CVE-2024-27051 – cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
https://notcve.org/view.php?id=CVE-2024-27051
In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center (linuxtesting.org) with SVACE. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: cpufreq: brcmstb-avs-cpufreq: agregar verificación para el valor de retorno de cpufreq_cpu_get cpufreq_cpu_get puede devolver NULL. Para evitar la desreferencia NULL, verifíquelo y devuelva 0 en caso de error. Encontrado por el Centro de verificación de Linux (linuxtesting.org) con SVACE. • https://git.kernel.org/stable/c/de322e085995b9417582d6f72229dadb5c09d163 https://git.kernel.org/stable/c/9127599c075caff234359950117018a010dd01db https://git.kernel.org/stable/c/d951cf510fb0df91d3abac0121a59ebbc63c0567 https://git.kernel.org/stable/c/e72160cb6e23b78b41999d6885a34ce8db536095 https://git.kernel.org/stable/c/b25b64a241d769e932a022e5c780cf135ef56035 https://git.kernel.org/stable/c/74b84d0d71180330efe67c82f973a87f828323e5 https://git.kernel.org/stable/c/e6e3e51ffba0784782b1a076d7441605697ea3c6 https://git.kernel.org/stable/c/f661017e6d326ee187db24194cabb013d •
CVE-2024-27050 – libbpf: Use OPTS_SET() macro in bpf_xdp_query()
https://notcve.org/view.php?id=CVE-2024-27050
In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing out of bounds. The patch adding the feature_flags field has an early bail out if the feature_flags field is not part of the opts struct (via the OPTS_HAS) macro, but the patch adding xdp_zc_max_segs does not. For consistency, this fix just changes the assignments to both fields to use the OPTS_SET() macro. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: libbpf: use la macro OPTS_SET() en bpf_xdp_query() Cuando los campos feature_flags y xdp_zc_max_segs se agregaron a libbpf bpf_xdp_query_opts, el código que los escribió no usó la macro OPTS_SET(). Esto hace que libbpf escriba en esos campos incondicionalmente, lo que significa que los programas compilados con una versión anterior de libbpf (con un tamaño más pequeño de la estructura bpf_xdp_query_opts) tendrán su pila dañada por la escritura de libbpf fuera de los límites. El parche que agrega el campo feature_flags tiene un rescate anticipado si el campo feature_flags no es parte de la estructura opts (a través de la macro OPTS_HAS), pero el parche que agrega xdp_zc_max_segs no lo hace. • https://git.kernel.org/stable/c/13ce2daa259a3bfbc9a5aeeee8b9a87058703731 https://git.kernel.org/stable/c/fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c https://git.kernel.org/stable/c/682ddd62abd4bdcee7584246903e7a2df005fe0d https://git.kernel.org/stable/c/cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e https://git.kernel.org/stable/c/92a871ab9fa59a74d013bc04f321026a057618e7 • CWE-787: Out-of-bounds Write •
CVE-2024-27048 – wifi: brcm80211: handle pmk_op allocation failure
https://notcve.org/view.php?id=CVE-2024-27048
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcm80211: maneja el error de asignación de pmk_op El kzalloc() en brcmf_pmksa_v3_op() devolverá nulo si la memoria física se ha agotado. Como resultado, si eliminamos la referencia del valor nulo, se producirá el error de desreferencia del puntero nulo. Devuelve -ENOMEM de brcmf_pmksa_v3_op() si kzalloc() falla para pmk_op. • https://git.kernel.org/stable/c/a96202acaea47fa8377088e0952bb63bd02a3bab https://git.kernel.org/stable/c/df62e22c2e27420e8990a4f09e30d7bf56c2036f https://git.kernel.org/stable/c/9975908315c13bae2f2ed5ba92870fa935180b0e https://git.kernel.org/stable/c/6138a82f3bccfc67ed7ac059493579fc326c02e5 https://git.kernel.org/stable/c/b4152222e04cb8afeeca239c90e3fcaf4c553b42 https://access.redhat.com/security/cve/CVE-2024-27048 https://bugzilla.redhat.com/show_bug.cgi?id=2278431 •
CVE-2024-27047 – net: phy: fix phy_get_internal_delay accessing an empty array
https://notcve.org/view.php?id=CVE-2024-27047
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test should be delay >= 0. As there is already delay < 0 test just before, the test could only be size == 0. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:phy: fix phy_get_internal_delay accediendo a un array vacío La función phy_get_internal_delay podría intentar acceder a un array vacío en el caso de que el driver esté llamando a phy_get_internal_delay sin definir delay_values y rx-internal- delay-ps o tx-internal-delay-ps se define en 0 en el árbol de dispositivos. Esto provocará que "no se pueda manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0". • https://git.kernel.org/stable/c/92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8 https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563 https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523 •
CVE-2024-27046 – nfp: flower: handle acti_netdevs allocation failure
https://notcve.org/view.php?id=CVE-2024-27046
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfp: flor: manejar el error de asignación de acti_netdevs El kmalloc_array() en nfp_fl_lag_do_work() devolverá nulo, si la memoria física se ha agotado. Como resultado, si eliminamos la referencia a acti_netdevs, se producirán errores de desreferencia del puntero nulo. Este parche agrega una verificación para juzgar si se produce una falla en la asignación. • https://git.kernel.org/stable/c/bb9a8d031140f186d13d82f57b0f5646d596652f https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5 https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3 https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642 https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181c •