is not called by detach_buf_packed. if (unlikely(vq->do_unmap)) { curr = id; for (i = 0; i < state->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } So the indirect desc table is not unmapped. This causes the unmap leak. So here, we check vq->use_dma_api instead. Synchronously, dma info is updated based on use_dma_api judgment This bug does not occur, because no driver use the premapped with indirect. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: virtio: empaquetado: corrige la fuga de desasignación para la tabla desc indirecta Cuando use_dma_api y premapped son verdaderos, entonces do_unmap es falso. Debido a que do_unmap es falso, detach_buf_packed no llama a vring_unmap_extra_packed. if (improbable(vq->do_unmap)) { curr = id; for (i = 0; i < estado->num; i++) { vring_unmap_extra_packed(vq, &vq->packed.desc_extra[curr]); curr = vq->packed.desc_extra[curr].next; } } Por lo tanto, la tabla de descripción indirecta no está desasignada. • https://git.kernel.org/stable/c/b319940f83c21bb4c1fabffe68a862be879a6193 https://git.kernel.org/stable/c/e142169aca5546ae6619c39a575cda8105362100 https://git.kernel.org/stable/c/75450ff8c6fe8755bf5b139b238eaf9739cfd64e https://git.kernel.org/stable/c/51bacd9d29bf98c3ebc65e4a0477bb86306b4140 https://git.kernel.org/stable/c/d5c0ed17fea60cca9bc3bf1278b49ba79242bbcd •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2024-27065 – netfilter: nf_tables: do not compare internal table flags on updates
https://notcve.org/view.php?id=CVE-2024-27065
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: no comparar indicadores de tablas internas en las actualizaciones Restaurar la transacción omitida si la actualización de la tabla no modifica los indicadores. • https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87 https://git.kernel.org/stable/c/d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 https://git.kernel.org/stable/c/179d9ba5559a756f4322583388b3213fe4e391b0 https://git.kernel.org/stable/c/2531f907d3e40a6173090f10670ae76d117ab27b https://git.kernel.org/stable/c/fcf32a5bfcb8a57ac0ce717fcfa4d688c91f1005 https://git.kernel.org/stable/c/640dbf688ba955e83e03de84fbdda8e570b7cce4 https://git.kernel.org/stable/c/9683cb6c2c6c0f45537bf0b8868b5d38fcb63fc7 https://git.kernel.org/stable/c/4d37f12707ee965d338028732575f0b85 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27064 – netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
https://notcve.org/view.php?id=CVE-2024-27064
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain If nft_netdev_register_hooks() fails, the memory associated with nft_stats is not freed, causing a memory leak. This patch fixes it by moving nft_stats_alloc() down after nft_netdev_register_hooks() succeeds. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: corrige una pérdida de memoria en nf_tables_updchain Si nft_netdev_register_hooks() falla, la memoria asociada con nft_stats no se libera, lo que provoca una pérdida de memoria. Este parche lo soluciona moviendo nft_stats_alloc() hacia abajo después de que nft_netdev_register_hooks() tenga éxito. • https://git.kernel.org/stable/c/b9703ed44ffbfba85c103b9de01886a225e14b38 https://git.kernel.org/stable/c/d131ce7a319d3bff68d5a9d5509bb22e4ce33946 https://git.kernel.org/stable/c/79846fdcc548d617b0b321addc6a3821d3b75b20 https://git.kernel.org/stable/c/4e4623a4f6e133e671f65f9ac493bddaaf63e250 https://git.kernel.org/stable/c/e77a6b53a3a547b6dedfc40c37cee4f310701090 https://git.kernel.org/stable/c/7eaf837a4eb5f74561e2486972e7f5184b613f6e •