CVE-2023-52636 – libceph: just wait for more data to be available on the socket
https://notcve.org/view.php?id=CVE-2023-52636
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes all read_partial_*() handlers, including read_partial_sparse_msg_data(). The expectation is that read_partial_sparse_msg_data() would bail, allowing the messenger to invoke read_partial() for the footer and pick up where it left off. Ho... • https://git.kernel.org/stable/c/d396f89db39a2f259e2125ca43b4c31bb65afcad •
CVE-2024-26673 – netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations
https://notcve.org/view.php?id=CVE-2024-26673
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a mandatory attribute for this object. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_ct: desinfecta el número de protocolo de capa 3 y 4 en expectativas personalizadas - No permitir familias que no sean N... • https://git.kernel.org/stable/c/857b46027d6f91150797295752581b7155b9d0e1 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVE-2024-26672 – drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
https://notcve.org/view.php?id=CVE-2024-26672
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' Fixes the below: drivers/gpu/drm/amd/amdgpu/amdgpu_mca.c:377 amdgpu_mca_smu_get_mca_entry() warn: variable dereferenced before check 'mca_funcs' (see line 368) 357 int amdgpu_mca_smu_get_mca_entry(struct amdgpu_device *adev, enum amdgpu_mca_error_type type, 358 int idx, struct mca_bank_entry *entry) 359 { 360 const struct amdgpu_mca_smu_f... • https://git.kernel.org/stable/c/7b5d58c07024516c0e81b95e98f37710cf402c53 • CWE-476: NULL Pointer Dereference •
CVE-2024-26671 – blk-mq: fix IO hang from sbitmap wakeup race
https://notcve.org/view.php?id=CVE-2024-26671
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_queue_wake_up(), waitqueue_active() may not observe the added waiter in blk_mq_mark_tag_wait() and wake up nothing, meantime blk_mq_mark_tag_wait() can't get driver tag successfully. This issue can be reproduced by running the followin... • https://git.kernel.org/stable/c/9525b38180e2753f0daa1a522b7767a2aa969676 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2023-52635 – PM / devfreq: Synchronize devfreq_monitor_[start/stop]
https://notcve.org/view.php?id=CVE-2023-52635
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from cancel_delayed_work_sync() and followed by expire_timers() can be seen from the traces[1]. while true do echo "simple_ondemand" > /sys/class/devfreq/1d84000.ufshc/governor echo "performance" > /sys/class/devfreq/1d84000.ufshc/governo... • https://git.kernel.org/stable/c/3399cc7013e761fee9d6eec795e9b31ab0cbe475 • CWE-414: Missing Lock Check •
CVE-2023-52633 – um: time-travel: fix time corruption
https://notcve.org/view.php?id=CVE-2023-52633
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: um: time-travel: fix time corruption In 'basic' time-travel mode (without =inf-cpu or =ext), we still get timer interrupts. These can happen at arbitrary points in time, i.e. while in timer_read(), which pushes time forward just a little bit. Then, if we happen to get the interrupt after calculating the new time to push to, but before actually finishing that, the interrupt will set the time to a value that's incompatible with the forward, a... • https://git.kernel.org/stable/c/0c7478a2da3f5fe106b4658338873d50c86ac7ab •
CVE-2023-52632 – drm/amdkfd: Fix lock dependency warning with srcu
https://notcve.org/view.php?id=CVE-2023-52632
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted ------------------------------------------------------ kworker/0:2/996 is trying to acquire lock: (srcu){.+.+}-{0:0}, at: __synchronize_srcu+0x5/0x1a0 but task is already holding lock: ((work_completion)(&svms->deferred_list_work)){+.+.}-{0:0}, at: p... • https://git.kernel.org/stable/c/b602f098f716723fa5c6c96a486e0afba83b7b94 • CWE-667: Improper Locking •
CVE-2024-26670 – arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
https://notcve.org/view.php?id=CVE-2024-26670
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't quite right, as it is supposed to be applied after the last explicit memory access, but is immediately followed by an LDR. The ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround is used to handle Cortex-A520 erratum 2966298 and Cortex-A510 erratum 3117295, which are described in: * https://developer.arm.com/doc... • https://git.kernel.org/stable/c/471470bc7052d28ce125901877dd10e4c048e513 • CWE-1300: Improper Protection of Physical Side Channels •
CVE-2024-26669 – net/sched: flower: Fix chain template offload
https://notcve.org/view.php?id=CVE-2024-26669
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the 'FLOW_BLOCK_UNBIND' command. The stack then continues to replay the removal of the filters in the block for this driver by iterating over the chains in the block and invoking the 'reoffload' operation of the classifier being used. In t... • https://git.kernel.org/stable/c/bbf73830cd48cff1599811d4f69c7cfd49c7b869 • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVE-2024-26668 – netfilter: nft_limit: reject configurations that cause integer overflow
https://notcve.org/view.php?id=CVE-2024-26668
02 Apr 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its better to reject this rather than having incorrect ratelimit. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nft_limit: rechazar configuraciones que causan desbordamiento de enteros Rechazar configuraciones fa... • https://git.kernel.org/stable/c/d2168e849ebf617b2b7feae44c0c0baf739cb610 • CWE-190: Integer Overflow or Wraparound •