CVE-2023-52748 – f2fs: avoid format-overflow warning
https://notcve.org/view.php?id=CVE-2023-52748
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid format-overflow warning With gcc and W=1 option, there's a warning like this: fs/f2fs/compress.c: In function ‘f2fs_init_page_array_cache’: fs/f2fs/compress.c:1984:47: error: ‘%u’ directive writing between 1 and 7 bytes into a region of size between 5 and 8 [-Werror=format-overflow=] 1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev), MINOR(dev)); | ^~ String "f2fs_page_array_entry-%u:%u" can up to 35. The first "%u" can up to 4 and the second "%u" can up to 7, so total size is "24 + 4 + 7 = 35". slab_name's size should be 35 rather than 32. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: f2fs: evitar aviso de desbordamiento de formato. Con la opción gcc y W=1, aparece un aviso como este: fs/f2fs/compress.c: En la función 'f2fs_init_page_array_cache': fs/f2fs /compress.c:1984:47: error: directiva '%u' escribiendo entre 1 y 7 bytes en una región de tamaño entre 5 y 8 [-Werror=format-overflow=] 1984 | sprintf(slab_name, "f2fs_page_array_entry-%u:%u", MAJOR(dev), MINOR(dev)); | ^~ La cadena "f2fs_page_array_entry-%u:%u" puede tener hasta 35. El primer "%u" puede tener hasta 4 y el segundo "%u" puede hasta 7, por lo que el tamaño total es "24 + 4 + 7 = 35". • https://git.kernel.org/stable/c/c041f5ddef00c731c541e00bc8ae97b8c84c682f https://git.kernel.org/stable/c/e4088d7d8f1123006d46a42edf51b8c960a58ef9 https://git.kernel.org/stable/c/526dd7540a09ecf87b5f54f3ab4e0a2528f25a79 https://git.kernel.org/stable/c/6fca08fd3085253b48fcb1bd243a0a5e18821a00 https://git.kernel.org/stable/c/3eebe636cac53886bd5d1cdd55e082ec9e84983f https://git.kernel.org/stable/c/e0d4e8acb3789c5a8651061fbab62ca24a45c063 •
CVE-2021-47432 – lib/generic-radix-tree.c: Don't overflow in peek()
https://notcve.org/view.php?id=CVE-2021-47432
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflows related to the radix tree code. Oops. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: lib/generic-radix-tree.c: No se desborda en peek() Cuando comenzamos a distribuir nuevos números de inodos en la mayor parte del espacio de inodos de 64 bits, eso activó algunas esquinas. errores de casos, en particular algunos desbordamientos de enteros relacionados con el código del árbol de base. Ups. • https://git.kernel.org/stable/c/784d01f9bbc282abb0c5ade5beb98a87f50343ac https://git.kernel.org/stable/c/ec298b958cb0c40d70c68079da933c8f31c5134c https://git.kernel.org/stable/c/aa7f1827953100cdde0795289a80c6c077bfe437 https://git.kernel.org/stable/c/9492261ff2460252cf2d8de89cdf854c7e2b28a0 https://access.redhat.com/security/cve/CVE-2021-47432 https://bugzilla.redhat.com/show_bug.cgi?id=2282366 •
CVE-2023-52747 – IB/hfi1: Restore allocated resources on failed copyout
https://notcve.org/view.php?id=CVE-2023-52747
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: IB/hfi1: restaurar los recursos asignados en caso de copia fallida. Reparar una fuga de recursos si se produce un error. • https://git.kernel.org/stable/c/f404ca4c7ea8e650ba09ba87c71c7a89c865d5be https://git.kernel.org/stable/c/00d9e212b8a39e6ffcf31b9d2e503d2bf6009d45 https://git.kernel.org/stable/c/7896accedf5bf1277d2f305718e36dc8bac7e321 https://git.kernel.org/stable/c/79b595d9591426156a9e0635a5b5115508a36fef https://git.kernel.org/stable/c/9bae58d58b6bb73b572356b31a62d2afc7378d12 https://git.kernel.org/stable/c/0a4f811f2e5d07bbd0c9226f4afb0a1270a831ae https://git.kernel.org/stable/c/6601fc0d15ffc20654e39486f9bef35567106d68 •
CVE-2023-52746 – xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr()
https://notcve.org/view.php?id=CVE-2023-52746
In the Linux kernel, the following vulnerability has been resolved: xfrm/compat: prevent potential spectre v1 gadget in xfrm_xlate32_attr() int type = nla_type(nla); if (type > XFRMA_MAX) { return -EOPNOTSUPP; } @type is then used as an array index and can be used as a Spectre v1 gadget. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() can be used to prevent leaking content of kernel memory to malicious users. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm/compat: previene el posible gadget spectre v1 en xfrm_xlate32_attr() int type = nla_type(nla); if (tipo > XFRMA_MAX) { return -EOPNOTSUPP; } @type luego se usa como índice de matriz y se puede usar como un gadget Spectre v1. if (nla_len(nla) < compat_policy[type].len) { array_index_nospec() se puede utilizar para evitar la filtración de contenido de la memoria del kernel a usuarios malintencionados. • https://git.kernel.org/stable/c/5106f4a8acff480e244300bc5097c0ad7048c3a2 https://git.kernel.org/stable/c/a893cc644812728e86e9aff517fd5698812ecef0 https://git.kernel.org/stable/c/5dc688fae6b7be9dbbf5304a3d2520d038e06db5 https://git.kernel.org/stable/c/419674224390fca298020fc0751a20812f84b12d https://git.kernel.org/stable/c/b6ee896385380aa621102e8ea402ba12db1cabff •
CVE-2023-52745 – IB/IPoIB: Fix legacy IPoIB due to wrong number of queues
https://notcve.org/view.php?id=CVE-2023-52745
In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queues. This causes to a crash when traffic is sent over the PKEY interface due to the parent having a single queue but the child having multiple queues. This patch fixes the number of queues to 1 for legacy IPoIB at the earliest possible point in time. BUG: kernel NULL pointer dereference, address: 000000000000036b PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 4 PID: 209665 Comm: python3 Not tainted 6.1.0_for_upstream_min_debug_2022_12_12_17_02 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:kmem_cache_alloc+0xcb/0x450 Code: ce 7e 49 8b 50 08 49 83 78 10 00 4d 8b 28 0f 84 cb 02 00 00 4d 85 ed 0f 84 c2 02 00 00 41 8b 44 24 28 48 8d 4a 01 49 8b 3c 24 <49> 8b 5c 05 00 4c 89 e8 65 48 0f c7 0f 0f 94 c0 84 c0 74 b8 41 8b RSP: 0018:ffff88822acbbab8 EFLAGS: 00010202 RAX: 0000000000000070 RBX: ffff8881c28e3e00 RCX: 00000000064f8dae RDX: 00000000064f8dad RSI: 0000000000000a20 RDI: 0000000000030d00 RBP: 0000000000000a20 R08: ffff8882f5d30d00 R09: ffff888104032f40 R10: ffff88810fade828 R11: 736f6d6570736575 R12: ffff88810081c000 R13: 00000000000002fb R14: ffffffff817fc865 R15: 0000000000000000 FS: 00007f9324ff9700(0000) GS:ffff8882f5d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000036b CR3: 00000001125af004 CR4: 0000000000370ea0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_clone+0x55/0xd0 ip6_finish_output2+0x3fe/0x690 ip6_finish_output+0xfa/0x310 ip6_send_skb+0x1e/0x60 udp_v6_send_skb+0x1e5/0x420 udpv6_sendmsg+0xb3c/0xe60 ? ip_mc_finish_output+0x180/0x180 ? __switch_to_asm+0x3a/0x60 ? __switch_to_asm+0x34/0x60 sock_sendmsg+0x33/0x40 __sys_sendto+0x103/0x160 ? • https://git.kernel.org/stable/c/d4bf3fcccd188db9f3310d93472041cdefba97bf https://git.kernel.org/stable/c/d21714134505bc23daa0455b295f3b63730b3b42 https://git.kernel.org/stable/c/ca48174a7643a7e6dd31c4338c5cde49552e138e https://git.kernel.org/stable/c/ee0e9b2c4b9c35837553124b4912230a7e7c7212 https://git.kernel.org/stable/c/2aecfec735f16f99c059db956edfd95a32458d22 https://git.kernel.org/stable/c/8fa3ee8ef185eb3e8be44f282721b05a03e6f888 https://git.kernel.org/stable/c/bc2f5760b47cba4a76be9371806f8f10fccf71a9 https://git.kernel.org/stable/c/bab775fa9c4f4b4da30c9cc99be4bec19 •