CVE-2024-27025 – nbd: null check for nla_nest_start
https://notcve.org/view.php?id=CVE-2024-27025
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nbd: la comprobación nula de nla_nest_start nla_nest_start() puede fallar y devolver NULL. Inserte una marca y establezca errno según otros sitios de llamadas dentro del mismo código fuente. • https://git.kernel.org/stable/c/47d902b90a32a42a3d33aef3a02170fc6f70aa23 https://git.kernel.org/stable/c/44214d744be32a4769faebba764510888f1eb19e https://git.kernel.org/stable/c/4af837db0fd3679fabc7b7758397090b0c06dced https://git.kernel.org/stable/c/98e60b538e66c90b9a856828c71d4e975ebfa797 https://git.kernel.org/stable/c/96436365e5d80d0106ea785a4f80a58e7c9edff8 https://git.kernel.org/stable/c/b7f5aed55829f376e4f7e5ea5b80ccdcb023e983 https://git.kernel.org/stable/c/e803040b368d046434fbc8a91945c690332c4fcf https://git.kernel.org/stable/c/ba6a9970ce9e284cbc04099361c58731e •
CVE-2024-27024 – net/rds: fix WARNING in rds_conn_connect_if_down
https://notcve.org/view.php?id=CVE-2024-27024
In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/rds: solucione la ADVERTENCIA en rds_conn_connect_if_down Si la conexión aún no se ha establecido, get_mr() fallará, activará la conexión después de get_mr(). • https://git.kernel.org/stable/c/584a8279a44a800dea5a5c1e9d53a002e03016b4 https://git.kernel.org/stable/c/952835ccd917682ebb705f89ff1e56fbf068a1d8 https://git.kernel.org/stable/c/783941bd9f445a37c2854ec0b4cb9f9e603193a7 https://git.kernel.org/stable/c/57d2ce1603101ce3f30d0ccdc35b98af08d2ed88 https://git.kernel.org/stable/c/5ba1957f889f575f2a240eafe543c3fda5aa72e0 https://git.kernel.org/stable/c/786854141057751bc08eb26f1b02e97c1631c8f4 https://git.kernel.org/stable/c/997efea2bf3a4adb96c306b9ad6a91442237bf5b https://git.kernel.org/stable/c/9dfc15a10dfd44f8ff7f27488651cb5be •
CVE-2024-27023 – md: Fix missing release of 'active_io' for flush
https://notcve.org/view.php?id=CVE-2024-27023
In the Linux kernel, the following vulnerability has been resolved: md: Fix missing release of 'active_io' for flush submit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); /* flush io is done first */ md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io is not released if (atomic_dec_and_test(&mddev->flush_pending)) -> missing release of active_io For consequence, mddev_suspend() will wait for 'active_io' to be zero forever. Fix this problem by releasing 'active_io' in submit_flushes() if 'flush_pending' is decreased to zero. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: Se corrigió la versión faltante de 'active_io' para descarga submit_flushes atomic_set(&mddev->flush_pending, 1); rdev_for_each_rcu(rdev, mddev) atomic_inc(&mddev->flush_pending); bi->bi_end_io = md_end_flush submit_bio(bi); /* purgar io se realiza primero */ md_end_flush if (atomic_dec_and_test(&mddev->flush_pending)) percpu_ref_put(&mddev->active_io) -> active_io no se publica si (atomic_dec_and_test(&mddev->flush_pending)) -> falta la versión de active_io para Como consecuencia, mddev_suspend() esperará a que 'active_io' sea cero para siempre. Solucione este problema liberando 'active_io' en submit_flushes() si 'flush_pending' se reduce a cero. • https://git.kernel.org/stable/c/f9f2d957a8ea93c73182aebf7de30935a58c027d https://git.kernel.org/stable/c/530cec617f5a8ba6f26bcbf0d64d75c951d17730 https://git.kernel.org/stable/c/c4c2345214b66e2505a26fd2ea58839dd7a1d48d https://git.kernel.org/stable/c/6b2ff10390b19a2364af622b6666b690443f9f3f https://git.kernel.org/stable/c/02dad157ba11064d073f5499dc33552b227d5d3a https://git.kernel.org/stable/c/11f81438927f84edfaaeb5d5f10856c3a1c1fc82 https://git.kernel.org/stable/c/855678ed8534518e2b428bcbcec695de9ba248e8 https://access.redhat.com/security/cve/CVE-2024-27023 •
CVE-2024-27022 – fork: defer linking file vma until vma is fully initialized
https://notcve.org/view.php?id=CVE-2024-27022
In the Linux kernel, the following vulnerability has been resolved: fork: defer linking file vma until vma is fully initialized Thorvald reported a WARNING [1]. And the root cause is below race: CPU 1 CPU 2 fork hugetlbfs_fallocate dup_mmap hugetlbfs_punch_hole i_mmap_lock_write(mapping); vma_interval_tree_insert_after -- Child vma is visible through i_mmap tree. i_mmap_unlock_write(mapping); hugetlb_dup_vma_private -- Clear vma_lock outside i_mmap_rwsem! i_mmap_lock_write(mapping); hugetlb_vmdelete_list vma_interval_tree_foreach hugetlb_vma_trylock_write -- Vma_lock is cleared. tmp->vm_ops->open -- Alloc new vma_lock outside i_mmap_rwsem! hugetlb_vma_unlock_write -- Vma_lock is assigned!!! i_mmap_unlock_write(mapping); hugetlb_dup_vma_private() and hugetlb_vm_op_open() are called outside i_mmap_rwsem lock while vma lock can be used in the same time. • https://git.kernel.org/stable/c/8d9bfb2608145cf3e408428c224099e1585471af https://git.kernel.org/stable/c/0c42f7e039aba3de6d7dbf92da708e2b2ecba557 https://git.kernel.org/stable/c/04b0c41912349aff11a1bbaef6a722bd7fbb90ac https://git.kernel.org/stable/c/cec11fa2eb512ebe3a459c185f4aca1d44059bbf https://git.kernel.org/stable/c/dd782da470761077f4d1120e191f1a35787cda6e https://git.kernel.org/stable/c/abdb88dd272bbeb93efe01d8e0b7b17e24af3a34 https://git.kernel.org/stable/c/35e351780fa9d8240dd6f7e4f245f9ea37e96c19 https://access.redhat.com/security/cve/CVE-2024-27022 • CWE-908: Use of Uninitialized Resource •
CVE-2024-27020 – netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()
https://notcve.org/view.php?id=CVE-2024-27020
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: netfilter: nf_tables: corrige una posible ejecución de datos en __nft_expr_type_get() nft_unregister_expr() puede concurrente con __nft_expr_type_get(), y no hay ninguna protección cuando se itera sobre la lista nf_tables_expressions en __nft_expr_type_get() . Por lo tanto, existe una posible ejecución de datos en la entrada de la lista nf_tables_expressions. Utilice list_for_each_entry_rcu() para iterar sobre la lista nf_tables_expressions en __nft_expr_type_get() y utilice rcu_read_lock() en el llamador nft_expr_type_get() para proteger todo el proceso de consulta de tipos. • https://git.kernel.org/stable/c/ef1f7df9170dbd875ce198ba84e6ab80f6fc139e https://git.kernel.org/stable/c/939109c0a8e2a006a6cc8209e262d25065f4403a https://git.kernel.org/stable/c/b38a133d37fa421c8447b383d788c9cc6f5cb34c https://git.kernel.org/stable/c/934e66e231cff2b18faa2c8aad0b8cec13957e05 https://git.kernel.org/stable/c/0b6de00206adbbfc6373b3ae38d2a6f197987907 https://git.kernel.org/stable/c/8d56bad42ac4c43c6c72ddd6a654a2628bf839c5 https://git.kernel.org/stable/c/a9ebf340d123ae12582210407f879d6a5a1bc25b https://git.kernel.org/stable/c/01f1a678b05ade4b1248019c2dcca773a • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •