CVE-2024-53232 – iommu/s390: Implement blocking domain
https://notcve.org/view.php?id=CVE-2024-53232
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain_nofail() attaching the default domain fails when the platform no longer recognizes the device as it has already been removed and we end up with a NULL domain pointer and UAF. This is exactly the case referred to in the second comment in __iommu_device_set_domain() and just as stated there if we can instead attach the blocking domain the UAF is prevented as this can handle the already removed device. Implement the blocking domain to use this handling. With this change, the crash is fixed but we still hit a warning attempting to change DMA ownership on a blocked device. • https://git.kernel.org/stable/c/c76c067e488ccd55734c3e750799caf2c5956db6 https://git.kernel.org/stable/c/3be34fa1cdbf180c1a948cfededfdf2cdc497199 https://git.kernel.org/stable/c/bd89d94f3ea6fdaee983cbc69226a00b9bde6d59 https://git.kernel.org/stable/c/ecda483339a5151e3ca30d6b82691ef6f1d17912 •
CVE-2024-53231 – cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
https://notcve.org/view.php?id=CVE-2024-53231
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae https://git.kernel.org/stable/c/a357b63fd21e4b2791008c2175ba7a8c235ebce1 https://git.kernel.org/stable/c/e07570a8f2cfc51260c6266cb8e1bd4777a610d6 https://git.kernel.org/stable/c/e9b39f1924b76abc18881e4ce899fb232dd23d12 https://git.kernel.org/stable/c/65fe2f7fdafe2698a343661800434b3f2e51041e https://git.kernel.org/stable/c/a78e7207564258db6e373e86294a85f9d646d35a •
CVE-2024-53230 – cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
https://notcve.org/view.php?id=CVE-2024-53230
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference, so check NULL for cppc_get_cpu_cost(). • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae https://git.kernel.org/stable/c/1975b481f644f8f841d9c188e3c214fce187f18b https://git.kernel.org/stable/c/f05ef81db63889f6f14eb77fd140dac6cedb6f7f https://git.kernel.org/stable/c/afd22d9839359829776abb55cc9bc4946e888704 https://git.kernel.org/stable/c/6be57617a38b3f33266acecdb3c063c1c079aaf7 https://git.kernel.org/stable/c/1a1374bb8c5926674973d849feed500bc61ad535 •
CVE-2024-53229 – RDMA/rxe: Fix the qp flush warnings in req
https://notcve.org/view.php?id=CVE-2024-53229
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. [ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6 [ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65 [ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff <0f> 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24 [ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246 [ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008 [ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac [ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450 [ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800 [ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000 [ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000 [ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0 [ 920.623680] Call Trace: [ 920.623815] <TASK> [ 920.623933] ? __warn+0x79/0xc0 [ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.624356] ? report_bug+0xfb/0x150 [ 920.624594] ? • https://git.kernel.org/stable/c/ae720bdb703b295fed4ded28e14dd06a534a3012 https://git.kernel.org/stable/c/31978d5c5aef034d96fc53b4a9cb3c6e11dbb94d https://git.kernel.org/stable/c/e4f26fae6075f136616d12a369b0ef7f0cf16436 https://git.kernel.org/stable/c/cc341b5d761a8a16693fe406b8127e4378747f85 https://git.kernel.org/stable/c/ea4c990fa9e19ffef0648e40c566b94ba5ab31be •
CVE-2024-53228 – riscv: kvm: Fix out-of-bounds array access
https://notcve.org/view.php?id=CVE-2024-53228
In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the extensions, that special marker is not checked prior indexing the array. Add an out-of-bounds check to the function. • https://git.kernel.org/stable/c/56d8a385b60556019ecb45d6098830c9ef6a13e0 https://git.kernel.org/stable/c/3c49e1084a5df99807fc43dd318c491e6cbaa168 https://git.kernel.org/stable/c/b1af648f0d610665c956ea4604d9f797e5c7e991 https://git.kernel.org/stable/c/332fa4a802b16ccb727199da685294f85f9880cb •