CVE-2024-50252 – mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address
https://notcve.org/view.php?id=CVE-2024-50252
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following reproducer [1] would result in a warning [2] and a memory leak [3]. • https://git.kernel.org/stable/c/cf42911523e02026cb56d329e584ae5923e94ba1 https://git.kernel.org/stable/c/d8f298eb6659eb6a38e26b79e77de4449dc6e61b https://git.kernel.org/stable/c/31384aa2ad05c29c7745000f321154f42de24d1a https://git.kernel.org/stable/c/c1bbdbe07f0bc3bc9f87efe4672d67208c6d6942 https://git.kernel.org/stable/c/12ae97c531fcd3bfd774d4dfeaeac23eafe24280 •
CVE-2024-50251 – netfilter: nft_payload: sanitize offset and length before calling skb_checksum()
https://notcve.org/view.php?id=CVE-2024-50251
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it checks that the expected length to be included in the checksum calculation is fully consumed. • https://git.kernel.org/stable/c/7ec3f7b47b8d9ad7ba425726f2c58f9ddce040df https://git.kernel.org/stable/c/a661ed364ae6ae88c2fafa9ddc27df1af2a73701 https://git.kernel.org/stable/c/ac7df3fc80fc82bcc3b1e8f6ebc0d2c435d0c534 https://git.kernel.org/stable/c/e3e608cbad376674d19a71ccd0d41804d9393f02 https://git.kernel.org/stable/c/b1d2de8a669fa14c499a385e056944d5352b3b40 https://git.kernel.org/stable/c/d3217323525f7596427124359e76ea0d8fcc9874 https://git.kernel.org/stable/c/0ab3be58b45b996764aba0187b46de19b3e58a72 https://git.kernel.org/stable/c/c43e0ea848e7b9bef7a682cbc5608022d •
CVE-2024-50250 – fsdax: dax_unshare_iter needs to copy entire blocks
https://notcve.org/view.php?id=CVE-2024-50250
In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len passed to dax_file_unshare are not aligned to an fsblock boundary, the iter pos and length in the _iter function will reflect this unalignment. dax_iomap_direct_access always returns a pointer to the start of the kmapped fsdax page, even if its pos argument is in the middle of that page. • https://git.kernel.org/stable/c/1bec6782a25c9b92c203ea7a1b3e3dc6a468cbc4 https://git.kernel.org/stable/c/d984648e428bf88cbd94ebe346c73632cb92fffb https://git.kernel.org/stable/c/bdbc96c23197d773a7d1bf03e4f11de593b0ff28 https://git.kernel.org/stable/c/9bc18bb476e50e32e5d08f2734d63d63e0fa528c https://git.kernel.org/stable/c/8e9c0f500b42216ef930f5c0d1703989a451913d https://git.kernel.org/stable/c/50793801fc7f6d08def48754fb0f0706b0cfc394 •
CVE-2024-50249 – ACPI: CPPC: Make rmw_lock a raw_spin_lock
https://notcve.org/view.php?id=CVE-2024-50249
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmw_lock a raw_spin_lock The following BUG was triggered: ============================= [ BUG: Invalid wait context ] 6.12.0-rc2-XXX #406 Not tainted ----------------------------- kworker/1:1/62 is trying to lock: ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370 other info that might help us debug this: context-{5:5} 2 locks held by kworker/1:1/62: #0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50 #1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280 stack backtrace: CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406 Workqueue: 0x0 (events) Call trace: dump_backtrace+0xa4/0x130 show_stack+0x20/0x38 dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x28 __lock_acquire+0x480/0x1ad8 lock_acquire+0x114/0x310 _raw_spin_lock+0x50/0x70 cpc_write+0xcc/0x370 cppc_set_perf+0xa0/0x3a8 cppc_cpufreq_fast_switch+0x40/0xc0 cpufreq_driver_fast_switch+0x4c/0x218 sugov_update_shared+0x234/0x280 update_load_avg+0x6ec/0x7b8 dequeue_entities+0x108/0x830 dequeue_task_fair+0x58/0x408 __schedule+0x4f0/0x1070 schedule+0x54/0x130 worker_thread+0xc0/0x2e8 kthread+0x130/0x148 ret_from_fork+0x10/0x20 sugov_update_shared() locks a raw_spinlock while cpc_write() locks a spinlock. To have a correct wait-type order, update rmw_lock to a raw spinlock and ensure that interrupts will be disabled on the CPU holding it. [ rjw: Changelog edits ] • https://git.kernel.org/stable/c/94e8c988468dafde1d2bfe0532a60a3117f6394b https://git.kernel.org/stable/c/f812ca13a0d3e3aa418da36b66ca40df0d6f9e60 https://git.kernel.org/stable/c/8ad28208be7bbe748e90442c45963ddbef0fd1e2 https://git.kernel.org/stable/c/20cde05aa8bcd7a5ff36a609d813189b7cdbe692 https://git.kernel.org/stable/c/60949b7b805424f21326b450ca4f1806c06d982e https://git.kernel.org/stable/c/82cee12ada68dfd438c7faca152dbfe042868743 https://git.kernel.org/stable/c/c46d6b02588000c27b7b869388c2c0278bd0d173 https://git.kernel.org/stable/c/23039b4aaf1e82e0feea1060834d4ec34 •
CVE-2024-50248 – ntfs3: Add bounds checking to mi_enum_attr()
https://notcve.org/view.php?id=CVE-2024-50248
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyond valid memory region. • https://git.kernel.org/stable/c/22cdf3be7d34f61a91b9e2966fec3a29f3871398 https://git.kernel.org/stable/c/809f9b419c75f8042c58434d2bfe849140643e9d https://git.kernel.org/stable/c/556bdf27c2dd5c74a9caacbe524b943a6cd42d99 •