CVE-2024-39473 – ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
https://notcve.org/view.php?id=CVE-2024-39473
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension If a process module does not have base config extension then the same format applies to all of it's inputs and the process->base_config_ext is NULL, causing NULL dereference when specifically crafted topology and sequences used. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: SOF: ipc4-topology: arregla la consulta de formato de entrada de módulos de proceso sin extensión base. Si un módulo de proceso no tiene extensión de configuración base, entonces se aplica el mismo formato a todas sus entradas. y el proceso->base_config_ext es NULL, lo que provoca una desreferencia NULL cuando se utilizan secuencias y topologías manipuladas específicamente. • https://git.kernel.org/stable/c/648fea12847695d60ddeebea86597114885ee76e https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6 https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368 https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 https://access.redhat.com/security/cve/CVE-2024-39473 https://bugzilla.redhat.com/show_bug.cgi?id=2296064 • CWE-476: NULL Pointer Dereference •
CVE-2024-39472 – xfs: fix log recovery buffer allocation for the legacy h_size fixup
https://notcve.org/view.php?id=CVE-2024-39472
In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculation of LR header blocks") cleaned up the log reover buffer calculation, but stoped using the fixed up h_size value to size the log recovery buffer, which can lead to an out of bounds access when the incorrect h_size does not come from the old mkfs tool, but a fuzzer. Fix this by open coding xlog_logrec_hblks and taking the fixed h_size into account for this calculation. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: corrige la asignación del búfer de recuperación de registros para la corrección heredada de h_size. El commit a70f9fe52daa ("xfs: detecta y maneja el tamaño de iclog no válido establecido por mkfs") agregó una corrección para los valores incorrectos de h_size usados para el registro desmontaje inicial en versiones antiguas de xfsprogs. Posteriormente, el commit 0c771b99d6c9 ("xfs: cálculo de limpieza de bloques de encabezado LR") limpió el cálculo del búfer de recuperación de registros, pero dejó de usar el valor h_size fijo para dimensionar el búfer de recuperación de registros, lo que puede provocar un acceso fuera de los límites cuando el h_size incorrecto no proviene de la antigua herramienta mkfs, sino de un fuzzer. • https://git.kernel.org/stable/c/0c771b99d6c9a0552fea5cc43669b726dad8f659 https://git.kernel.org/stable/c/f754591b17d0ee91c2b45fe9509d0cdc420527cb https://git.kernel.org/stable/c/57835c0e7152e36b03875dd6c56dfeed685c1b1f https://git.kernel.org/stable/c/c2389c074973aa94e34992e7f66dac0de37595b5 https://git.kernel.org/stable/c/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a https://access.redhat.com/security/cve/CVE-2024-39472 https://bugzilla.redhat.com/show_bug.cgi?id=2296067 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2024-39471 – drm/amdgpu: add error handle to avoid out-of-bounds
https://notcve.org/view.php?id=CVE-2024-39471
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add error handle to avoid out-of-bounds if the sdma_v4_0_irq_id_to_seq return -EINVAL, the process should be stop to avoid out-of-bounds read, so directly return -EINVAL. • https://git.kernel.org/stable/c/5594971e02764aa1c8210ffb838cb4e7897716e8 https://git.kernel.org/stable/c/8112fa72b7f139052843ff484130d6f97e9f052f https://git.kernel.org/stable/c/ea906e9ac61e3152bef63597f2d9f4a812fc346a https://git.kernel.org/stable/c/011552f29f20842c9a7a21bffe1f6a2d6457ba46 https://git.kernel.org/stable/c/5b0a3dc3e87821acb80e841b464d335aff242691 https://git.kernel.org/stable/c/0964c84b93db7fbf74f357c1e20957850e092db3 https://git.kernel.org/stable/c/8b2faf1a4f3b6c748c0da36cda865a226534d520 https://access.redhat.com/security/cve/CVE-2024-39471 • CWE-125: Out-of-bounds Read •
CVE-2024-39470 – eventfs: Fix a possible null pointer dereference in eventfs_find_events()
https://notcve.org/view.php?id=CVE-2024-39470
In the Linux kernel, the following vulnerability has been resolved: eventfs: Fix a possible null pointer dereference in eventfs_find_events() In function eventfs_find_events,there is a potential null pointer that may be caused by calling update_events_attr which will perform some operations on the members of the ei struct when ei is NULL. Hence,When ei->is_freed is set,return NULL directly. • https://git.kernel.org/stable/c/628adb842bd5e1c2c598534a7a022b8235289de6 https://git.kernel.org/stable/c/8186fff7ab649085e2c60d032d9a20a85af1d87c https://git.kernel.org/stable/c/9c2ac5e0ea7899411fd900d4681890722a020735 https://git.kernel.org/stable/c/5ade5fbdbbb1f023bb70730ba4d74146c8bc7eb9 https://git.kernel.org/stable/c/7a1b2d138189375ed1dcd7d0851118230221bd1d https://git.kernel.org/stable/c/d4e9a968738bf66d3bb852dd5588d4c7afd6d7f4 •
CVE-2024-39469 – nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors
https://notcve.org/view.php?id=CVE-2024-39469
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the folio/page cannot be read or nilfs_check_folio() fails, it will falsely determine the directory as empty and corrupt the file system. In addition, since nilfs_empty_dir() does not immediately return on a failed folio/page read, but continues to loop, this can cause a long loop with I/O if i_size of the directory's inode is also corrupted, causing the log writer thread to wait and hang, as reported by syzbot. Fix these issues by making nilfs_empty_dir() immediately return a false value (0) if it fails to get a directory folio/page. • https://git.kernel.org/stable/c/2ba466d74ed74f073257f86e61519cb8f8f46184 https://git.kernel.org/stable/c/2ac8a2fe22bdde9eecce2a42cf5cab79333fb428 https://git.kernel.org/stable/c/405b71f1251e5ae865f53bd27c45114e6c83bee3 https://git.kernel.org/stable/c/c77ad608df6c091fe64ecb91f41ef7cb465587f1 https://git.kernel.org/stable/c/11a2edb70356a2202dcb7c9c189c8356ab4752cd https://git.kernel.org/stable/c/129dcd3e7d036218db3f59c82d82004b9539ed82 https://git.kernel.org/stable/c/d18b05eda7fa77f02114f15b02c009f28ee42346 https://git.kernel.org/stable/c/59f14875a96ef93f05b82ad3c980605f2 •