CVE-2024-35790 – usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
https://notcve.org/view.php?id=CVE-2024-35790
In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by deferencing dp->hpd in hpd_show or dp->lock in pin_assignment_show, as dev_get_drvdata() returns NULL in those cases. Remove manual sysfs node creation in favor of adding attribute group as default for devices bound to the driver. The ATTRIBUTE_GROUPS() macro is not used here otherwise the path to the sysfs nodes is no longer compliant with the ABI. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: usb: typec: altmodes/displayport: cree nodos sysfs como grupo de atributos de dispositivo predeterminado del controlador Los nodos sysfs del controlador DisplayPort pueden estar presentes en el espacio de usuario antes de que typec_altmode_set_drvdata() se complete en dp_altmode_probe. Esto significa que una lectura de sysfs puede desencadenar un error de puntero NULL al hacer una diferencia entre dp->hpd en hpd_show o dp->lock en pin_assignment_show, ya que dev_get_drvdata() devuelve NULL en esos casos. • https://git.kernel.org/stable/c/0e3bb7d6894d9b6e67d6382bb03a46a1dc989588 https://git.kernel.org/stable/c/4a22aeac24d0d5f26ba741408e8b5a4be6dc5dc0 https://git.kernel.org/stable/c/0ad011776c057ce881b7fd6d8c79ecd459c087e9 https://git.kernel.org/stable/c/165376f6b23e9a779850e750fb2eb06622e5a531 https://access.redhat.com/security/cve/CVE-2024-35790 https://bugzilla.redhat.com/show_bug.cgi?id=2281054 •
CVE-2024-35789 – wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes
https://notcve.org/view.php?id=CVE-2024-35789
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes When moving a station out of a VLAN and deleting the VLAN afterwards, the fast_rx entry still holds a pointer to the VLAN's netdev, which can cause use-after-free bugs. Fix this by immediately calling ieee80211_check_fast_rx after the VLAN change. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: comprobar/borrar fast rx para cambios de VLAN que no sean 4addr sta Al mover una estación fuera de una VLAN y eliminar la VLAN después, la entrada fast_rx todavía contiene un puntero a netdev de la VLAN, lo que puede causar errores de uso después de la liberación. Solucione este problema llamando inmediatamente a ieee80211_check_fast_rx después del cambio de VLAN. • https://git.kernel.org/stable/c/ea9a0cfc07a7d3601cc680718d9cff0d6927a921 https://git.kernel.org/stable/c/be1dd9254fc115321d6fbee042026d42afc8d931 https://git.kernel.org/stable/c/e8b067c4058c0121ac8ca71559df8e2e08ff1a7e https://git.kernel.org/stable/c/c8bddbd91bc8e42c961a5e2cec20ab879f21100f https://git.kernel.org/stable/c/7eeabcea79b67cc29563e6a9a5c81f9e2c664d5b https://git.kernel.org/stable/c/6b948b54c8bd620725e0c906e44b10c0b13087a7 https://git.kernel.org/stable/c/2884a50f52313a7a911de3afcad065ddbb3d78fc https://git.kernel.org/stable/c/e8678551c0243f799b4859448781cbec1 •
CVE-2024-35787 – md/md-bitmap: fix incorrect usage for sb_index
https://notcve.org/view.php?id=CVE-2024-35787
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix incorrect usage for sb_index Commit d7038f951828 ("md-bitmap: don't use ->index for pages backing the bitmap file") removed page->index from bitmap code, but left wrong code logic for clustered-md. current code never set slot offset for cluster nodes, will sometimes cause crash in clustered env. Call trace (partly): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6b0/0x1c08 [raid1] md_handle_request+0x1dc/0x368 [md_mod] md_submit_bio+0x80/0xf8 [md_mod] __submit_bio+0x178/0x300 submit_bio_noacct_nocheck+0x11c/0x338 submit_bio_noacct+0x134/0x614 submit_bio+0x28/0xdc submit_bh_wbc+0x130/0x1cc submit_bh+0x1c/0x28 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: md/md-bitmap: corrige el uso incorrecto de sb_index Commit d7038f951828 ("md-bitmap: no usar ->índice para páginas que respaldan el archivo de mapa de bits") página eliminada-> índice del código de mapa de bits, pero dejó una lógica de código incorrecta para clustered-md. El código actual nunca establece el desplazamiento de ranura para los nodos del clúster, a veces causa fallos en el entorno del clúster. Rastreo de llamadas (parcialmente): md_bitmap_file_set_bit+0x110/0x1d8 [md_mod] md_bitmap_startwrite+0x13c/0x240 [md_mod] raid1_make_request+0x6b0/0x1c08 [raid1] md_handle_request+0x1dc/0x368 [md_submit_bio+0x8 0/0xf8 [md_mod] __submit_bio+0x178/ 0x300 enviar_bio_noacct_nocheck+0x11c/0x338 enviar_bio_noacct+0x134/0x614 enviar_bio+0x28/0xdc enviar_bh_wbc+0x130/0x1cc enviar_bh+0x1c/0x28 • https://git.kernel.org/stable/c/d7038f951828da19fa9aafddfa087b69032c9687 https://git.kernel.org/stable/c/736ad6c577a367834118f57417038d45bb5e0a31 https://git.kernel.org/stable/c/55e55eb65fd5e09faf5a0e49ffcdd37905aaf4da https://git.kernel.org/stable/c/5a95815b17428ce2f56ec18da5e0d1b2a1a15240 https://git.kernel.org/stable/c/ecbd8ebb51bf7e4939d83b9e6022a55cac44ef06 •
CVE-2024-35786 – drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf
https://notcve.org/view.php?id=CVE-2024-35786
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix stale locked mutex in nouveau_gem_ioctl_pushbuf If VM_BIND is enabled on the client the legacy submission ioctl can't be used, however if a client tries to do so regardless it will return an error. In this case the clients mutex remained unlocked leading to a deadlock inside nouveau_drm_postclose or any other nouveau ioctl call. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/nouveau: corrige el mutex bloqueado obsoleto en nouveau_gem_ioctl_pushbuf. Si VM_BIND está habilitado en el cliente, el ioctl de envío heredado no se puede usar; sin embargo, si un cliente intenta hacerlo independientemente, lo hará. devolver un error. En este caso, el mutex del cliente permaneció desbloqueado, lo que provocó un punto muerto dentro de nouveau_drm_postclose o cualquier otra llamada nouveau ioctl. • https://git.kernel.org/stable/c/b88baab828713ce0b49b185444b2ee83bed373a8 https://git.kernel.org/stable/c/c288a61a48ddb77ec097e11ab81b81027cd4e197 https://git.kernel.org/stable/c/b466416bdd6ecbde15ce987226ea633a0268fbb1 https://git.kernel.org/stable/c/daf8739c3322a762ce84f240f50e0c39181a41ab •
CVE-2024-35785 – tee: optee: Fix kernel panic caused by incorrect error handling
https://notcve.org/view.php?id=CVE-2024-35785
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix kernel panic caused by incorrect error handling The error path while failing to register devices on the TEE bus has a bug leading to kernel panic as follows: [ 15.398930] Unable to handle kernel paging request at virtual address ffff07ed00626d7c [ 15.406913] Mem abort info: [ 15.409722] ESR = 0x0000000096000005 [ 15.413490] EC = 0x25: DABT (current EL), IL = 32 bits [ 15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = 0 [ 15.425031] FSC = 0x05: level 1 translation fault [ 15.429922] Data abort info: [ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 15.438310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 15.448697] swapper pgtable: 4k pages, 48-bit VAs, pgdp=00000000d9e3e000 [ 15.455413] [ffff07ed00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000 [ 15.464146] Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP Commit 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration") lead to the introduction of this bug. So fix it appropriately. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tee: optee: corrige el pánico del kernel causado por un manejo incorrecto de errores. La ruta de error al no poder registrar dispositivos en el bus TEE tiene un error que provoca el pánico del kernel de la siguiente manera: [15.398930] No se puede para manejar la solicitud de paginación del kernel en la dirección virtual ffff07ed00626d7c [15.406913] Información de cancelación de memoria: [15.409722] ESR = 0x0000000096000005 [15.413490] EC = 0x25: DABT (EL actual), IL = 32 bits [15.418814] SET = 0, FnV = 0 [ 15.421878] EA = 0, S1PTW = 0 [ 15.425031] FSC = 0x05: error de traducción de nivel 1 [ 15.429922] Información de cancelación de datos: [ 15.432813] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000 [ 15.438 310] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [15.443372] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [15.448697] tabla de intercambio: páginas de 4k, VA de 48 bits, pgdp=00000000d9e3e000 [15.455413] 00626d7c] pgd=1800000bffdf9003, p4d=1800000bffdf9003, pud=0000000000000000 [15.464146] Error interno: Ups: 0000000096000005 [#1] PREEMPT SMP Commit 7269cba53d90 ("tee opt: ee: Reparar la enumeración de dispositivos basada en solicitantes") conducen a la introducción de este error. Así que arréglalo apropiadamente. • https://git.kernel.org/stable/c/a953e45ebeae9a5ce342c012f7eb2a92cc8af89b https://git.kernel.org/stable/c/01c13d8a95e0909f0081d6e3e8a891761992371b https://git.kernel.org/stable/c/1c9561b438cbe61e78515fc7b16dc7fb8cf0b763 https://git.kernel.org/stable/c/d3c4786b01aad8c377718f92d6d9b15906ee0a2a https://git.kernel.org/stable/c/7269cba53d906cf257c139d3b3a53ad272176bca https://git.kernel.org/stable/c/bc40ded92af55760d12bec8222d4108de725dbe4 https://git.kernel.org/stable/c/4b12ff5edd141926d49c9ace4791adf3a4902fe7 https://git.kernel.org/stable/c/e5b5948c769aa1ebf962dddfb972f87d8 •