CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-38597 – eth: sungem: remove .ndo_poll_controller to avoid deadlocks
https://notcve.org/view.php?id=CVE-2024-38597
In the Linux kernel, the following vulnerability has been resolved: eth: sungem: remove .ndo_poll_controller to avoid deadlocks Erhard reports netpoll warnings from sungem: netpoll_send_skb_on_dev(): eth0 enabled interrupts in poll (gem_start_xmit+0x0/0x398) WARNING: CPU: 1 PID: 1 at net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() disables interrupts, which may sleep. We can't sleep in netpoll, it has interrupts disabled completely. Strangely, gem_poll_controller() doesn't even poll the completions, and instead acts as if an interrupt has fired so it just schedules NAPI and exits. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: eth: sungem: elimine .ndo_poll_controller para evitar interbloqueos Erhard informa advertencias de netpoll desde sungem: netpoll_send_skb_on_dev(): eth0 habilitó interrupciones en la encuesta (gem_start_xmit+0x0/0x398) ADVERTENCIA: CPU: 1 PID: 1 en net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() desactiva las interrupciones, que pueden dormir. • https://git.kernel.org/stable/c/fe09bb619096a0aa139210748ddc668c2dbe2308 https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289 https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6 https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937 https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd69 •
CVSS: 4.7EPSS: 0%CPEs: 9EXPL: 0CVE-2024-38596 – af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg
https://notcve.org/view.php?id=CVE-2024-38596
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. ... entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) value changed: 0x01 -> 0x03 The line numbers are related to commit dd5a440a31fa ("Linux 6.9-rc7"). Commit e1d09c2c2f57 ("af_unix: Fix data races around sk->sk_shutdown.") addressed a comparable issue in the past regarding sk->sk_shutdown. However, it overlooked resolving this particular data path. This patch only offending unix_stream_sendmsg() function, since the other reads seem to be protected by unix_state_lock() as discussed in En el kernel de Linux, se resolvió la siguiente vulnerabilidad: af_unix: corrige ejecucións de datos en unix_release_sock/unix_stream_sendmsg Se identificó una condición de ejecución de datos en af_unix. ... Entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64 .S:130) valor cambiado: 0x01 -> 0x03 Los números de línea están relacionados con el commit dd5a440a31fa ("Linux 6.9-rc7"). • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/fca6072e1a7b1e709ada5604b951513b89b4bd0a https://git.kernel.org/stable/c/de6641d213373fbde9bbdd7c4b552254bc9f82fe https://git.kernel.org/stable/c/4d51845d734a4c5d079e56e0916f936a55e15055 https://git.kernel.org/stable/c/9aa8773abfa0e954136875b4cbf2df4cf638e8a5 https://git.kernel.org/stable/c/8299e4d778f664b31b67cf4cf3d5409de2ecb92c https://git.kernel.org/stable/c/0688d4e499bee3f2749bca27329bd128686230cb https://git.kernel.org/stable/c/a4c88072abcaca593cefe70f90e9d3707 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-38595 – net/mlx5: Fix peer devlink set for SF representor devlink port
https://notcve.org/view.php?id=CVE-2024-38595
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix peer devlink set for SF representor devlink port The cited patch change register devlink flow, and neglect to reflect the changes for peer devlink set logic. ... kthread_complete_and_exit+0x20/0x20 ret_from_fork_asm+0x11/0x20 </TASK> En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: corrige el conjunto de enlaces de desarrollo de pares para el puerto devlink del representante SF. • https://git.kernel.org/stable/c/967caa3d37c078e5b95a32094657e6a4cad145f0 https://git.kernel.org/stable/c/bf729988303a27833a86acb561f42b9a3cc12728 https://git.kernel.org/stable/c/8c91c60858473731bcdaf04fda99fcbcf84420d4 https://git.kernel.org/stable/c/8256c1211dc6fa606269aa043b6e294247820b31 https://git.kernel.org/stable/c/a0501201751034ebe7a22bd9483ed28fea1cd213 https://git.kernel.org/stable/c/05d9d7b66836d87c914f8fdd4b062b78e373458d https://git.kernel.org/stable/c/3c453e8cc672de1f9c662948dba43176bc68d7f0 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-38594 – net: stmmac: move the EST lock to struct stmmac_priv
https://notcve.org/view.php?id=CVE-2024-38594
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: move the EST lock to struct stmmac_priv Reinitialize the whole EST structure would also reset the mutex lock which is embedded in the EST structure, and then trigger the following warning. ... = lock) WARNING: CPU: 3 PID: 505 at kernel/locking/mutex.c:587 __mutex_lock+0xd84/0x1068 Modules linked in: CPU: 3 PID: 505 Comm: tc Not tainted 6.9.0-rc6-00053-g0106679839f7-dirty #29 Hardware name: NXP i.MX8MPlus EVK board (DT) pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __mutex_lock+0xd84/0x1068 lr : __mutex_lock+0xd84/0x1068 sp : ffffffc0864e3570 x29: ffffffc0864e3570 x28: ffffffc0817bdc78 x27: 0000000000000003 x26: ffffff80c54f1808 x25: ffffff80c9164080 x24: ffffffc080d723ac x23: 0000000000000000 x22: 0000000000000002 x21: 0000000000000000 x20: 0000000000000000 x19: ffffffc083bc3000 x18: ffffffffffffffff x17: ffffffc08117b080 x16: 0000000000000002 x15: ffffff80d2d40000 x14: 00000000000002da x13: ffffff80d2d404b8 x12: ffffffc082b5a5c8 x11: ffffffc082bca680 x10: ffffffc082bb2640 x9 : ffffffc082bb2698 x8 : 0000000000017fe8 x7 : c0000000ffffefff x6 : 0000000000000001 x5 : ffffff8178fe0d48 x4 : 0000000000000000 x3 : 0000000000000027 x2 : ffffff8178fe0d50 x1 : 0000000000000000 x0 : 0000000000000000 Call trace: __mutex_lock+0xd84/0x1068 mutex_lock_nested+0x28/0x34 tc_setup_taprio+0x118/0x68c stmmac_setup_tc+0x50/0xf0 taprio_change+0x868/0xc9c En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: stmmac: mover el bloqueo EST a la estructura stmmac_priv Reinicializar toda la estructura EST también restablecería el bloqueo mutex que está incrustado en la estructura EST y luego activaría la siguiente advertencia. • https://git.kernel.org/stable/c/b2aae654a4794ef898ad33a179f341eb610f6b85 https://git.kernel.org/stable/c/b2091d47a14e8e6b3f03d792c1b25255d60b3219 https://git.kernel.org/stable/c/5ce4cc16d47186f0b76254e6f27beea25bafc1d9 https://git.kernel.org/stable/c/b538fefeb1026aad9dcdcbb410c42b56dff8aae9 https://git.kernel.org/stable/c/487f9030b1ef34bab123f2df2a4ccbe01ba84416 https://git.kernel.org/stable/c/6f476aff2d8da1a189621c4c16a76a6c534e4312 https://git.kernel.org/stable/c/36ac9e7f2e5786bd37c5cd91132e1f39c29b8197 •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-38593 – net: micrel: Fix receiving the timestamp in the frame for lan8841
https://notcve.org/view.php?id=CVE-2024-38593
In the Linux kernel, the following vulnerability has been resolved: net: micrel: Fix receiving the timestamp in the frame for lan8841 The blamed commit started to use the ptp workqueue to get the second part of the timestamp. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net: micrel: Se corrigió la recepción de la marca de tiempo en el framework para lan8841. • https://git.kernel.org/stable/c/cc75549548482ed653c23f212544e58cb38ea980 https://git.kernel.org/stable/c/3ddf170e4a604f5d4d9459a36993f5e92b53e8b0 https://git.kernel.org/stable/c/3fd4282d5f25c3c97fef3ef0b89b82ef4e2bc975 https://git.kernel.org/stable/c/64a47cf634ae44e92be24ebc982410841093bd7b https://git.kernel.org/stable/c/aea27a92a41dae14843f92c79e9e42d8f570105c https://access.redhat.com/security/cve/CVE-2024-38593 https://bugzilla.redhat.com/show_bug.cgi?id=2293380 • CWE-457: Use of Uninitialized Variable •