CVE-2024-27044 – drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
https://notcve.org/view.php?id=CVE-2024-27044
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875) En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: corrige posibles desreferencias del puntero NULL en 'dcn10_set_output_transfer_func()'. El puntero 'stream' se usa en dcn10_set_output_transfer_func() antes de verificar si 'stream' es NULL. Corrige lo siguiente: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() advertencia: variable desreferenciada antes de verificar 'flujo' (ver línea 1875) • https://git.kernel.org/stable/c/ddef02de0d71d483ad4398393717cc0d53fc990a https://git.kernel.org/stable/c/e019d87e02f1e539ae48b99187f253847744ca7a https://git.kernel.org/stable/c/330caa061af53ea6d287d7c43d0703714e510e08 https://git.kernel.org/stable/c/6ac7c7a3a9ab57aba0fe78ecb922d2b20e16efeb https://git.kernel.org/stable/c/29fde8895b2fcc33f44aea28c644ce2d9b62f9e0 https://git.kernel.org/stable/c/2d9fe7787af01188dc470a649bdbb842d6511fd7 https://git.kernel.org/stable/c/14613d52bc7fc180df6d2c65ba65fc921fc1dda7 https://git.kernel.org/stable/c/7874ab3105ca4657102fee1cc14b0af70 •
CVE-2024-27043 – media: edia: dvbdev: fix a use-after-free
https://notcve.org/view.php?id=CVE-2024-27043
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocation, causing use-after-frees in many places, for example, in the following call chain: budget_register |-> dvb_dmxdev_init |-> dvb_register_device |-> dvb_dmxdev_release |-> dvb_unregister_device |-> dvb_remove_device |-> dvb_device_put |-> kref_put When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in dvb_register_device) could point to memory that had been freed in dvb_register_device. Thereafter, this pointer is transferred to kref_put and triggering a use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: edia: dvbdev: corregir un use-after-free En dvb_register_device, *pdvbdev se establece igual a dvbdev, que se libera en varias rutas de manejo de errores. • https://git.kernel.org/stable/c/b61901024776b25ce7b8edc31bb1757c7382a88e https://git.kernel.org/stable/c/d0f5c28333822f9baa5280d813124920720fd856 https://git.kernel.org/stable/c/f20c3270f3ed5aa6919a87e4de9bf6c05fb57086 https://git.kernel.org/stable/c/096237039d00c839f3e3a5fe6d001bf0db45b644 https://git.kernel.org/stable/c/0d3fe80b6d175c220b3e252efc6c6777e700e98e https://git.kernel.org/stable/c/437a111f79a2f5b2a5f21e27fdec6f40c8768712 https://git.kernel.org/stable/c/779e8db7efb22316c8581d6c229636d2f5694a62 https://git.kernel.org/stable/c/35674111a043b0482a9bc69da8850a83f •
CVE-2024-27038 – clk: Fix clk_core_get NULL dereference
https://notcve.org/view.php?id=CVE-2024-27038
In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw->core. Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: corrige la desreferencia de clk_core_get NULL Es posible que clk_core_get elimine la referencia a un NULL en la siguiente secuencia: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() puede devolver NULL que es desreferenciado por clk_core_get() en hw->core. Antes de confirmar dde4eff47c82 ("clk: buscar padres con clk_lookups basado en clkdev") se realizó la verificación IS_ERR_OR_NULL() que habría detectado el NULL. Leyendo la descripción de esta función se habla de devolver NULL pero eso no puede ser así por el momento. Actualice la función para verificar hw antes de eliminar la referencia y devuelva NULL si hw es NULL. • https://git.kernel.org/stable/c/dde4eff47c82c52a72af333d9e55370eee6d95d6 https://git.kernel.org/stable/c/d7ae7d1265686b55832a445b1db8cdd69738ac07 https://git.kernel.org/stable/c/239174535dba11f7b83de0eaaa27909024f8c185 https://git.kernel.org/stable/c/0efb9ef6fb95384ba631d6819e66f10392aabfa2 https://git.kernel.org/stable/c/a8b2b26fdd011ebe36d68a9a321ca45801685959 https://git.kernel.org/stable/c/a5d9b1aa61b401867b9066d54086b3e4ee91f8ed https://git.kernel.org/stable/c/c554badcae9c45b737a22d23454170c6020b90e6 https://git.kernel.org/stable/c/6f073b24a9e2becd25ac4505a9780a87e •
CVE-2024-27037 – clk: zynq: Prevent null pointer dereference caused by kmalloc failure
https://notcve.org/view.php?id=CVE-2024-27037
In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to the null address, the null pointer dereference bug will happen. This patch uses a stack variable to replace the kmalloc(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: zynq: evita la desreferencia del puntero nulo causada por una falla de kmalloc. El kmalloc() en zynq_clk_setup() devolverá nulo si la memoria física se ha agotado. Como resultado, si usamos snprintf() para escribir datos en la dirección nula, se producirá el error de desreferencia del puntero nulo. • https://git.kernel.org/stable/c/0ee52b157b8ed88550ddd6291e54bb4bfabde364 https://git.kernel.org/stable/c/01511ac7be8e45f80e637f6bf61af2d3d2dee9db https://git.kernel.org/stable/c/8c4889a9ea861d7be37463c10846eb75e1b49c9d https://git.kernel.org/stable/c/0801c893fd48cdba66a3c8f44c3fe43cc67d3b85 https://git.kernel.org/stable/c/ca976c6a592f789700200069ef9052493c0b73d8 https://git.kernel.org/stable/c/58a946ab43501f2eba058d24d96af0ad1122475b https://git.kernel.org/stable/c/7938e9ce39d6779d2f85d822cc930f73420e54a6 • CWE-476: NULL Pointer Dereference •
CVE-2024-27032 – f2fs: fix to avoid potential panic during recovery
https://notcve.org/view.php?id=CVE-2024-27032
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential panic during recovery During recovery, if FAULT_BLOCK is on, it is possible that f2fs_reserve_new_block() will return -ENOSPC during recovery, then it may trigger panic. Also, if fault injection rate is 1 and only FAULT_BLOCK fault type is on, it may encounter deadloop in loop of block reservation. Let's change as below to fix these issues: - remove bug_on() to avoid panic. - limit the loop count of block reservation to avoid potential deadloop. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: f2fs: corrección para evitar un posible pánico durante la recuperación. Durante la recuperación, si FAULT_BLOCK está activado, es posible que f2fs_reserve_new_block() devuelva -ENOSPC durante la recuperación, lo que puede provocar pánico. Además, si la tasa de inyección de fallas es 1 y solo el tipo de falla FAULT_BLOCK está activado, es posible que se produzca un bucle muerto en el bucle de reserva de bloque. Cambiemos como se muestra a continuación para solucionar estos problemas: - elimine bug_on() para evitar el pánico. - limitar el número de bucles de reserva de bloques para evitar posibles bucles muertos. • https://git.kernel.org/stable/c/b1020a546779139eec5d930e15ce534c1101b89c https://git.kernel.org/stable/c/2a7b12d4705bc308cf18eae2b69ec8db34881cc3 https://git.kernel.org/stable/c/b29cc6e29b5e6037e1bcd2b2ac67b7d89acd194c https://git.kernel.org/stable/c/956fa1ddc132e028f3b7d4cf17e6bfc8cb36c7fd https://git.kernel.org/stable/c/bc1fb291f36dd1d9d667241d9fe30b835dbb8ee8 https://git.kernel.org/stable/c/9fceaf8182d453639cddb7f4a6877a1e1564de39 https://git.kernel.org/stable/c/80c69f576ff39d6ae8a6e2107da3dc03b533759c https://git.kernel.org/stable/c/b4fb0807a1d60f8642a5fd62bd659cd60 •