CVE-2023-52791 – i2c: core: Run atomic i2c xfer when !preemptible
https://notcve.org/view.php?id=CVE-2023-52791
In the Linux kernel, the following vulnerability has been resolved: i2c: core: Run atomic i2c xfer when !preemptible Since bae1d3a05a8b, i2c transfers are non-atomic if preemption is disabled. However, non-atomic i2c transfers require preemption (e.g. in wait_for_completion() while waiting for the DMA). panic() calls preempt_disable_notrace() before calling emergency_restart(). Therefore, if an i2c device is used for the restart, the xfer should be atomic. This avoids warnings like: [ 12.667612] WARNING: CPU: 1 PID: 1 at kernel/rcu/tree_plugin.h:318 rcu_note_context_switch+0x33c/0x6b0 [ 12.676926] Voluntary context switch within RCU read-side critical section! • https://git.kernel.org/stable/c/bae1d3a05a8b99bd748168bbf8155a1d047c562e https://git.kernel.org/stable/c/25eb381a736e7ae39a4245ef5c96484eb1073809 https://git.kernel.org/stable/c/25284c46b657f48c0f3880a2e0706c70d81182c0 https://git.kernel.org/stable/c/f6237afabc349c1c7909db00e15d2816519e0d2b https://git.kernel.org/stable/c/185f3617adc8fe45e40489b458f03911f0dec46c https://git.kernel.org/stable/c/8c3fa52a46ff4d208cefb1a462ec94e0043a91e1 https://git.kernel.org/stable/c/3473cf43b9068b9dfef2f545f833f33c6a544b91 https://git.kernel.org/stable/c/aa49c90894d06e18a1ee7c095edbd2f37 • CWE-459: Incomplete Cleanup •
CVE-2023-52790 – swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC
https://notcve.org/view.php?id=CVE-2023-52790
In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix out-of-bounds TLB allocations with CONFIG_SWIOTLB_DYNAMIC Limit the free list length to the size of the IO TLB. Transient pool can be smaller than IO_TLB_SEGSIZE, but the free list is initialized with the assumption that the total number of slots is a multiple of IO_TLB_SEGSIZE. As a result, swiotlb_area_find_slots() may allocate slots past the end of a transient IO TLB buffer. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: swiotlb: corrige asignaciones de TLB fuera de los límites con CONFIG_SWIOTLB_DYNAMIC Limita la longitud de la lista libre al tamaño del IO TLB. El grupo transitorio puede ser más pequeño que IO_TLB_SEGSIZE, pero la lista libre se inicializa asumiendo que el número total de ranuras es un múltiplo de IO_TLB_SEGSIZE. Como resultado, swiotlb_area_find_slots() puede asignar ranuras más allá del final de un búfer IO TLB transitorio. • https://git.kernel.org/stable/c/79636caad3618e2b38457f6e298c9b31ba82b489 https://git.kernel.org/stable/c/ce7612496a4ba6068bc68aa1fa9d947dadb4ad9b https://git.kernel.org/stable/c/53c87e846e335e3c18044c397cc35178163d7827 •
CVE-2023-52789 – tty: vcc: Add check for kstrdup() in vcc_probe()
https://notcve.org/view.php?id=CVE-2023-52789
In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tty: vcc: Agregar verificación para kstrdup() en vcc_probe(). Agregar verificación para el valor de retorno de kstrdup() y devolver el error, si falla, para evitar la desreferencia de puntero NULL . • https://git.kernel.org/stable/c/38cd56fc9de78bf3c878790785e8c231116ef9d3 https://git.kernel.org/stable/c/909963e0c16778cec28efb1affc21558825f4200 https://git.kernel.org/stable/c/460284dfb10b207980c6f3f7046e33446ceb38ac https://git.kernel.org/stable/c/4ef41a7f33ffe1a335e7db7e1564ddc6afad47cc https://git.kernel.org/stable/c/6c80f48912b5bd4965352d1a9a989e21743a4a06 https://git.kernel.org/stable/c/7cebc86481bf16049e266f6774d90f2fd4f8d5d2 https://git.kernel.org/stable/c/4a24a31826246b15477399febd13292b0c9f0ee9 https://git.kernel.org/stable/c/8f8771757b130383732195497e47fba2a •
CVE-2023-52788 – i915/perf: Fix NULL deref bugs with drm_dbg() calls
https://notcve.org/view.php?id=CVE-2023-52788
In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL dereferences. As returning -ENOTSUPP is pretty clear return when perf interface is not available. [tursulin: added stable tag] (cherry picked from commit 36f27350ff745bd228ab04d7845dfbffc177a889) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i915/perf: corrige errores de desreferencia NULL con llamadas drm_dbg(). Cuando la interfaz i915 perf no está disponible, la desreferenciación conducirá a desreferencias NULL. Como devolver -ENOTSUPP es un retorno bastante claro cuando la interfaz perf no está disponible. [tursulin: etiqueta estable agregada] (cereza seleccionada del compromiso 36f27350ff745bd228ab04d7845dfbffc177a889) • https://git.kernel.org/stable/c/9b344cf6aea0a69c00e19efdc6e02c6d5aae1a23 https://git.kernel.org/stable/c/2fec539112e89255b6a47f566e21d99937fada7b https://git.kernel.org/stable/c/1566e8be73fd5fa424e88d2a4cffdc34f970f0e1 https://git.kernel.org/stable/c/55db76caa782baa4a1bf02296e2773c38a524a3e https://git.kernel.org/stable/c/bf8e105030083e7b71591cdf437e464bcd8a0c09 https://git.kernel.org/stable/c/10f49cdfd5fb342a1a9641930dc040c570694e98 https://git.kernel.org/stable/c/471aa951bf1206d3c10d0daa67005b8e4db4ff83 https://access.redhat.com/security/cve/CVE-2023-52788 • CWE-476: NULL Pointer Dereference •
CVE-2023-52787 – blk-mq: make sure active queue usage is held for bio_integrity_prep()
https://notcve.org/view.php?id=CVE-2023-52787
In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for bio_integrity_prep() blk_integrity_unregister() can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed with calling profile->complete_fn, then kernel panic. Another constraint is that bio_integrity_prep() needs to be called before bio merge. Fix the issue by: - call bio_integrity_prep() with one queue usage counter grabbed reliably - call bio_integrity_prep() before bio merge En el kernel de Linux, se resolvió la siguiente vulnerabilidad: blk-mq: asegúrese de que el uso de la cola activa se mantenga para bio_integrity_prep() blk_integrity_unregister() puede aparecer si el contador de uso de la cola no se mantiene para una biografía con integridad preparada, por lo que esta solicitud se puede completar llamando al perfil->complete_fn, luego kernel panic. Otra restricción es que es necesario llamar a bio_integrity_prep() antes de la fusión biológica. Solucione el problema de la siguiente manera: - llame a bio_integrity_prep() con un contador de uso de cola capturado de manera confiable - llame a bio_integrity_prep() antes de fusionar la biografía • https://git.kernel.org/stable/c/900e080752025f0016128f07c9ed4c50eba3654b https://git.kernel.org/stable/c/b5c8e0ff76d10f6bf70a7237678f27c20cf59bc9 https://git.kernel.org/stable/c/e9c309ded295b7f8849097d71ae231456ca79f78 https://git.kernel.org/stable/c/b80056bd75a16e4550873ecefe12bc8fd190b1cf https://git.kernel.org/stable/c/b0077e269f6c152e807fdac90b58caf012cdbaab •