CVE-2024-26745 – powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
https://notcve.org/view.php?id=CVE-2024-26745
04 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV When kdump kernel tries to copy dump data over SR-IOV, LPAR panics due to NULL pointer exception: Kernel attempted to read user page (0) - exploit attempt? (uid: 0) BUG: Kernel NULL pointer dereference on read at 0x00000000 Faulting instruction address: 0xc000000020847ad4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA ... • https://git.kernel.org/stable/c/b1fc44eaa9ba31e28c4125d6b9205a3582b47b5d •
CVE-2024-26779 – wifi: mac80211: fix race condition on enabling fast-xmit
https://notcve.org/view.php?id=CVE-2024-26779
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wi... • https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-26778 – fbdev: savage: Error out if pixclock equals zero
https://notcve.org/view.php?id=CVE-2024-26778
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used ... • https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1 •
CVE-2024-26777 – fbdev: sis: Error out if pixclock equals zero
https://notcve.org/view.php?id=CVE-2024-26777
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b... • https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e •
CVE-2024-26776 – spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
https://notcve.org/view.php?id=CVE-2024-26776
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: complete+0x54/0x100 hisi_sfc_v3xx_isr+0x2c/0x40 [spi_hisi_sfc_v3xx] __handle_irq_event_percpu+0x64/0x1e0 handle_irq_event+0x7c/0x1cc En el kernel... • https://git.kernel.org/stable/c/e94da8aca2e78ef9ecca02eb211869eacd5504e5 •
CVE-2024-26775 – aoe: avoid potential deadlock at set_capacity
https://notcve.org/view.php?id=CVE-2024-26775
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- [1] lock(&bdev->bd_size_lock); local_irq_disable(); [2] lock(&d->lock); [3] lock(&bdev->bd_size_lock);
CVE-2024-26774 – ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
https://notcve.org/view.php?id=CVE-2024-26774
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt Determine if bb_fragments is 0 instead of determining bb_free to eliminate the risk of dividing by zero when the block bitmap is corrupted. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evitar dividir por 0 en mb_update_avg_fragment_size() cuando el mapa de bits del bloque está dañado. Determine si bb_fragments es 0 en lugar de de... • https://git.kernel.org/stable/c/687061cfaa2ac3095170e136dd9c29a4974f41d4 • CWE-369: Divide By Zero •
CVE-2024-26773 – ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
https://notcve.org/view.php?id=CVE-2024-26773
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() Determine if the group block bitmap is corrupted before using ac_b_ex in ext4_mb_try_best_found() to avoid allocating blocks from a group with a corrupted block bitmap in the following concurrency and making the situation worse. ext4_mb_regular_allocator ext4_lock_group(sb, group) ext4_mb_good_group // check if the group bbitmap is corrupted ext4_mb_complex_scan_... • https://git.kernel.org/stable/c/21f8cfe79f776287459343e9cfa6055af61328ea • CWE-229: Improper Handling of Values •
CVE-2024-26772 – ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
https://notcve.org/view.php?id=CVE-2024-26772
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a corrupted block bitmap. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: evita asignar bloques del grupo corrupto en ext4_mb_find_by_goal() Coloca la lógica para verificar si el mapa de ... • https://git.kernel.org/stable/c/5a6dcc4ad0f7f7fa8e8d127b5526e7c5f2d38a43 • CWE-229: Improper Handling of Values •
CVE-2024-26771 – dmaengine: ti: edma: Add some null pointer checks to the edma_probe
https://notcve.org/view.php?id=CVE-2024-26771
03 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: dmaengine: ti: edma: agregue algunas comprobaciones de puntero nulo a edma_probe devm_kasprintf() devuelve un puntero a la memoria asignada di... • https://git.kernel.org/stable/c/c432094aa7c9970f2fa10d2305d550d3810657ce •