CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2024-44971 – net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
https://notcve.org/view.php?id=CVE-2024-44971
In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct device * to increment the refcount. The current implementation does not decrement the refcount, which causes memory leak. This commit adds the missing phy_device_free() call to decrement the refcount via put_device() to balance the refcount. • https://git.kernel.org/stable/c/771089c2a485958e423f305e974303760167b45c https://git.kernel.org/stable/c/b7b8d9f5e679af60c94251fd6728dde34be69a71 https://git.kernel.org/stable/c/c05516c072903f6fb9134b8e7e1ad4bffcdc4819 https://git.kernel.org/stable/c/7feef10768ea71d468d9bbc1e0d14c461876768c https://git.kernel.org/stable/c/a7d2808d67570e6acae45c2a96e0d59986888e4c https://git.kernel.org/stable/c/f3d5efe18a11f94150fee8b3fda9d62079af640a https://git.kernel.org/stable/c/e3862093ee93fcfbdadcb7957f5f8974fffa806a •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44970 – net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink
https://notcve.org/view.php?id=CVE-2024-44970
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink When all the strides in a WQE have been consumed, the WQE is unlinked from the WQ linked list (mlx5_wq_ll_pop()). For SHAMPO, it is possible to receive CQEs with 0 consumed strides for the same WQE even after the WQE is fully consumed and unlinked. This triggers an additional unlink for the same wqe which corrupts the linked list. Fix this scenario by accepting 0 sized consumed strides without unlinking the WQE again. • https://git.kernel.org/stable/c/7b379353e9144e1f7460ff15f39862012c9d0d78 https://git.kernel.org/stable/c/650e24748e1e0a7ff91d5c72b72a2f2a452b5b76 https://git.kernel.org/stable/c/50d8009a0ac02c3311b23a0066511f8337bd88d9 https://git.kernel.org/stable/c/fba8334721e266f92079632598e46e5f89082f30 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-44969 – s390/sclp: Prevent release of buffer in I/O
https://notcve.org/view.php?id=CVE-2024-44969
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Prevent release of buffer in I/O When a task waiting for completion of a Store Data operation is interrupted, an attempt is made to halt this operation. If this attempt fails due to a hardware or firmware problem, there is a chance that the SCLP facility might store data into buffers referenced by the original operation at a later time. Handle this situation by not releasing the referenced data buffers if the halt attempt fails. For current use cases, this might result in a leak of few pages of memory in case of a rare hardware/firmware malfunction. • https://git.kernel.org/stable/c/7a7e60ed23d471a07dbbe72565d2992ee8244bbe https://git.kernel.org/stable/c/1ec5ea9e25f582fd6999393e2f2c3bf56f234e05 https://git.kernel.org/stable/c/a3e52a4c22c846858a6875e1c280030a3849e148 https://git.kernel.org/stable/c/a88a49473c94ccfd8dce1e766aacf3c627278463 https://git.kernel.org/stable/c/46f67233b011385d53cf14d272431755de3a7c79 https://git.kernel.org/stable/c/1e8b7fb427af6b2ddd54eff66a6b428a81c96633 https://git.kernel.org/stable/c/2429ea3b4330e3653b72b210a0d5f2a717359506 https://git.kernel.org/stable/c/bf365071ea92b9579d5a272679b74052a •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-44968 – tick/broadcast: Move per CPU pointer access into the atomic section
https://notcve.org/view.php?id=CVE-2024-44968
In the Linux kernel, the following vulnerability has been resolved: tick/broadcast: Move per CPU pointer access into the atomic section The recent fix for making the take over of the broadcast timer more reliable retrieves a per CPU pointer in preemptible context. This went unnoticed as compilers hoist the access into the non-preemptible region where the pointer is actually used. But of course it's valid that the compiler keeps it at the place where the code puts it which rightfully triggers: BUG: using smp_processor_id() in preemptible [00000000] code: caller is hotplug_cpu__broadcast_tick_pull+0x1c/0xc0 Move it to the actual usage site which is in a non-preemptible region. • https://git.kernel.org/stable/c/408bfb6b0a7f22e971ce6b600aec448769e580a8 https://git.kernel.org/stable/c/3a58c590f6bd1d20eb1e76c5cea31c36cc032339 https://git.kernel.org/stable/c/2cdab4b4bf77369961f706cdeb7d040db10c5217 https://git.kernel.org/stable/c/7b3ec186ba93e333e9efe7254e7e31c1828e5d2d https://git.kernel.org/stable/c/b9d604933d5fd72dd37f24e1dc35f778297d745a https://git.kernel.org/stable/c/7dd12f85f150010ef7518201c63fa7e395f5c3e9 https://git.kernel.org/stable/c/f54abf332a2bc0413cfa8bd6a8511f7aa99faea0 https://git.kernel.org/stable/c/f91fb47ecacc178a83a77eeebd25cbaec •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-44967 – drm/mgag200: Bind I2C lifetime to DRM device
https://notcve.org/view.php?id=CVE-2024-44967
In the Linux kernel, the following vulnerability has been resolved: drm/mgag200: Bind I2C lifetime to DRM device Managed cleanup with devm_add_action_or_reset() will release the I2C adapter when the underlying Linux device goes away. But the connector still refers to it, so this cleanup leaves behind a stale pointer in struct drm_connector.ddc. Bind the lifetime of the I2C adapter to the connector's lifetime by using DRM's managed release. When the DRM device goes away (after the Linux device) DRM will first clean up the connector and then clean up the I2C adapter. • https://git.kernel.org/stable/c/b279df242972ae816a75cf1cc732af836f999100 https://git.kernel.org/stable/c/55a6916db77102765b22855d3a0add4751988b7c https://git.kernel.org/stable/c/81d34df843620e902dd04aa9205c875833d61c17 https://git.kernel.org/stable/c/9d96b91e03cba9dfcb4ac370c93af4dbc47d5191 https://git.kernel.org/stable/c/eb1ae34e48a09b7a1179c579aed042b032e408f4 •