CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36915 – nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
https://notcve.org/view.php?id=CVE-2024-36915
In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies syzbot reported unsafe calls to copy_from_sockptr() [1] Use copy_safe_from_sockptr() instead. [1] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_from_sockptr include/linux/sockptr.h:55 [inline] BUG: KASAN: slab-out-of-bounds in nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Read of size 4 at addr ffff88801caa1ec3 by task syz-executor459/5078 CPU: 0 PID: 5078 Comm: syz-executor459 Not tainted 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] copy_from_sockptr include/linux/sockptr.h:55 [inline] nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 do_sock_setsockopt+0x3b1/0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [inline] __se_sys_setsockopt net/socket.c:2340 [inline] __x64_sys_setsockopt+0xb5/0xd0 net/socket.c:2340 do_syscall_64+0xfd/0x240 entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f7fac07fd89 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660eb788 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89 RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004 RBP: 0000000000000000 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 En el kernel de Linux, se resolvió la siguiente vulnerabilidad: nfc: llcp: corrige nfc_llcp_setsockopt() copias inseguras syzbot informó llamadas inseguras a copy_from_sockptr() [1] Utilice copy_safe_from_sockptr() en su lugar. [1] ERROR: KASAN: losa fuera de los límites en copy_from_sockptr_offset include/linux/sockptr.h:49 [en línea] ERROR: KASAN: losa fuera de los límites en copy_from_sockptr include/linux/sockptr.h:55 [en línea] ERROR: KASAN: losa fuera de los límites en nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 Lectura de tamaño 4 en la dirección ffff88801caa1ec3 por tarea syz-executor459/5078 CPU: 0 PID: 5078 Comm : syz-executor459 No contaminado 6.8.0-syzkaller-08951-gfe46a7dd189e #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 27/03/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en línea] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 print_address_description mm/kasan/report.c:377 [en línea] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan /report.c:601 copy_from_sockptr_offset include/linux/sockptr.h:49 [en línea] copy_from_sockptr include/linux/sockptr.h:55 [en línea] nfc_llcp_setsockopt+0x6c2/0x850 net/nfc/llcp_sock.c:255 do_sock_setsockopt+0x3b 1/ 0x720 net/socket.c:2311 __sys_setsockopt+0x1ae/0x250 net/socket.c:2334 __do_sys_setsockopt net/socket.c:2343 [en línea] __se_sys_setsockopt net/socket.c:2340 [en línea] xb5/0xd0 red/zócalo .c:2340 do_syscall_64+0xfd/0x240 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 RIP: 0033:0x7f7fac07fd89 Código: 28 00 00 00 75 05 48 83 c4 28 c3 e8 91 18 00 00 0 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fff660eb788 EFLAGS: 000246 ORIG_RAX: 0000000000000036 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007f7fac07fd89 RDX: 0000000000000000 RSI: 0000000000000118 RDI: 0000000000000004 RBP: 000000000 0000000 R08: 0000000000000002 R09: 0000000000000000 R10: 0000000020000a80 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000 000000000 R14: 0000000000000000 R15: 0000000000000000 • https://git.kernel.org/stable/c/0f106133203021533cb753e80d75896f4ad222f8 https://git.kernel.org/stable/c/29dc0ea979d433dd3c26abc8fa971550bdc05107 https://git.kernel.org/stable/c/7a87441c9651ba37842f4809224aca13a554a26f •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36914 – drm/amd/display: Skip on writeback when it's not applicable
https://notcve.org/view.php?id=CVE-2024-36914
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip on writeback when it's not applicable [WHY] dynamic memory safety error detector (KASAN) catches and generates error messages "BUG: KASAN: slab-out-of-bounds" as writeback connector does not support certain features which are not initialized. [HOW] Skip them when connector type is DRM_MODE_CONNECTOR_WRITEBACK. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: omitir la reescritura cuando no sea aplicable [POR QUÉ] el detector de errores de seguridad de memoria dinámica (KASAN) detecta y genera mensajes de error "ERROR: KASAN: slab-out- of-bounds" como conector de reescritura no admite ciertas funciones que no están inicializadas. • https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7 https://git.kernel.org/stable/c/e9baa7110e9f3756bd5a812af376c288d9be894d https://git.kernel.org/stable/c/ecedd99a9369fb5cde601ae9abd58bca2739f1ae •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36913 – Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails
https://notcve.org/view.php?id=CVE-2024-36913
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Controladores: hv: vmbus: páginas de fuga si falla set_memory_encrypted() En máquinas virtuales CoCo, es posible que el host que no es de confianza provoque que set_memory_encrypted() o set_memory_decrypted() falle de manera que se produzca un error se devuelve y la memoria resultante se comparte. • https://git.kernel.org/stable/c/6123a4e8e25bd40cf44db14694abac00e6b664e6 https://git.kernel.org/stable/c/e813a0fc2e597146e9cebea61ced9c796d4e308f https://git.kernel.org/stable/c/03f5a999adba062456c8c818a683beb1b498983a • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-36912 – Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl
https://notcve.org/view.php?id=CVE-2024-36912
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Controladores: hv: vmbus: Seguimiento del estado descifrado en vmbus_gpadl En máquinas virtuales CoCo, es posible que el host que no es de confianza provoque que set_memory_encrypted() o set_memory_decrypted() falle de manera que se devuelva un error y la memoria resultante se comparte. • https://git.kernel.org/stable/c/1999644d95194d4a58d3e80ad04ce19220a01a81 https://git.kernel.org/stable/c/8e62341f5c45b27519b7d193bcc32ada416ad9d8 https://git.kernel.org/stable/c/bfae56be077ba14311509e70706a13458f87ea99 https://git.kernel.org/stable/c/211f514ebf1ef5de37b1cf6df9d28a56cfd242ca • CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-36911 – hv_netvsc: Don't free decrypted memory
https://notcve.org/view.php?id=CVE-2024-36911
In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Don't free decrypted memory In CoCo VMs it is possible for the untrusted host to cause set_memory_encrypted() or set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hv_netvsc: no liberar memoria descifrada. • https://git.kernel.org/stable/c/a56fe611326332bf6b7126e5559590c57dcebad4 https://git.kernel.org/stable/c/4aaed9dbe8acd2b6114458f0498a617283d6275b https://git.kernel.org/stable/c/bbf9ac34677b57506a13682b31a2a718934c0e31 •