CVE-2024-27055 – workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
https://notcve.org/view.php?id=CVE-2024-27055
In the Linux kernel, the following vulnerability has been resolved: workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() For wq_update_node_max_active(), @off_cpu of -1 indicates that no CPU is going down. The function was incorrectly calling cpumask_test_cpu() with -1 CPU leading to oopses like the following on some archs: Unable to handle kernel paging request at virtual address ffff0002100296e0 .. pc : wq_update_node_max_active+0x50/0x1fc lr : wq_update_node_max_active+0x1f0/0x1fc ... Call trace: wq_update_node_max_active+0x50/0x1fc apply_wqattrs_commit+0xf0/0x114 apply_workqueue_attrs_locked+0x58/0xa0 alloc_workqueue+0x5ac/0x774 workqueue_init_early+0x460/0x540 start_kernel+0x258/0x684 __primary_switched+0xb8/0xc0 Code: 9100a273 35000d01 53067f00 d0016dc1 (f8607a60) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Attempted to kill the idle task! ---[ end Kernel panic - not syncing: Attempted to kill the idle task! ]--- Fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cola de trabajo: no llame a cpumask_test_cpu() con -1 CPU en wq_update_node_max_active() Para wq_update_node_max_active(), @off_cpu de -1 indica que no hay ninguna CPU fallando. • https://git.kernel.org/stable/c/5a70baec2294e8a7d0fcc4558741c23e752dad5c https://git.kernel.org/stable/c/843288afd3cc6f3342659c6cf81fc47684d25563 https://git.kernel.org/stable/c/a75ac2693d734d20724f0e10e039ca85f1fcfc4e https://git.kernel.org/stable/c/adc646d2126988a64234502f579e4bc2b080d7cf https://git.kernel.org/stable/c/7df62b8cca38aa452b508b477b16544cba615084 https://git.kernel.org/stable/c/38c19c44cc05ec1e84d2e31a9a289b83b6c7ec85 https://git.kernel.org/stable/c/9fc557d489f8163c1aabcb89114b8eba960f4097 https://git.kernel.org/stable/c/15930da42f8981dc42c19038042947b47 •
CVE-2024-27054 – s390/dasd: fix double module refcount decrement
https://notcve.org/view.php?id=CVE-2024-27054
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path causes refcount to artificially decrease on each error while it should just stay the same. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: corrige la disminución del doble recuento del módulo Una vez que la disciplina está asociada con el dispositivo, eliminar el dispositivo se encarga de disminuir el recuento del módulo. Hacerlo manualmente en esta ruta de error hace que el recuento disminuya artificialmente en cada error, mientras que debería permanecer igual. • https://git.kernel.org/stable/c/c020d722b110a44c613ef71e657e6dd4116e09d9 https://git.kernel.org/stable/c/edbdb0d94143db46edd373cc93e433832d29fe19 https://git.kernel.org/stable/c/ad999aa18103fa038787b6a8a55020abcf34df1a https://git.kernel.org/stable/c/ec09bcab32fc4765e0cc97e1b72cdd067135f37e https://git.kernel.org/stable/c/fa18aa507ea71d8914b6acb2c94db311c757c650 https://git.kernel.org/stable/c/ebc5a3bd79e54f98c885c26f0862a27a02c487c5 https://git.kernel.org/stable/c/c3116e62ddeff79cae342147753ce596f01fcf06 •
CVE-2024-27053 – wifi: wilc1000: fix RCU usage in connect path
https://notcve.org/view.php?id=CVE-2024-27053
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted ----------------------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_dereference_check() usage! [...] stack backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant Not tainted 6.7.0-rc1-wt+ #333 Hardware name: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x48 dump_stack_lvl from wilc_parse_join_bss_param+0x7dc/0x7f4 wilc_parse_join_bss_param from connect+0x2c4/0x648 connect from cfg80211_connect+0x30c/0xb74 cfg80211_connect from nl80211_connect+0x860/0xa94 nl80211_connect from genl_rcv_msg+0x3fc/0x59c genl_rcv_msg from netlink_rcv_skb+0xd0/0x1f8 netlink_rcv_skb from genl_rcv+0x2c/0x3c genl_rcv from netlink_unicast+0x3b0/0x550 netlink_unicast from netlink_sendmsg+0x368/0x688 netlink_sendmsg from ____sys_sendmsg+0x190/0x430 ____sys_sendmsg from ___sys_sendmsg+0x110/0x158 ___sys_sendmsg from sys_sendmsg+0xe8/0x150 sys_sendmsg from ret_fast_syscall+0x0/0x1c This warning is emitted because in the connect path, when trying to parse target BSS parameters, we dereference a RCU pointer whithout being in RCU critical section. Fix RCU dereference usage by moving it to a RCU read critical section. To avoid wrapping the whole wilc_parse_join_bss_param under the critical section, just use the critical section to copy ies data En el kernel de Linux, se resolvió la siguiente vulnerabilidad: wifi: wilc1000: corrige el uso de RCU en la ruta de conexión Con lockdep habilitado, las llamadas a la función de conexión desde la capa cfg802.11 generan la siguiente advertencia: ======== ====================== ADVERTENCIA: uso sospechoso de RCU 6.7.0-rc1-wt+ #333 No contaminado ------------- ---------------- drivers/net/wireless/microchip/wilc1000/hif.c:386 ¡uso sospechoso de rcu_dereference_check()! [...] pila backtrace: CPU: 0 PID: 100 Comm: wpa_supplicant No está contaminado 6.7.0-rc1-wt+ #333 Nombre de hardware: Atmel SAMA5 unwind_backtrace from show_stack+0x18/0x1c show_stack from dump_stack_lvl+0x34/0x48 dump_stack_lvl from wilc_parse_join_bss_para m +0x7dc/0x7f4 wilc_parse_join_bss_param desde connect+0x2c4/0x648 conectar desde cfg80211_connect+0x30c/0xb74 cfg80211_connect desde nl80211_connect+0x860/0xa94 nl80211_connect desde genl_rcv_msg+0x3fc /0x59c genl_rcv_msg de netlink_rcv_skb+0xd0/0x1f8 netlink_rcv_skb de genl_rcv+0x2c/0x3c genl_rcv de netlink_unicast+ 0x3b0/0x550 netlink_unicast de netlink_sendmsg+0x368/0x688 netlink_sendmsg de ____sys_sendmsg+0x190/0x430 ____sys_sendmsg de ___sys_sendmsg+0x110/0x158 ___sys_sendmsg de sys_sendmsg +0xe8/0x150 sys_sendmsg de ret_fast_syscall+0x0/0x1c Esta advertencia se emite porque en la ruta de conexión, al intentar Para analizar los parámetros BSS de destino, eliminamos la referencia a un puntero de RCU sin estar en la sección crítica de RCU. Corrija el uso de desreferenciación de RCU moviéndolo a una sección crítica de lectura de RCU. • https://git.kernel.org/stable/c/c460495ee072fc01a9b1e8d72c179510418cafac https://git.kernel.org/stable/c/e556006de4ea93abe2b46cba202a2556c544b8b2 https://git.kernel.org/stable/c/b4bbf38c350acb6500cbe667b1e2e68f896e4b38 https://git.kernel.org/stable/c/d80fc436751cfa6b02a8eda74eb6cce7dadfe5a2 https://git.kernel.org/stable/c/745003b5917b610352f52fe0d11ef658d6471ec2 https://git.kernel.org/stable/c/4bfd20d5f5c62b5495d6c0016ee6933bd3add7ce https://git.kernel.org/stable/c/5800ec78775c0cd646f71eb9bf8402fb794807de https://git.kernel.org/stable/c/dd50d3ead6e3707bb0a5df7cc832730c9 • CWE-476: NULL Pointer Dereference •
CVE-2024-27052 – wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
https://notcve.org/view.php?id=CVE-2024-27052
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop(). En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: rtl8xxxu: agregue cancel_work_sync() para c2hcmd_work Es posible que la cola de trabajo aún esté ejecutándose cuando se detiene el controlador. Para evitar un use-after-free, llame a cancel_work_sync() en rtl8xxxu_stop(). A vulnerability was found in the Linux kernel's net rtl8xxxu_core.c driver, where a race condition can lead to a use-after-free situation in the rtl8xxxu_stop() function. • https://git.kernel.org/stable/c/e542e66b7c2ee2adeefdbb7f259f2f60cadf2819 https://git.kernel.org/stable/c/dddedfa3b29a63c2ca4336663806a6128b8545b4 https://git.kernel.org/stable/c/ac512507ac89c01ed6cd4ca53032f52cdb23ea59 https://git.kernel.org/stable/c/3518cea837de4d106efa84ddac18a07b6de1384e https://git.kernel.org/stable/c/156012667b85ca7305cb363790d3ae8519a6f41e https://git.kernel.org/stable/c/7059cdb69f8e1a2707dd1e2f363348b507ed7707 https://git.kernel.org/stable/c/58fe3bbddfec10c6b216096d8c0e517cd8463e3a https://git.kernel.org/stable/c/1213acb478a7181cd73eeaf00db430f1e • CWE-416: Use After Free •
CVE-2024-27051 – cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
https://notcve.org/view.php?id=CVE-2024-27051
In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cpufreq: brcmstb-avs-cpufreq: agregar verificación para el valor de retorno de cpufreq_cpu_get cpufreq_cpu_get puede devolver NULL. Para evitar la desreferencia NULL, verifíquelo y devuelva 0 en caso de error. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/de322e085995b9417582d6f72229dadb5c09d163 https://git.kernel.org/stable/c/9127599c075caff234359950117018a010dd01db https://git.kernel.org/stable/c/d951cf510fb0df91d3abac0121a59ebbc63c0567 https://git.kernel.org/stable/c/e72160cb6e23b78b41999d6885a34ce8db536095 https://git.kernel.org/stable/c/b25b64a241d769e932a022e5c780cf135ef56035 https://git.kernel.org/stable/c/74b84d0d71180330efe67c82f973a87f828323e5 https://git.kernel.org/stable/c/e6e3e51ffba0784782b1a076d7441605697ea3c6 https://git.kernel.org/stable/c/f661017e6d326ee187db24194cabb013d •