CVE-2024-26836 – platform/x86: think-lmi: Fix password opcode ordering for workstations
https://notcve.org/view.php?id=CVE-2024-26836
In the Linux kernel, the following vulnerability has been resolved: platform/x86: think-lmi: Fix password opcode ordering for workstations The Lenovo workstations require the password opcode to be run before the attribute value is changed (if Admin password is enabled). Tested on some Thinkpads to confirm they are OK with this order too. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: plataforma/x86: think-lmi: corrige el orden del código de operación de contraseña para las estaciones de trabajo Las estaciones de trabajo Lenovo requieren que se ejecute el código de operación de la contraseña antes de cambiar el valor del atributo (si la contraseña de administrador está habilitada). Probado en algunos Thinkpads para confirmar que también están de acuerdo con este pedido. • https://git.kernel.org/stable/c/640a5fa50a42b99bfa2a0ec51b4ea9591d9bd055 https://git.kernel.org/stable/c/2deb10a99671afda30f834e95e5b992a805bba6a https://git.kernel.org/stable/c/2bfbe1e0aed00ba51d58573c79452fada3f62ed4 https://git.kernel.org/stable/c/6f7d0f5fd8e440c3446560100ac4ff9a55eec340 •
CVE-2024-26835 – netfilter: nf_tables: set dormant flag on hook register failure
https://notcve.org/view.php?id=CVE-2024-26835
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf_tables will attempt to unregister the hook again which yields a warn splat from the nftables core. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_tables: establece el indicador inactivo en caso de error en el registro del enlace. Necesitamos configurar el indicador inactivo nuevamente si no logramos registrar los enlaces. Durante la presión de la memoria, el registro de ganchos puede fallar y terminamos con una tabla marcada como activa pero sin ganchos registrados. Al eliminar la tabla/cadena base, nf_tables intentará cancelar el registro del gancho nuevamente, lo que genera un símbolo de advertencia desde el núcleo de nftables. • https://git.kernel.org/stable/c/e10f661adc556c4969c70ddaddf238bffdaf1e87 https://git.kernel.org/stable/c/d9c4da8cb74e8ee6e58a064a3573aa37acf6c935 https://git.kernel.org/stable/c/179d9ba5559a756f4322583388b3213fe4e391b0 https://git.kernel.org/stable/c/ae4360cbd385f0d7a8a86d5723e50448cc6318f3 https://git.kernel.org/stable/c/31ea574aeca1aa488e18716459bde057217637af https://git.kernel.org/stable/c/664264a5c55bf97a9c571c557d477b75416199be https://git.kernel.org/stable/c/0c9302a6da262e6ab6a6c1d30f04a6130ed97376 https://git.kernel.org/stable/c/f2135bbf14949687e96cabb13d8a91ae3 • CWE-459: Incomplete Cleanup •
CVE-2024-26833 – drm/amd/display: Fix memory leak in dm_sw_fini()
https://notcve.org/view.php?id=CVE-2024-26833
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it is not freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024): comm "(udev-worker)", pid 222, jiffies 4294894636 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc 6265fd77): [<ffffffff993495ed>] kmalloc_trace+0x29d/0x340 [<ffffffffc0ea4a94>] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [<ffffffffc0ea4e55>] dm_sw_init+0x15/0x2b0 [amdgpu] [<ffffffffc0ba8557>] amdgpu_device_init+0x1417/0x24e0 [amdgpu] [<ffffffffc0bab285>] amdgpu_driver_load_kms+0x15/0x190 [amdgpu] [<ffffffffc0ba09c7>] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [<ffffffff9968fd1e>] local_pci_probe+0x3e/0x90 [<ffffffff996918a3>] pci_device_probe+0xc3/0x230 [<ffffffff99805872>] really_probe+0xe2/0x480 [<ffffffff99805c98>] __driver_probe_device+0x78/0x160 [<ffffffff99805daf>] driver_probe_device+0x1f/0x90 [<ffffffff9980601e>] __driver_attach+0xce/0x1c0 [<ffffffff99803170>] bus_for_each_dev+0x70/0xc0 [<ffffffff99804822>] bus_add_driver+0x112/0x210 [<ffffffff99807245>] driver_register+0x55/0x100 [<ffffffff990012d1>] do_one_initcall+0x41/0x300 Fix this by freeing dmub_srv after destroying it. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige la pérdida de memoria en dm_sw_fini() Después de destruir dmub_srv, la memoria asociada a él no se libera, lo que provoca una pérdida de memoria: objeto sin referencia 0xffff896302b45800 (tamaño 1024) : comm "(udev-worker)", pid 222, sjiffies 4294894636 volcado hexadecimal (primeros 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........... ..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ retroceso (crc 6265fd77): [] kmalloc_trace+ 0x29d/0x340 [] dm_dmub_sw_init+0xb4/0x450 [amdgpu] [] dm_sw_init+0x15/0x2b0 [amdgpu] [] 1417/0x24e0 [amdgpu] [] amdgpu_driver_load_kms+0x15 /0x190 [amdgpu] [] amdgpu_pci_probe+0x187/0x4e0 [amdgpu] [] local_pci_probe+0x3e/0x90 [] pci_device_probe+0xc3/0x230 [ ] realmente_probe+0xe2/0x480 [< ffffffff99805c98>] __driver_probe_device+0x78/0x160 [] driver_probe_device+0x1f/0x90 [] __driver_attach+0xce/0x1c0 [] v+0x70/0xc0 [] bus_add_driver+0x112/0x210 [< ffffffff99807245>] driver_register+0x55/0x100 [] do_one_initcall+0x41/0x300 Solucione este problema liberando dmub_srv después de destruirlo. • https://git.kernel.org/stable/c/743b9786b14ae0d7d13b3782dccad158e577e9bb https://git.kernel.org/stable/c/b49b022f7dfce85eb77d0d987008fde5c01d7857 https://git.kernel.org/stable/c/33f649f1b1cea39ed360e6c12bba4fac83118e6e https://git.kernel.org/stable/c/58168005337eabef345a872be3f87d0215ff3b30 https://git.kernel.org/stable/c/10c6b90e975358c17856a578419dc449887899c2 https://git.kernel.org/stable/c/541e79265ea7e339a7c4a462feafe9f8f996e04b https://git.kernel.org/stable/c/bae67893578d608e35691dcdfa90c4957debf1d3 https://lists.debian.org/debian-lts-announce/2024/06/ •
CVE-2024-26832 – mm: zswap: fix missing folio cleanup in writeback race path
https://notcve.org/view.php?id=CVE-2024-26832
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not invalidated and recycled. If it was, we delete the folio we just added to the swap cache and exit. However, __read_swap_cache_async() returns the folio locked when it is newly allocated, which is always true for this path, and the folio is ref'd. Make sure to unlock and put the folio before returning. This was discovered by code inspection, probably because this path handles a race condition that should not happen often, and the bug would not crash the system, it will only strand the folio indefinitely. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: mm: zswap: corrige la limpieza de folio faltante en la ruta de carrera de escritura diferida En zswap_writeback_entry(), después de obtener un folio de __read_swap_cache_async(), tomamos el bloqueo del árbol nuevamente para verificar que el intercambio la entrada no fue invalidada y reciclada. Si así fuera, eliminamos la publicación que acabamos de agregar al caché de intercambio y salimos. • https://git.kernel.org/stable/c/2cab13f500a6333bd2b853783ac76be9e4956f8a https://git.kernel.org/stable/c/04fc7816089c5a32c29a04ec94b998e219dfb946 https://git.kernel.org/stable/c/ba700ea13bf0105a4773c654f7d3bef8adb64ab2 https://git.kernel.org/stable/c/14f1992430ef9e647b02aa8ca12c5bcb9a1dffea https://git.kernel.org/stable/c/6156277d1b26cb3fdb6fcbf0686ab78268571644 https://git.kernel.org/stable/c/e2891c763aa2cff74dd6b5e978411ccf0cf94abe https://git.kernel.org/stable/c/e3b63e966cac0bf78aaa1efede1827a252815a1d •
CVE-2024-26829 – media: ir_toy: fix a memleak in irtoy_tx
https://notcve.org/view.php?id=CVE-2024-26829
In the Linux kernel, the following vulnerability has been resolved: media: ir_toy: fix a memleak in irtoy_tx When irtoy_command fails, buf should be freed since it is allocated by irtoy_tx, or there is a memleak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: ir_toy: corrige una fuga de mem en irtoy_tx Cuando falla irtoy_command, se debe liberar buf ya que está asignado por irtoy_tx, o hay una fuga de mem. • https://git.kernel.org/stable/c/4114978dcd24e72415276bba60ff4ff355970bbc https://git.kernel.org/stable/c/a4ac45aff8d38c64104aec21c6529747d94ae75a https://git.kernel.org/stable/c/486a4176bc783df798bce2903824801af8d2c3ae https://git.kernel.org/stable/c/207557e393a135c1b6fe1df7cc0741d2c1789fff https://git.kernel.org/stable/c/be76ad74a43f90f340f9f479e6b04f02125f6aef https://git.kernel.org/stable/c/7219a692ffc00089015ada33b85b334d1a4b6e8e https://git.kernel.org/stable/c/b37259448bbc70af1d0e52a9dd5559a9c29c9621 https://git.kernel.org/stable/c/dc9ceb90c4b42c6e5c6757df1d6257110 •