CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36920 – scsi: mpi3mr: Avoid memcpy field-spanning write WARNING
https://notcve.org/view.php?id=CVE-2024-36920
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Avoid memcpy field-spanning write WARNING When the "storcli2 show" command is executed for eHBA-9600, mpi3mr driver prints this WARNING message: memcpy: detected field-spanning write (size 128) of single field "bsg_reply_buf->reply_buf" at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (size 1) WARNING: CPU: 0 PID: 12760 at drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr] The cause of the WARN is 128 bytes memcpy to the 1 byte size array "__u8 replay_buf[1]" in the struct mpi3mr_bsg_in_reply_buf. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: mpi3mr: evitar escritura de extensión de campos de memcpy ADVERTENCIA Cuando se ejecuta el comando "storcli2 show" para eHBA-9600, el controlador mpi3mr imprime este mensaje de ADVERTENCIA: memcpy: extensión de campos detectada escriba (tamaño 128) de un solo campo "bsg_reply_buf->reply_buf" en drivers/scsi/mpi3mr/mpi3mr_app.c:1658 (tamaño 1) ADVERTENCIA: CPU: 0 PID: 12760 en drivers/scsi/mpi3mr/mpi3mr_app.c:1658 mpi3mr_bsg_request+0x6b12/0x7f10 [mpi3mr] La causa de la ADVERTENCIA es 128 bytes de memoria en la matriz de tamaño de 1 byte "__u8 replay_buf[1]" en la estructura mpi3mr_bsg_in_reply_buf. • https://git.kernel.org/stable/c/5f0266044dc611563539705bff0b3e1545fbb6aa https://git.kernel.org/stable/c/f09318244c6cafd10aca741b9c01e0a2c362d43a https://git.kernel.org/stable/c/4d2772324f43cf5674ac3dbe3f74a7e656396716 https://git.kernel.org/stable/c/429846b4b6ce9853e0d803a2357bb2e55083adf0 https://access.redhat.com/security/cve/CVE-2024-36920 https://bugzilla.redhat.com/show_bug.cgi?id=2284515 •
CVSS: 4.4EPSS: 0%CPEs: 8EXPL: 0CVE-2024-36919 – scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload
https://notcve.org/view.php?id=CVE-2024-36919
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. ... set_kthread_struct+0x40/0x40 [ 450.044411] ret_from_fork+0x22/0x30 [ 450.048404] Modules linked in: vfat msdos fat xfs nfs_layout_nfsv41_files rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver dm_service_time qedf qed crc8 bnx2fc libfcoe libfc scsi_transport_fc intel_rapl_msr intel_rapl_common x86_pkg_temp_thermal intel_powerclamp dcdbas rapl intel_cstate intel_uncore mei_me pcspkr mei ipmi_ssif lpc_ich ipmi_si fuse zram ext4 mbcache jbd2 loop nfsv3 nfs_acl nfs lockd grace fscache netfs irdma ice sd_mod t10_pi sg ib_uverbs ib_core 8021q garp mrp stp llc mgag200 i2c_algo_bit drm_kms_helper syscopyarea sysfillrect sysimgblt mxm_wmi fb_sys_fops cec crct10dif_pclmul ahci crc32_pclmul bnx2x drm ghash_clmulni_intel libahci rfkill i40e libata megaraid_sas mdio wmi sunrpc lrw dm_crypt dm_round_robin dm_multipath dm_snapshot dm_bufio dm_mirror dm_region_hash dm_log dm_zero dm_mod linear raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx raid6_pq libcrc32c crc32c_intel raid1 raid0 iscsi_ibft squashfs be2iscsi bnx2i cnic uio cxgb4i cxgb4 tls [ 450.048497] libcxgbi libcxgb qla4xxx iscsi_boot_sysfs iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi edd ipmi_devintf ipmi_msghandler [ 450.159753] ---[ end trace 712de2c57c64abc8 ]--- En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: bnx2fc: elimine spin_lock_bh mientras libera recursos después de la carga. • https://git.kernel.org/stable/c/468f3e3c15076338367b0945b041105b67cf31e3 https://git.kernel.org/stable/c/acd370c1fb86b7302c1cbb354a7c1cd9953768eb https://git.kernel.org/stable/c/ad498539dda0816aadef384ec117bfea304c75c3 https://git.kernel.org/stable/c/93aa5ccc44781bdfef1bf0bc4c2c292d45251312 https://git.kernel.org/stable/c/1150606d47d711d5bfdf329a1a96ed7027085936 https://git.kernel.org/stable/c/c885ab23206b1f1ba0731ffe7c9455c6a91db256 https://git.kernel.org/stable/c/ea50941cd8c9f0b12f38b73d3b1bfeca660dd342 https://git.kernel.org/stable/c/c214ed2a4dda35b308b0b28eed804d7ae • CWE-667: Improper Locking •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36918 – bpf: Check bloom filter map value size
https://notcve.org/view.php?id=CVE-2024-36918
In the Linux kernel, the following vulnerability has been resolved: bpf: Check bloom filter map value size This patch adds a missing check to bloom filter creating, rejecting values above KMALLOC_MAX_SIZE. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf: Verificar el tamaño del valor del mapa del filtro de floración. • https://git.kernel.org/stable/c/fa6995eeb62e74b5a1480c73fb7b420c270784d3 https://git.kernel.org/stable/c/608e13706c8b6c658a0646f09ebced74ec367f7c https://git.kernel.org/stable/c/c418afb9bf23e2f2b76cb819601e4a5d9dbab42d https://git.kernel.org/stable/c/a8d89feba7e54e691ca7c4efc2a6264fa83f3687 •
CVSS: 4.4EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36917 – block: fix overflow in blk_ioctl_discard()
https://notcve.org/view.php?id=CVE-2024-36917
In the Linux kernel, the following vulnerability has been resolved: block: fix overflow in blk_ioctl_discard() There is no check for overflow of 'start + len' in blk_ioctl_discard(). Hung task occurs if submit an discard ioctl with the following param: start = 0x80000000000ff000, len = 0x8000000000fff000; Add the overflow validation now. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bloque: corrige el desbordamiento en blk_ioctl_discard() No hay verificación de desbordamiento de 'start + len' en blk_ioctl_discard(). • https://git.kernel.org/stable/c/8a26198186e97ee5fc4b42fde82629cff8c75cd6 https://git.kernel.org/stable/c/e1d38cde2b7b0fbd1c48082e7a98c37d750af59b https://git.kernel.org/stable/c/507d526a98c355e6f3fb2c47aacad44a69784bee https://git.kernel.org/stable/c/22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 https://git.kernel.org/stable/c/0842ddd83939eb4db940b9af7d39e79722bc41aa https://git.kernel.org/stable/c/6c9915fa9410cbb9bd75ee283c03120046c56d3d https://access.redhat.com/security/cve/CVE-2024-36917 https://bugzilla.redhat.com/show_bug.cgi?id=2284519 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-36916 – blk-iocost: avoid out of bounds shift
https://notcve.org/view.php?id=CVE-2024-36916
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: avoid out of bounds shift UBSAN catches undefined behavior in blk-iocost, where sometimes iocg->delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. [ 186.556576] ------------[ cut here ]------------ UBSAN: shift-out-of-bounds in block/blk-iocost.c:1366:23 shift exponent 64 is too large for 64-bit type 'u64' (aka 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: G S E N 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Hardware name: Quanta Twin Lakes MP/Twin Lakes Passive MP, BIOS F09_3A23 12/08/2020 Call Trace: <IRQ> dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x1f80 __run_timer_base+0x1b6/0x250 ... Avoid that undefined behavior by simply taking the "delay = 0" branch if the shift is too large. I am not sure what the symptoms of an undefined value delay will be, but I suspect it could be more than a little annoying to debug. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk-iocost: evita cambios fuera de los límites UBSAN detecta un comportamiento indefinido en blk-iocost, donde a veces iocg->delay se desplaza hacia la derecha en un número demasiado grande, lo que resulta en un estado indefinido. comportamiento en algunas arquitecturas. [186.556576] ------------[ cortar aquí ]------------ UBSAN: desplazamiento fuera de los límites en block/blk-iocost.c:1366 :23 exponente de desplazamiento 64 es demasiado grande para el tipo de 64 bits 'u64' (también conocido como 'unsigned long long') CPU: 16 PID: 0 Comm: swapper/16 Tainted: GSEN 6.9.0-0_fbk700_debug_rc2_kbuilder_0_gc85af715cac0 #1 Nombre de hardware: Quanta Twin Lakes MP/Twin Lakes MP pasivo, BIOS F09_3A23 08/12/2020 Seguimiento de llamadas: dump_stack_lvl+0x8f/0xe0 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 iocg_kick_delay+0x30b/0x310 ioc_timer_fn+0x2fb/0x 1f80 __run_timer_base+0x1b6/0x250 ... • https://git.kernel.org/stable/c/62accf6c1d7b433752cb3591bba8967b7a801ad5 https://git.kernel.org/stable/c/844fc023e9f14a4fb1de5ae1eaefafd6d69c5fa1 https://git.kernel.org/stable/c/f6add0a6f78dc6360b822ca4b6f9f2f14174c8ca https://git.kernel.org/stable/c/ce0e99cae00e3131872936713b7f55eefd53ab86 https://git.kernel.org/stable/c/488dc6808cb8369685f18cee81e88e7052ac153b https://git.kernel.org/stable/c/beaa51b36012fad5a4d3c18b88a617aea7a9b96d https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html •