CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26788 – dmaengine: fsl-qdma: init irq after reg initialization
https://notcve.org/view.php?id=CVE-2024-26788
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following trace: Call trace: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x178 generic_handle_irq+0x24/0x38 __handle_domain_irq+0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/0xe8 fsl_qdma_probe+0x4d4/0xca8 platform_drv_probe+0x50/0xa0 really_probe+0xe0/0x3f8 driver_probe_device+0x64/0x130 device_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable+0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: fsl-qdma: init irq after reg inicialización Inicialice qDMA irqs después de configurar los registros para que las interrupciones que puedan haber estado pendientes de un kernel primario no sean procesadas por el controlador irq antes de que esté listo y cause pánico con el siguiente rastreo: Rastreo de llamadas: fsl_qdma_queue_handler+0xf8/0x3e8 __handle_irq_event_percpu+0x78/0x2b0 handle_irq_event_percpu+0x1c/0x68 handle_irq_event+0x44/0x78 handle_fasteoi_irq+0xc8/0x 178 generic_handle_irq+0x24/0x38 __handle_domain_irq +0x90/0x100 gic_handle_irq+0x5c/0xb8 el1_irq+0xb8/0x180 _raw_spin_unlock_irqrestore+0x14/0x40 __setup_irq+0x4bc/0x798 request_threaded_irq+0xd8/0x190 devm_request_threaded_irq+0x74/ 0xe8 fsl_qdma_probe+0x4d4/0xca8 plataforma_drv_probe+0x50/0xa0 very_probe+0xe0/0x3f8 driver_probe_device +0x64/0x130 dispositivo_driver_attach+0x6c/0x78 __driver_attach+0xbc/0x158 bus_for_each_dev+0x5c/0x98 driver_attach+0x20/0x28 bus_add_driver+0x158/0x220 driver_register+0x60/0x110 __platform_driver_register+0x 44/0x50 fsl_qdma_driver_init+0x18/0x20 do_one_initcall+0x48/0x258 kernel_init_freeable +0x1a4/0x23c kernel_init+0x10/0xf8 ret_from_fork+0x10/0x18 • https://git.kernel.org/stable/c/b092529e0aa09829a6404424ce167bf3ce3235e2 https://git.kernel.org/stable/c/3cc5fb824c2125aa3740d905b3e5b378c8a09478 https://git.kernel.org/stable/c/9579a21e99fe8dab22a253050ddff28d340d74e1 https://git.kernel.org/stable/c/4529c084a320be78ff2c5e64297ae998c6fdf66b https://git.kernel.org/stable/c/474d521da890b3e3585335fb80a6044cb2553d99 https://git.kernel.org/stable/c/a69c8bbb946936ac4eb6a6ae1e849435aa8d947d https://git.kernel.org/stable/c/677102a930643c31f1b4c512b041407058bdfef8 https://git.kernel.org/stable/c/87a39071e0b639f45e05d296cc0538eef •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26787 – mmc: mmci: stm32: fix DMA API overlapping mappings warning
https://notcve.org/view.php?id=CVE-2024-26787
In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Modules linked in: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 #1 Hardware name: STMicroelectronics STM32MP257F-EV1 Evaluation Board (DT) Workqueue: events_freezable mmc_rescan Call trace: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x10/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card+0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 DMA API debug brings to light leaking dma-mappings as dma_map_sg and dma_unmap_sg are not correctly balanced. If an error occurs in mmci_cmd_irq function, only mmci_dma_error function is called and as this API is not managed on stm32 variant, dma_unmap_sg is never called in this error path. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mmc: mmci: stm32: corregir la advertencia de asignaciones superpuestas de la API DMA Al activar CONFIG_DMA_API_DEBUG_SG se genera la siguiente advertencia: DMA-API: mmci-pl18x 48220000.mmc: seguimiento de línea de caché EEXIST, asignaciones superpuestas no son compatibles ADVERTENCIA: CPU: 1 PID: 51 en kernel/dma/debug.c:568 add_dma_entry+0x234/0x2f4 Módulos vinculados en: CPU: 1 PID: 51 Comm: kworker/1:2 Not tainted 6.1.28 # 1 Nombre del hardware: STMicroelectronics STM32MP257F-EV1 Placa de evaluación (DT) Cola de trabajo: events_freezable mmc_rescan Rastreo de llamadas: add_dma_entry+0x234/0x2f4 debug_dma_map_sg+0x198/0x350 __dma_map_sg_attrs+0xa0/0x110 dma_map_sg_attrs+0x1 0/0x2c sdmmc_idma_prep_data+0x80/0xc0 mmci_prep_data+0x38/0x84 mmci_start_data+0x108/0x2dc mmci_request+0xe4/0x190 __mmc_start_request+0x68/0x140 mmc_start_request+0x94/0xc0 mmc_wait_for_req+0x70/0x100 mmc_send_tuning+0x108/0x1ac sdmmc_execute_tuning+0x 14c/0x210 mmc_execute_tuning+0x48/0xec mmc_sd_init_uhs_card.part.0+0x208/0x464 mmc_sd_init_card +0x318/0x89c mmc_attach_sd+0xe4/0x180 mmc_rescan+0x244/0x320 La depuración de la API de DMA saca a la luz asignaciones de dma con fugas, ya que dma_map_sg y dma_unmap_sg no están correctamente equilibrados. Si se produce un error en la función mmci_cmd_irq, solo se llama a la función mmci_dma_error y como esta API no se administra en la variante stm32, nunca se llama a dma_unmap_sg en esta ruta de error. • https://git.kernel.org/stable/c/46b723dd867d599420fb640c0eaf2a866ef721d4 https://git.kernel.org/stable/c/0224cbc53ba82b84affa7619b6d1b1a254bc2c53 https://git.kernel.org/stable/c/5ae5060e17a3fc38e54c3e5bd8abd6b1d5bfae7c https://git.kernel.org/stable/c/70af82bb9c897faa25a44e4181f36c60312b71ef https://git.kernel.org/stable/c/176e66269f0de327375fc0ea51c12c2f5a97e4c4 https://git.kernel.org/stable/c/d610a307225951929b9dff807788439454476f85 https://git.kernel.org/stable/c/6b1ba3f9040be5efc4396d86c9752cdc564730be https://lists.debian.org/debian-lts-announce/2024/06/ •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26779 – wifi: mac80211: fix race condition on enabling fast-xmit
https://notcve.org/view.php?id=CVE-2024-26779
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized drv_priv data. Add a missing sta->uploaded check and re-check fast xmit after inserting a sta. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: corrige la condición de ejecución al habilitar fast-xmit fast-xmit solo debe habilitarse después de que el sta se haya cargado en el controlador; de lo contrario, podría terminar pasando el error sta aún cargada a través de llamadas drv_tx al controlador, lo que genera posibles fallas debido a datos drv_priv no inicializados. Agregue una estación faltante->comprobación cargada y vuelva a verificar la transmisión rápida después de insertar una estación. A vulnerability was found in the mac80211 driver in the Linux kernel. This issue could lead to potential crashes or memory corruption due to of a situation where the driver attempts to utilize data structures that haven't been fully initialized yet. • https://git.kernel.org/stable/c/76fad1174a0cae6fc857b9f88b261a2e4f07d587 https://git.kernel.org/stable/c/85720b69aef177318f4a18efbcc4302228a340e5 https://git.kernel.org/stable/c/5ffab99e070b9f8ae0cf60c3c3602b84eee818dd https://git.kernel.org/stable/c/88c18fd06608b3adee547102505d715f21075c9d https://git.kernel.org/stable/c/eb39bb548bf974acad7bd6780fe11f9e6652d696 https://git.kernel.org/stable/c/54b79d8786964e2f840e8a2ec4a9f9a50f3d4954 https://git.kernel.org/stable/c/281280276b70c822f55ce15b661f6d1d3228aaa9 https://git.kernel.org/stable/c/bcbc84af1183c8cf3d1ca9b78540c2185 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26778 – fbdev: savage: Error out if pixclock equals zero
https://notcve.org/view.php?id=CVE-2024-26778
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not checked properly in savagefb_probe(). Fix this by checking whether pixclock is zero in the function savagefb_check_var() before info->var.pixclock is used as the divisor. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: savage: error si pixclock es igual a cero. El programa de espacio de usuario podría pasar cualquier valor al controlador a través de la interfaz ioctl(). • https://git.kernel.org/stable/c/224453de8505aede1890f007be973925a3edf6a1 https://git.kernel.org/stable/c/84dce0f6a4cc5b7bfd7242ef9290db8ac1dd77ff https://git.kernel.org/stable/c/512ee6d6041e007ef5bf200c6e388e172a2c5b24 https://git.kernel.org/stable/c/8c54acf33e5adaad6374bf3ec1e3aff0591cc8e1 https://git.kernel.org/stable/c/070398d32c5f3ab0e890374904ad94551c76aec4 https://git.kernel.org/stable/c/bc3c2e58d73b28b9a8789fca84778ee165a72d13 https://git.kernel.org/stable/c/a9ca4e80d23474f90841251f4ac0d941fa337a01 https://git.kernel.org/stable/c/04e5eac8f3ab2ff52fa191c187a46d4fd •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26777 – fbdev: sis: Error out if pixclock equals zero
https://notcve.org/view.php?id=CVE-2024-26777
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. In sisfb_check_var(), var->pixclock is used as a divisor to caculate drate before it is checked against zero. Fix this by checking it at the beginning. This is similar to CVE-2022-3061 in i740fb which was fixed by commit 15cf0b8. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: sis: error si pixclock es igual a cero. El programa de espacio de usuario podría pasar cualquier valor al controlador a través de la interfaz ioctl(). • https://git.kernel.org/stable/c/84246c35ca34207114055a87552a1c4289c8fd7e https://git.kernel.org/stable/c/6db07619d173765bd8622d63809cbfe361f04207 https://git.kernel.org/stable/c/cd36da760bd1f78c63c7078407baf01dd724f313 https://git.kernel.org/stable/c/df6e2088c6f4cad539cf67cba2d6764461e798d1 https://git.kernel.org/stable/c/f329523f6a65c3bbce913ad35473d83a319d5d99 https://git.kernel.org/stable/c/99f1abc34a6dde248d2219d64aa493c76bbdd9eb https://git.kernel.org/stable/c/1d11dd3ea5d039c7da089f309f39c4cd363b924b https://git.kernel.org/stable/c/e421946be7d9bf545147bea8419ef8239 •