CVE-2024-35832 – bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit
https://notcve.org/view.php?id=CVE-2024-35832
In the Linux kernel, the following vulnerability has been resolved: bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut. It should be freed by kvfree not kfree. Or umount will triger: [ 406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008 [ 406.830676 ] #PF: supervisor read access in kernel mode [ 406.831643 ] #PF: error_code(0x0000) - not-present page [ 406.832487 ] PGD 0 P4D 0 [ 406.832898 ] Oops: 0000 [#1] PREEMPT SMP PTI [ 406.833512 ] CPU: 2 PID: 1754 Comm: umount Kdump: loaded Tainted: G OE 6.7.0-rc7-custom+ #90 [ 406.834746 ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 [ 406.835796 ] RIP: 0010:kfree+0x62/0x140 [ 406.836197 ] Code: 80 48 01 d8 0f 82 e9 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 78 9f 1f 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 56 9f 1f 01 <48> 8b 50 08 48 89 c7 f6 c2 01 0f 85 b0 00 00 00 66 90 48 8b 07 f6 [ 406.837810 ] RSP: 0018:ffffb9d641607e48 EFLAGS: 00010286 [ 406.838213 ] RAX: ffffe7b487148000 RBX: ffffb9d645200000 RCX: ffffb9d641607dc4 [ 406.838738 ] RDX: 000065bb00000000 RSI: ffffffffc0d88b84 RDI: ffffb9d645200000 [ 406.839217 ] RBP: ffff9a4625d00068 R08: 0000000000000001 R09: 0000000000000001 [ 406.839650 ] R10: 0000000000000001 R11: 000000000000001f R12: ffff9a4625d4da80 [ 406.840055 ] R13: ffff9a4625d00000 R14: ffffffffc0e2eb20 R15: 0000000000000000 [ 406.840451 ] FS: 00007f0a264ffb80(0000) GS:ffff9a4e2d500000(0000) knlGS:0000000000000000 [ 406.840851 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 406.841125 ] CR2: ffffe7b487148008 CR3: 000000018c4d2000 CR4: 00000000000006f0 [ 406.841464 ] Call Trace: [ 406.841583 ] <TASK> [ 406.841682 ] ? __die+0x1f/0x70 [ 406.841828 ] ? page_fault_oops+0x159/0x470 [ 406.842014 ] ? fixup_exception+0x22/0x310 [ 406.842198 ] ? exc_page_fault+0x1ed/0x200 [ 406.842382 ] ? • https://git.kernel.org/stable/c/56590678791119b9a655202e49898edfb9307271 https://git.kernel.org/stable/c/369acf97d6fd5da620d053d0f1878ffe32eff555 •
CVE-2023-52664 – net: atlantic: eliminate double free in error handling logic
https://notcve.org/view.php?id=CVE-2023-52664
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: eliminate double free in error handling logic Driver has a logic leak in ring data allocation/free, where aq_ring_free could be called multiple times on same ring, if system is under stress and got memory allocation error. Ring pointer was used as an indicator of failure, but this is not correct since only ring data is allocated/deallocated. Ring itself is an array member. Changing ring allocation functions to return error code directly. This simplifies error handling and eliminates aq_ring_free on higher layer. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: atlantic: elimina double free en la lógica de manejo de errores El controlador tiene una fuga lógica en la asignación de datos del anillo/free, donde se podría llamar a aq_ring_free varias veces en el mismo anillo, si el sistema está bajo estrés y obtuve un error de asignación de memoria. Se utilizó un puntero de anillo como indicador de error, pero esto no es correcto ya que solo se asignan/desasignan datos de anillo. El anillo en sí es un miembro de la matriz. Cambiar las funciones de asignación de anillos para devolver el código de error directamente. • https://git.kernel.org/stable/c/0edb3ae8bfa31cd544b0c195bdec00e036002b5d https://git.kernel.org/stable/c/c11a870a73a3bc4cc7df6dd877a45b181795fcbf https://git.kernel.org/stable/c/d1fde4a7e1dcc4d49cce285107a7a43c3030878d https://git.kernel.org/stable/c/b3cb7a830a24527877b0bc900b9bd74a96aea928 •
CVE-2024-35830 – media: tc358743: register v4l2 async device only after successful setup
https://notcve.org/view.php?id=CVE-2024-35830
In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: media: tc358743: registre el dispositivo asíncrono v4l2 solo después de una configuración exitosa Asegúrese de que el dispositivo se haya configurado correctamente antes de registrar el dispositivo asíncrono v4l2, permitiendo así el acceso al espacio de usuario. • https://git.kernel.org/stable/c/4c5211a100399c3823563193dd881dcb3b7d24fc https://git.kernel.org/stable/c/17c2650de14842c25c569cbb2126c421489a3a24 https://git.kernel.org/stable/c/daf21394f9898fb9f0698c3e50de08132d2164e6 https://git.kernel.org/stable/c/610f20e5cf35ca9c0992693cae0dd8643ce932e7 https://git.kernel.org/stable/c/b8505a1aee8f1edc9d16d72ae09c93de086e2a1a https://git.kernel.org/stable/c/8ba8db9786b55047df5ad3db3e01dd886687a77d https://git.kernel.org/stable/c/edbb3226c985469a2f8eb69885055c9f5550f468 https://git.kernel.org/stable/c/c915c46a25c3efb084c4f5e69a053d7f7 •
CVE-2024-35829 – drm/lima: fix a memleak in lima_heap_alloc
https://notcve.org/view.php?id=CVE-2024-35829
In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/lima: corregida una fuga de mem en lima_heap_alloc Cuando falla lima_vm_map_bo, es necesario desasignar los recursos o habrá fugas de memoria. • https://git.kernel.org/stable/c/6aebc51d7aeff5a30d86485f320f0c871b5f23a4 https://git.kernel.org/stable/c/f2e80ac9344aebbff576453d5c0290b332e187ed https://git.kernel.org/stable/c/746606d37d662c70ae1379fc658ee9c65f06880f https://git.kernel.org/stable/c/f6d51a91b41704704e395de6839c667b0f810bbf https://git.kernel.org/stable/c/8e25c0ee5665e8a768b8e21445db1f86e9156eb7 https://git.kernel.org/stable/c/4ab14eccf5578af1dd5668a5f2d771df27683cab https://git.kernel.org/stable/c/ec6bb037e4a35fcbb5cd7bc78242d034ed893fcd https://git.kernel.org/stable/c/04ae3eb470e52a3c41babe85ff8cee195 •
CVE-2024-35828 – wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
https://notcve.org/view.php?id=CVE-2024-35828
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be freed. Otherwise, there will be memleaks in lbs_allocate_cmd_buffer(). En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: libertas: arreglados algunas memleaks en lbs_allocate_cmd_buffer() En la declaración for de lbs_allocate_cmd_buffer(), si falló la asignación de cmdarray[i].cmdbuf, tanto cmdarray como cmdarray[i] Es necesario liberar ].cmdbuf. De lo contrario, habrá fugas de memoria en lbs_allocate_cmd_buffer(). • https://git.kernel.org/stable/c/876c9d3aeb989cf1961f2c228d309ba5dcfb1172 https://git.kernel.org/stable/c/96481624fb5a6319079fb5059e46dbce43a90186 https://git.kernel.org/stable/c/bea9573c795acec5614d4ac2dcc7b3b684cea5bf https://git.kernel.org/stable/c/f0dd27314c7afe34794c2aa19dd6f2d30eb23bc7 https://git.kernel.org/stable/c/e888c4461e109f7b93c3522afcbbaa5a8fdf29d2 https://git.kernel.org/stable/c/4d99d267da3415db2124029cb5a6d2d955ca43f9 https://git.kernel.org/stable/c/da10f6b7918abd5b4bc5c9cb66f0fc6763ac48f3 https://git.kernel.org/stable/c/d219724d4b0ddb8ec7dfeaed5989f23ed •