CVE-2022-48670 – peci: cpu: Fix use-after-free in adev_release()
https://notcve.org/view.php?id=CVE-2022-48670
In the Linux kernel, the following vulnerability has been resolved: peci: cpu: Fix use-after-free in adev_release() When auxiliary_device_add() returns an error, auxiliary_device_uninit() is called, which causes refcount for device to be decremented and .release callback will be triggered. Because adev_release() re-calls auxiliary_device_uninit(), it will cause use-after-free: [ 1269.455172] WARNING: CPU: 0 PID: 14267 at lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [ 1269.464007] refcount_t: underflow; use-after-free. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: peci: cpu: corrige use-after-free en adev_release() Cuando auxiliar_device_add() devuelve un error, se llama a auxiliar_device_uninit(), lo que hace que se disminuya el recuento del dispositivo y . Se activará la devolución de llamada de liberación. Debido a que adev_release() vuelve a llamar a auxiliar_device_uninit(), provocará use-after-free: [1269.455172] ADVERTENCIA: CPU: 0 PID: 14267 en lib/refcount.c:28 refcount_warn_saturate+0x110/0x15 [1269.464007] refcount_t: underflow ; use-after-free. • https://git.kernel.org/stable/c/c87f1f99e26ea4ae08cabe753ae98e5626bdba89 https://git.kernel.org/stable/c/1c11289b34ab67ed080bbe0f1855c4938362d9cf • CWE-416: Use After Free •
CVE-2024-27389 – pstore: inode: Only d_invalidate() is needed
https://notcve.org/view.php?id=CVE-2024-27389
In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the combo of d_drop()/dput() (as mentioned in Documentation/filesystems/vfs.rst) isn't the right approach here, and leads to the reference counting problem seen above. Use d_invalidate() and update the code to not bother checking for error codes that can never happen. --- En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pstore: inode: solo se necesita d_invalidate(). La descarga de un backend modular de pstore con registros en pstorefs activaría la advertencia de doble caída de dput(): ADVERTENCIA: CPU: 0 PID: 2569 en fs/dcache.c:762 dput.part.0+0x3f3/0x410 Usar la combinación de d_drop()/dput() (como se menciona en Documentation/filesystems/vfs.rst) no es el enfoque correcto aquí, y conduce al problema de recuento de referencias visto anteriormente. Utilice d_invalidate() y actualice el código para no molestarse en buscar códigos de error que nunca sucederán. • https://git.kernel.org/stable/c/609e28bb139e53621521130f0d4aea27a725d465 https://git.kernel.org/stable/c/db6e5e16f1ee9e3b01d2f71c7f0ba945f4bf0f4e https://git.kernel.org/stable/c/4cdf9006fc095af71da80e9b5f48a32e991b9ed3 https://git.kernel.org/stable/c/cb9e802e49c24eeb3af35e9e8c04d526f35f112a https://git.kernel.org/stable/c/340682ed1932b8e3bd0bfc6c31a0c6354eb57cc6 https://git.kernel.org/stable/c/a43e0fc5e9134a46515de2f2f8d4100b74e50de3 https://access.redhat.com/security/cve/CVE-2024-27389 https://bugzilla.redhat.com/show_bug.cgi?id=2278532 •
CVE-2024-27388 – SUNRPC: fix some memleaks in gssx_dec_option_array
https://notcve.org/view.php?id=CVE-2024-27388
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: SUNRPC: corrige algunas fugas de mem en gssx_dec_option_array Los creds y oa->data deben liberarse en las rutas de manejo de errores después de su asignación. Entonces este parche agrega estas desasignaciones en las rutas correspondientes. A flaw was found in the auth_rpcgss module in the Linux kernel. • https://git.kernel.org/stable/c/1d658336b05f8697d6445834f8867f8ad5e4f735 https://git.kernel.org/stable/c/b97c37978ca825557d331c9012e0c1ddc0e42364 https://git.kernel.org/stable/c/bfa9d86d39a0fe4685f90c3529aa9bd62a9d97a8 https://git.kernel.org/stable/c/bb336cd8d5ecb69c430ebe3e7bcff68471d93fa8 https://git.kernel.org/stable/c/dd292e884c649f9b1c18af0ec75ca90b390cd044 https://git.kernel.org/stable/c/934212a623cbab851848b6de377eb476718c3e4c https://git.kernel.org/stable/c/5e6013ae2c8d420faea553d363935f65badd32c3 https://git.kernel.org/stable/c/9806c2393cd2ab0a8e7bb9ffae02ce20e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2024-27078 – media: v4l2-tpg: fix some memleaks in tpg_alloc
https://notcve.org/view.php?id=CVE-2024-27078
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleaks because tpg_free is called only when tpg_alloc return 0. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medio: v4l2-tpg: corrige algunas fugas de memoria en tpg_alloc En tpg_alloc, los recursos deben desasignarse en todas y cada una de las rutas de manejo de errores, ya que se asignan en declaraciones for. De lo contrario, habría memleaks porque se llama a tpg_free solo cuando tpg_alloc devuelve 0. • https://git.kernel.org/stable/c/63881df94d3ecbb0deafa0b77da62ff2f32961c4 https://git.kernel.org/stable/c/0de691ff547d86dd54c24b40a81f9c925df8dd77 https://git.kernel.org/stable/c/8269ab16415f2065cd792c49b0475543936cbd79 https://git.kernel.org/stable/c/94303a06e1852a366e9671fff46d19459f88cb28 https://git.kernel.org/stable/c/770a57922ce36a8476c43f7400b6501c554ea511 https://git.kernel.org/stable/c/6bf5c2fade8ed53b2d26fa9875e5b04f36c7145d https://git.kernel.org/stable/c/4c86c772fef06f5d7a66151bac42366825db0941 https://git.kernel.org/stable/c/31096da07933598da8522c54bd007376f •
CVE-2024-27077 – media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
https://notcve.org/view.php?id=CVE-2024-27077
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity->name. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: medio: v4l2-mem2mem: corrige una fuga de mem en v4l2_m2m_register_entity La entidad->nombre (es decir, nombre) se asigna en v4l2_m2m_register_entity pero no se libera en las siguientes rutas de manejo de errores. Este parche agrega dicha desasignación para evitar la fuga de memoria de entidad->nombre. • https://git.kernel.org/stable/c/be2fff656322e82f215730839063c2c2ca73d14b https://git.kernel.org/stable/c/3dd8abb0ed0e0a7c66d6d677c86ccb188cc39333 https://git.kernel.org/stable/c/0175f2d34c85744f9ad6554f696cf0afb5bd04e4 https://git.kernel.org/stable/c/afd2a82fe300032f63f8be5d6cd6981e75f8bbf2 https://git.kernel.org/stable/c/dc866b69cc51af9b8509b4731b8ce2a4950cd0ef https://git.kernel.org/stable/c/0c9550b032de48d6a7fa6a4ddc09699d64d9300d https://git.kernel.org/stable/c/90029b9c979b60de5cb2b70ade4bbf61d561bc5d https://git.kernel.org/stable/c/5dc319cc3c4f7b74f7dfba349aa26f87e •