CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-27390 – ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()
https://notcve.org/view.php?id=CVE-2024-27390
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() As discussed in the past (commit 2d3916f31891 ("ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()")) I think the synchronize_net() call in ipv6_mc_down() is not needed. Under load, synchronize_net() can last between 200 usec and 5 ms. KASAN seems to agree as well. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ipv6: mcast: elimina una barrera de sincronización_net() en ipv6_mc_down() Como se discutió en el pasado (commit 2d3916f31891 ("ipv6: corrige caídas de skb en igmp6_event_query() e igmp6_event_report()" )) Creo que la llamada sincronizar_net() en ipv6_mc_down() no es necesaria. Bajo carga, sincronizar_net() puede durar entre 200 usos y 5 ms. KASAN parece estar de acuerdo también. • https://git.kernel.org/stable/c/f185de28d9ae6c978135993769352e523ee8df06 https://git.kernel.org/stable/c/9d159d6637ccce25f879d662a480541ef4ba3a50 https://git.kernel.org/stable/c/a03ede2282ebbd181bd6f5c38cbfcb5765afcd04 https://git.kernel.org/stable/c/26d4bac55750d535f1f0b8790dc26daf6089e373 https://git.kernel.org/stable/c/7eb06ee5921189812e6b4bfe7b0f1e878be16df7 https://git.kernel.org/stable/c/5da9a218340a2bc804dc4327e5804392e24a0b88 https://git.kernel.org/stable/c/17ef8efc00b34918b966388b2af0993811895a8c •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-27389 – pstore: inode: Only d_invalidate() is needed
https://notcve.org/view.php?id=CVE-2024-27389
In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the combo of d_drop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use d_invalidate() and update the code to not bother checking for error codes that can never happen. --- En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pstore: inode: solo se necesita d_invalidate(). La descarga de un backend modular de pstore con registros en pstorefs activaría la advertencia de doble caída de dput(): ADVERTENCIA: CPU: 0 PID: 2569 en fs/dcache.c:762 dput.part.0+0x3f3/0x410 Usar la combinación de d_drop()/dput() (como se menciona en Documentation/filesystems/vfs.rst) no es el enfoque correcto aquí, y conduce al problema de recuento de referencias visto anteriormente. Utilice d_invalidate() y actualice el código para no molestarse en buscar códigos de error que nunca sucederán. • https://git.kernel.org/stable/c/609e28bb139e53621521130f0d4aea27a725d465 https://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e https://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3 https://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a https://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6 https://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27388 – SUNRPC: fix some memleaks in gssx_dec_option_array
https://notcve.org/view.php?id=CVE-2024-27388
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores después de su asignación. Entonces este parche agrega estas desasignaciones en las rutas correspondientes. • https://git.kernel.org/stable/c/1d658336b05f8697d6445834f8867f8ad5e4f735 https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364 https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044 https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3 https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-27079 – iommu/vt-d: Fix NULL domain on device release
https://notcve.org/view.php?id=CVE-2024-27079
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is called. It leads to the following crash in the crash kernel: BUG: kernel NULL pointer dereference, address: 000000000000003c ... RIP: 0010:do_raw_spin_lock+0xa/0xa0 ... _raw_spin_lock_irqsave+0x1b/0x30 intel_iommu_release_device+0x96/0x170 iommu_deinit_device+0x39/0xf0 __iommu_group_remove_device+0xa0/0xd0 iommu_bus_notifier+0x55/0xb0 notifier_call_chain+0x5a/0xd0 blocking_notifier_call_chain+0x41/0x60 bus_notify+0x34/0x50 device_del+0x269/0x3d0 pci_remove_bus_device+0x77/0x100 p2sb_bar+0xae/0x1d0 ... i801_probe+0x423/0x740 Use the release_domain mechanism to fix it. The scalable mode context entry which is not part of release domain should be cleared in release_device(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: iommu/vt-d: corrige el dominio NULL al lanzar el dispositivo. • https://git.kernel.org/stable/c/586081d3f6b13ec9dfdfdf3d7842a688b376fa5e https://git.kernel.org/stable/c/333fe86968482ca701c609af590003bcea450e8f https://git.kernel.org/stable/c/81e921fd321614c2ad8ac333b041aae1da7a1c6d •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27078 – media: v4l2-tpg: fix some memleaks in tpg_alloc
https://notcve.org/view.php?id=CVE-2024-27078
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medio: v4l2-tpg: corrige algunas fugas de memoria en tpg_alloc En tpg_alloc, los recursos deben desasignarse en todas y cada una de las rutas de manejo de errores, ya que se asignan en declaraciones for. De lo contrario, habría memleaks porque se llama a tpg_free solo cuando tpg_alloc devuelve 0. • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77 https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79 https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28 https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511 https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941 https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376f •