CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26946 – kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address
https://notcve.org/view.php?id=CVE-2024-26946
In the Linux kernel, the following vulnerability has been resolved: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address Read from an unsafe address with copy_from_kernel_nofault() in arch_adjust_kprobe_addr() because this function is used before checking the address is in text or not. Syzcaller bot found a bug and reported the case if user specifies inaccessible data area, arch_adjust_kprobe_addr() will cause a kernel panic. [ mingo: Clarified the comment. ] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kprobes/x86: use copy_from_kernel_nofault() para leer desde una dirección no segura Lea desde una dirección no segura con copy_from_kernel_nofault() en arch_adjust_kprobe_addr() porque esta función se usa antes de verificar que la dirección esté en texto O no. El bot Syzcaller encontró un error e informó el caso si el usuario especifica un área de datos inaccesible, arch_adjust_kprobe_addr() provocará un pánico en el kernel. [ mingo: Aclaró el comentario. ] An unsafe read function was found in arch/x86/kernel/kprobes/core.c in the Linux kernel . • https://git.kernel.org/stable/c/cc66bb91457827f62e2b6cb2518666820f0a6c48 https://git.kernel.org/stable/c/6417684315087904fffe8966d27ca74398c57dd6 https://git.kernel.org/stable/c/f13edd1871d4fb4ab829aff629d47914e251bae3 https://git.kernel.org/stable/c/20fdb21eabaeb8f78f8f701f56d14ea0836ec861 https://git.kernel.org/stable/c/b69f577308f1070004cafac106dd1a44099e5483 https://git.kernel.org/stable/c/4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b https://access.redhat.com/security/cve/CVE-2024-26946 https://bugzilla.redhat.com/show_bug.cgi?id=2278206 •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26945 – crypto: iaa - Fix nr_cpus < nr_iaa case
https://notcve.org/view.php?id=CVE-2024-26945
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix nr_cpus < nr_iaa case If nr_cpus < nr_iaa, the calculated cpus_per_iaa will be 0, which causes a divide-by-0 in rebalance_wq_table(). Make sure cpus_per_iaa is 1 in that case, and also in the nr_iaa == 0 case, even though cpus_per_iaa is never used if nr_iaa == 0, for paranoia. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: crypto: iaa - Corrige el caso nr_cpus < nr_iaa Si nr_cpus < nr_iaa, el cpus_per_iaa calculado será 0, lo que provoca una división por 0 en rebalance_wq_table(). Asegúrese de que cpus_per_iaa sea 1 en ese caso, y también en el caso de nr_iaa == 0, aunque cpus_per_iaa nunca se use si nr_iaa == 0, para paranoia. • https://git.kernel.org/stable/c/a5ca1be7f9817de4e93085778b3ee2219bdc2664 https://git.kernel.org/stable/c/5a7e89d3315d1be86aff8a8bf849023cda6547f7 • CWE-369: Divide By Zero •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26944 – btrfs: zoned: fix use-after-free in do_zone_finish()
https://notcve.org/view.php?id=CVE-2024-26944
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free in do_zone_finish() Shinichiro reported the following use-after-free triggered by the device replace operation in fstests btrfs/070. BTRFS info (device nullb1): scrub: finished on devid 1 with status: 0 ================================================================== BUG: KASAN: slab-use-after-free in do_zone_finish+0x91a/0xb90 [btrfs] Read of size 8 at addr ffff8881543c8060 by task btrfs-cleaner/3494007 CPU: 0 PID: 3494007 Comm: btrfs-cleaner Tainted: G W 6.8.0-rc5-kts #1 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Call Trace: <TASK> dump_stack_lvl+0x5b/0x90 print_report+0xcf/0x670 ? __virt_addr_valid+0x200/0x3e0 kasan_report+0xd8/0x110 ? do_zone_finish+0x91a/0xb90 [btrfs] ? do_zone_finish+0x91a/0xb90 [btrfs] do_zone_finish+0x91a/0xb90 [btrfs] btrfs_delete_unused_bgs+0x5e1/0x1750 [btrfs] ? __pfx_btrfs_delete_unused_bgs+0x10/0x10 [btrfs] ? • https://git.kernel.org/stable/c/34ca809e055eca5cfe63d9c7efbf80b7c21b4e57 https://git.kernel.org/stable/c/1ec17ef59168a1a6f1105f5dc517f783839a5302 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-26943 – nouveau/dmem: handle kcalloc() allocation failure
https://notcve.org/view.php?id=CVE-2024-26943
In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: handle kcalloc() allocation failure The kcalloc() in nouveau_dmem_evict_chunk() will return null if the physical memory has run out. As a result, if we dereference src_pfns, dst_pfns or dma_addrs, the null pointer dereference bugs will happen. Moreover, the GPU is going away. If the kcalloc() fails, we could not evict all pages mapping a chunk. So this patch adds a __GFP_NOFAIL flag in kcalloc(). Finally, as there is no need to have physically contiguous memory, this patch switches kcalloc() to kvcalloc() in order to avoid failing allocations. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nouveau/dmem: maneja el error de asignación de kcalloc() El kcalloc() en nouveau_dmem_evict_chunk() devolverá nulo si la memoria física se ha agotado. • https://git.kernel.org/stable/c/249881232e1471d28b68f9a3829acc14d150cf5d https://git.kernel.org/stable/c/9acfd8b083a0ffbd387566800d89f55058a68af2 https://git.kernel.org/stable/c/2a84744a037b8a511d6a9055f3defddc28ff4a4d https://git.kernel.org/stable/c/5e81773757a95fc298e96cfd6d4700f07b6192a2 https://git.kernel.org/stable/c/3e82f7383e0b82a835e6b6b06a348b2bc4e2c2ee https://git.kernel.org/stable/c/16e87fe23d4af6df920406494ced5c0f4354567b •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-26942 – net: phy: qcom: at803x: fix kernel panic with at8031_probe
https://notcve.org/view.php?id=CVE-2024-26942
In the Linux kernel, the following vulnerability has been resolved: net: phy: qcom: at803x: fix kernel panic with at8031_probe On reworking and splitting the at803x driver, in splitting function of at803x PHYs it was added a NULL dereference bug where priv is referenced before it's actually allocated and then is tried to write to for the is_1000basex and is_fiber variables in the case of at8031, writing on the wrong address. Fix this by correctly setting priv local variable only after at803x_probe is called and actually allocates priv in the phydev struct. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: phy: qcom: at803x: corrige el pánico del kernel con at8031_probe Al reelaborar y dividir el controlador at803x, en la función de división de los PHY de at803x se agregó un error de desreferencia NULL donde se hace referencia a priv antes de que realmente se asigne y luego se intenta escribir para las variables is_1000basex e is_fiber en el caso de at8031, escribiendo en la dirección incorrecta. Solucione este problema configurando correctamente la variable local priv solo después de llamar a at803x_probe y realmente asignar priv en la estructura phydev. • https://git.kernel.org/stable/c/25d2ba94005fac18fe68878cddff59a67e115554 https://git.kernel.org/stable/c/a8a296ad9957b845b89bcf48be1cf8c74875ecc3 https://git.kernel.org/stable/c/6a4aee277740d04ac0fd54cfa17cc28261932ddc • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-476: NULL Pointer Dereference •