CVE-2024-43848 – wifi: mac80211: fix TTLM teardown work
https://notcve.org/view.php?id=CVE-2024-43848
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix TTLM teardown work The worker calculates the wrong sdata pointer, so if it ever runs, it'll crash. Fix that. • https://git.kernel.org/stable/c/a17a58ad2ff24f0d201fa5f9939182f3757d1737 https://git.kernel.org/stable/c/9750899410c8478ef043c42029f4f6144c096eac https://git.kernel.org/stable/c/2fe0a605d083b884490ee4de02be071b5b4291b1 •
CVE-2024-43847 – wifi: ath12k: fix invalid memory access while processing fragmented packets
https://notcve.org/view.php?id=CVE-2024-43847
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index. When the driver receives an interrupt for the reo reinject ring, the monitor ring is also processed, leading to invalid memory access. Since monitor support is not yet enabled in ath12k, the ring mask for the monitor ring should be removed. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00209-QCAHKSWPL_SILICONZ-1 • https://git.kernel.org/stable/c/d889913205cf7ebda905b1e62c5867ed4e39f6c2 https://git.kernel.org/stable/c/8126f82dab7bd8b2e04799342b19fff0a1fd8575 https://git.kernel.org/stable/c/36fc66a7d9ca3e5c6eac25362cac63f83df8bed6 https://git.kernel.org/stable/c/073f9f249eecd64ab9d59c91c4a23cfdcc02afe4 •
CVE-2024-43846 – lib: objagg: Fix general protection fault
https://notcve.org/view.php?id=CVE-2024-43846
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation on how to aggregate the provided objects. Nesting is not possible in the first case due to a check that prevents it, but in the second case there is no check because the assumption is that nesting cannot happen when creating objects based on hints. The violation of this assumption leads to various warnings and eventually to a general protection fault [1]. Before fixing the root cause, error out when nesting happens and warn. [1] general protection fault, probably for non-canonical address 0xdead000000000d90: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 1083 Comm: kworker/1:9 Tainted: G W 6.9.0-rc6-custom-gd9b4f1cca7fb #7 Hardware name: Mellanox Technologies Ltd. MSN3700/VMOD0005, BIOS 5.11 01/06/2019 Workqueue: mlxsw_core mlxsw_sp_acl_tcam_vregion_rehash_work RIP: 0010:mlxsw_sp_acl_erp_bf_insert+0x25/0x80 [...] Call Trace: <TASK> mlxsw_sp_acl_atcam_entry_add+0x256/0x3c0 mlxsw_sp_acl_tcam_entry_create+0x5e/0xa0 mlxsw_sp_acl_tcam_vchunk_migrate_one+0x16b/0x270 mlxsw_sp_acl_tcam_vregion_rehash_work+0xbe/0x510 process_one_work+0x151/0x370 worker_thread+0x2cb/0x3e0 kthread+0xd0/0x100 ret_from_fork+0x34/0x50 ret_from_fork_asm+0x1a/0x30 </TASK> Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. • https://git.kernel.org/stable/c/9069a3817d82b01b3a55da382c774e3575946130 https://git.kernel.org/stable/c/8161263362154cbebfbf4808097b956a6a8cb98a https://git.kernel.org/stable/c/22ae17a267f4812861f0c644186c3421ff97dbfc https://git.kernel.org/stable/c/565213e005557eb6cc4e42189d26eb300e02f170 https://git.kernel.org/stable/c/5adc61d29bbb461d7f7c2b48dceaa90ecd182eb7 https://git.kernel.org/stable/c/1936fa05a180834c3b52e0439a6bddc07814d3eb https://git.kernel.org/stable/c/499f742fed42e74f1321f4b12ca196a66a2b49fc https://git.kernel.org/stable/c/b4a3a89fffcdf09702b1f161b914e52ab •
CVE-2024-43845 – udf: Fix bogus checksum computation in udf_rename()
https://notcve.org/view.php?id=CVE-2024-43845
In the Linux kernel, the following vulnerability has been resolved: udf: Fix bogus checksum computation in udf_rename() Syzbot reports uninitialized memory access in udf_rename() when updating checksum of '..' directory entry of a moved directory. This is indeed true as we pass on-stack diriter.fi to the udf_update_tag() and because that has only struct fileIdentDesc included in it and not the impUse or name fields, the checksumming function is going to checksum random stack contents beyond the end of the structure. This is actually harmless because the following udf_fiiter_write_fi() will recompute the checksum from on-disk buffers where everything is properly included. So all that is needed is just removing the bogus calculation. Ubuntu Security Notice 7155-1 - Several security issues were discovered in the Linux kernel. • https://git.kernel.org/stable/c/9616d00140a1cdf0bfa557019b36923dc7796942 https://git.kernel.org/stable/c/e9109a92d2a95889498bed3719cd2318892171a2 https://git.kernel.org/stable/c/c996b570305e7a6910c2ce4cdcd4c22757ffe241 https://git.kernel.org/stable/c/fe2ead240c31e8d158713beca9d0681a6e6a53ab https://git.kernel.org/stable/c/40d7b3ed52449d36143bab8d3e70926aa61a60f4 https://git.kernel.org/stable/c/27ab33854873e6fb958cb074681a0107cc2ecc4c https://git.kernel.org/stable/c/9c439311c13fc6faab1921441165c9b8b500c83b •
CVE-2024-43844 – wifi: rtw89: wow: fix GTK offload H2C skbuff issue
https://notcve.org/view.php?id=CVE-2024-43844
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: wow: fix GTK offload H2C skbuff issue We mistakenly put skb too large and that may exceed skb->end. Therefore, we fix it. skbuff: skb_over_panic: text:ffffffffc09e9a9d len:416 put:204 head:ffff8fba04eca780 data:ffff8fba04eca7e0 tail:0x200 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:192! invalid opcode: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 4747 Comm: kworker/u4:44 Tainted: G O 6.6.30-02659-gc18865c4dfbd #1 86547039b47e46935493f615ee31d0b2d711d35e Hardware name: HP Meep/Meep, BIOS Google_Meep.11297.262.0 03/18/2021 Workqueue: events_unbound async_run_entry_fn RIP: 0010:skb_panic+0x5d/0x60 Code: c6 63 8b 8f bb 4c 0f 45 f6 48 c7 c7 4d 89 8b bb 48 89 ce 44 89 d1 41 56 53 41 53 ff b0 c8 00 00 00 e8 27 5f 23 00 48 83 c4 20 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 RSP: 0018:ffffaa700144bad0 EFLAGS: 00010282 RAX: 0000000000000089 RBX: 0000000000000140 RCX: 14432c5aad26c900 RDX: 0000000000000000 RSI: 00000000ffffdfff RDI: 0000000000000001 RBP: ffffaa700144bae0 R08: 0000000000000000 R09: ffffaa700144b920 R10: 00000000ffffdfff R11: ffffffffbc28fbc0 R12: ffff8fba4e57a010 R13: 0000000000000000 R14: ffffffffbb8f8b63 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff8fba7bd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007999c4ad1000 CR3: 000000015503a000 CR4: 0000000000350ee0 Call Trace: <TASK> ? __die_body+0x1f/0x70 ? die+0x3d/0x60 ? do_trap+0xa4/0x110 ? • https://git.kernel.org/stable/c/ed9a3c0d4dd9ce79ff7f65238164a96da1b52dbf https://git.kernel.org/stable/c/ef0d9d2f0dc1133db3d3a1c5167190c6627146b2 https://git.kernel.org/stable/c/dda364c345913fe03ddbe4d5ae14a2754c100296 •