CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26840 – cachefiles: fix memory leak in cachefiles_add_cache()
https://notcve.org/view.php?id=CVE-2024-26840
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced object 0xffff9b674176e3c0 (size 192): comm "cachefilesd2", pid 680, jiffies 4294881224 hex dump (first 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc ea38a44b): [<ffffffff8eb8a1a5>] kmem_cache_alloc+0x2d5/0x370 [<ffffffff8e917f86>] prepare_creds+0x26/0x2e0 [<ffffffffc002eeef>] cachefiles_determine_cache_security+0x1f/0x120 [<ffffffffc00243ec>] cachefiles_add_cache+0x13c/0x3a0 [<ffffffffc0025216>] cachefiles_daemon_write+0x146/0x1c0 [<ffffffff8ebc4a3b>] vfs_write+0xcb/0x520 [<ffffffff8ebc5069>] ksys_write+0x69/0xf0 [<ffffffff8f6d4662>] do_syscall_64+0x72/0x140 [<ffffffff8f8000aa>] entry_SYSCALL_64_after_hwframe+0x6e/0x76 ================================================================== Put the reference count of cache_cred in cachefiles_daemon_unbind() to fix the problem. And also put cache_cred in cachefiles_add_cache() error branch to avoid memory leaks. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cachefiles: corrige la pérdida de memoria en cachefiles_add_cache() Se informó la siguiente pérdida de memoria después de desvincular /dev/cachefiles: ================= ==================================================== objeto sin referencia 0xffff9b674176e3c0 (tamaño 192): comm "cachefilesd2", pid 680, jiffies 4294881224 volcado hexadecimal (primeros 32 bytes): 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc ea38a44b): [ ] kmem_cache_alloc+0x2d5/0x370 [] prepare_creds+0x26/0x2e0 [] cachefiles_determine_cache_security+0x1f/0x120 [] cachefiles_add_cache+0x13c/0x 3a0 [] cachefiles_daemon_write+0x146/0x1c0 [ ] vfs_write+0xcb/0x520 [] ksys_write+0x69/0xf0 [] do_syscall_64+0x72/0x140 [] Entry_SYSCALL_64_after_hwframe+0x6e/0x76 =============== ==================================================== == Coloque el recuento de referencias de cache_cred en cachefiles_daemon_unbind() para solucionar el problema. Y también coloque cache_cred en la rama de error cachefiles_add_cache() para evitar pérdidas de memoria. • https://git.kernel.org/stable/c/9ae326a69004dea8af2dae4fde58de27db700a8d https://git.kernel.org/stable/c/cb5466783793e66272624cf71925ae1d1ba32083 https://git.kernel.org/stable/c/037d5a949b0455540ef9aab34c10ddf54b65d285 https://git.kernel.org/stable/c/43eccc5823732ba6daab2511ed32dfc545a666d8 https://git.kernel.org/stable/c/94965be37add0983672e48ecb33cdbda92b62579 https://git.kernel.org/stable/c/8b218e2f0a27a9f09428b1847b4580640b9d1e58 https://git.kernel.org/stable/c/38e921616320d159336b0ffadb09e9fb4945c7c3 https://git.kernel.org/stable/c/9cac69912052a4def571fedf1cb9bb4ec • CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-26839 – IB/hfi1: Fix a memleak in init_credit_return
https://notcve.org/view.php?id=CVE-2024-26839
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be never freed and a memleak is triggered. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: IB/hfi1: corrige una fuga de mem en init_credit_return Cuando dma_alloc_coherent no puede asignar dd->cr_base[i].va, init_credit_return debería desasignar dd->cr_base y dd->cr_base[i]. ] el asignado antes. O esos recursos nunca se liberarían y se desencadenaría una fuga de memoria. • https://git.kernel.org/stable/c/7724105686e718ac476a6ad3304fea2fbcfcffde https://git.kernel.org/stable/c/2e4f9f20b32658ef3724aa46f7aef4908d2609e3 https://git.kernel.org/stable/c/cecfb90cf71d91e9efebd68b9e9b84661b277cc8 https://git.kernel.org/stable/c/3fa240bb6b2dbb3e7a3ee1440a4889cbb6207eb7 https://git.kernel.org/stable/c/52de5805c147137205662af89ed7e083d656ae25 https://git.kernel.org/stable/c/f0d857ce31a6bc7a82afcdbadb8f7417d482604b https://git.kernel.org/stable/c/b41d0ade0398007fb746213f09903d52a920e896 https://git.kernel.org/stable/c/8412c86e89cc78d8b513cb25cf2157a2a •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-26835 – netfilter: nf_tables: set dormant flag on hook register failure
https://notcve.org/view.php?id=CVE-2024-26835
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: establece el indicador inactivo en caso de error en el registro del enlace. Necesitamos configurar el indicador inactivo nuevamente si no logramos registrar los enlaces. Durante la presión de la memoria, el registro de ganchos puede fallar y terminamos con una tabla marcada como activa pero sin ganchos registrados. Al eliminar la tabla/cadena base, nf_tables intentará cancelar el registro del gancho nuevamente, lo que genera un símbolo de advertencia desde el núcleo de nftables. • https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87 https://git.kernel.org/stable/c/d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 https://git.kernel.org/stable/c/179d9ba5559a756f4322583388b3213fe4e391b0 https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3 https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376 https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-26833 – drm/amd/display: Fix memory leak in dm_sw_fini()
https://notcve.org/view.php?id=CVE-2024-26833
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it is not freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024): comm "(udev-worker)", pid 222, jiffies 4294894636 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 6265fd77): [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340 [<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu] [<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu] [<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu] [<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90 [<ffffffff996918a3>] pci_device_probe+0xc3/0x230 [<ffffffff99805872>] really_probe+0xe2/0x480 [<ffffffff99805c98>] __driver_probe_device+0x78/0x160 [<ffffffff99805daf>] driver_probe_device+0x1f/0x90 [<ffffffff9980601e>] __driver_attach+0xce/0x1c0 [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0 [<ffffffff99804822>] bus_add_driver+0x112/0x210 [<ffffffff99807245>] driver_register+0x55/0x100 [<ffffffff990012d1>] do_one_initcall+0x41/0x300 Fix this by freeing dmub_srv after destroying it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige la pérdida de memoria en dm_sw_fini() Después de destruir dmub_srv, la memoria asociada a él no se libera, lo que provoca una pérdida de memoria: objeto sin referencia 0xffff896302b45800 (tamaño 1024) : comm "(udev-worker)", pid 222, sjiffies 4294894636 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........... ..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc 6265fd77): [] kmalloc_trace+ 0x29d/0x340 [] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [] dm_sw_init+0x15/0x2b0 [amdgpu] [] 1417/0x24e0 [amdgpu] [] amdgpu_driver_load_kms+0x15 /0x190 [amdgpu] [] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [] local_pci_probe+0x3e/0x90 [] pci_device_probe+0xc3/0x230 [ ] realmente_probe+0xe2/0x480 [< ffffffff99805c98>] __driver_probe_device+0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xce/0x1c0 [] v+0x70/0xc0 [] bus_add_driver+0x112/0x210 [< ffffffff99807245>] driver_register+0x55/0x100 [] do_one_initcall+0x41/0x300 Solucione este problema liberando dmub_srv después de destruirlo. • https://git.kernel.org/stable/c/743b9786b14ae0d7d13b3782dccad158e577e9bb https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857 https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30 https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2 https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3 https://lists.debian.org/debian-lts-announce/2024/06/ •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-26830 – i40e: Do not allow untrusted VF to remove administratively set MAC
https://notcve.org/view.php?id=CVE-2024-26830
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VF to remove administratively set MAC Currently when PF administratively sets VF's MAC address and the VF is put down (VF tries to delete all MACs) then the MAC is removed from MAC filters and primary VF MAC is zeroed. Do not allow untrusted VF to remove primary MAC when it was set administratively by PF. Reproducer: 1) Create VF 2) Set VF interface up 3) Administratively set the VF's MAC 4) Put VF interface down [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs [root@host ~]# ip link set enp2s0f0v0 up [root@host ~]# ip link set enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off [root@host ~]# ip link set enp2s0f0v0 down [root@host ~]# ip link show enp2s0f0 23: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, spoof checking on, link-state auto, trust off En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: i40e: No permitir que VF que no es de confianza elimine la MAC configurada administrativamente. Actualmente, cuando PF configura administrativamente la dirección MAC de VF y el VF se desactiva (VF intenta eliminar todas las MAC), entonces la MAC se eliminado de los filtros MAC y el MAC VF primario se pone a cero. No permita que VF que no es de confianza elimine la MAC principal cuando PF la configuró administrativamente. Reproductor: 1) Crear VF 2) Configurar la interfaz VF 3) Configurar administrativamente la MAC del VF 4) Colocar la interfaz VF [root@host ~]# echo 1 > /sys/class/net/enp2s0f0/device/sriov_numvfs [root@ host ~]# enlace ip establecido enp2s0f0v0 up [root@host ~]# enlace ip establecido enp2s0f0 vf 0 mac fe:6c:b5:da:c7:7d [root@host ~]# enlace ip show enp2s0f0 23: enp2s0f0: < BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq estado Modo UP DEFAULT grupo predeterminado qlen 1000 enlace/ether 3c:ec:ef:b7:dd:04 brd ff:ff:ff:ff:ff:ff vf 0 enlace/ ether fe:6c:b5:da:c7:7d brd ff:ff:ff:ff:ff:ff, verificación de suplantación de identidad activada, estado de enlace automático, confianza desactivada [root@host ~]# enlace IP configurado enp2s0f0v0 inactivo [raíz @host ~]# ip link show enp2s0f0 23: enp2s0f0: mtu 1500 qdisc mq state Modo UP DEFAULT grupo predeterminado qlen 1000 link/ether 3c:ec:ef:b7:dd:04 brd ff :ff:ff:ff:ff:ff vf 0 enlace/éter 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff, verificación de suplantación de identidad activada, estado de enlace automático, confianza desactivada • https://git.kernel.org/stable/c/700bbf6c1f9e4ab055528d5ab4ac5815fe4a6c1b https://git.kernel.org/stable/c/1c981792e4ccbc134b468797acdd7781959e6893 https://git.kernel.org/stable/c/be147926140ac48022c9605d7ab0a67387e4b404 https://git.kernel.org/stable/c/d250a81ba813a93563be68072c563aa1e346346d https://git.kernel.org/stable/c/73d9629e1c8c1982f13688c4d1019c3994647ccc •