CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2024-56741 – apparmor: test: Fix memory leak for aa_unpack_strdup()
https://notcve.org/view.php?id=CVE-2024-56741
In the Linux kernel, the following vulnerability has been resolved: apparmor: test: Fix memory leak for aa_unpack_strdup() The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it. unreferenced object 0xffffff80c6af8a50 (size 8): comm "kunit_try_catch", pid 225, jiffies 4294894407 hex dump (first 8 bytes): 74 65 73 74 69 6e 67 00 testing. backtrace (crc 5eab668b): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0 [<000000006870467c>] kmemdup_noprof+0x34/0x60 [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c [<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80c2a29090 (size 8): comm "kunit_try_catch", pid 227, jiffies 4294894409 hex dump (first 8 bytes): 74 65 73 74 69 6e 67 00 testing. backtrace (crc 5eab668b): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0 [<000000006870467c>] kmemdup_noprof+0x34/0x60 [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c [<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4 [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 • https://git.kernel.org/stable/c/4d944bcd4e731ab7bfe8d01a7041ea0ebdc090f1 https://git.kernel.org/stable/c/f856246ff6da25c4f8fdd73a9c875e878b085e9f https://git.kernel.org/stable/c/5354599855a9b5568e05ce686119ee3ff8b19bd5 https://git.kernel.org/stable/c/89265f88701e54dde255ddf862093baeca57548c https://git.kernel.org/stable/c/2a9b68f2dc6812bd1b8880b5c00e60203d6f61f6 https://git.kernel.org/stable/c/59a149e7c38e7b76616c8b333fc6aa5b6fb2293c https://git.kernel.org/stable/c/d62ee5739a66644b0e7f11e657d562458cdcdea3 https://git.kernel.org/stable/c/7290f59231910ccba427d441a6e8b8c6f •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-56740 – nfs/localio: must clear res.replen in nfs_local_read_done
https://notcve.org/view.php?id=CVE-2024-56740
In the Linux kernel, the following vulnerability has been resolved: nfs/localio: must clear res.replen in nfs_local_read_done Otherwise memory corruption can occur due to NFSv3 LOCALIO reads leaving garbage in res.replen: - nfs3_read_done() copies that into server->read_hdrsize; from there nfs3_proc_read_setup() copies it to args.replen in new requests. - nfs3_xdr_enc_read3args() passes that to rpc_prepare_reply_pages() which includes it in hdrsize for xdr_init_pages, so that rq_rcv_buf contains a ridiculous len. - This is copied to rq_private_buf and xs_read_stream_request() eventually passes the kvec to sock_recvmsg() which receives incoming data into entirely the wrong place. This is easily reproduced with NFSv3 LOCALIO that is servicing reads when it is made to pivot back to using normal RPC. This switch back to using normal NFSv3 with RPC can occur for a few reasons but this issue was exposed with a test that stops and then restarts the NFSv3 server while LOCALIO is performing heavy read IO. • https://git.kernel.org/stable/c/70ba381e1a431245c137ed597ec6a05991c79bd9 https://git.kernel.org/stable/c/de5dac261eeab99762bbdf7c20cee5d26ef4462e https://git.kernel.org/stable/c/650703bc4ed3edf841e851c99ab8e7ba9e5262a3 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2024-56739 – rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
https://notcve.org/view.php?id=CVE-2024-56739
In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup. • https://git.kernel.org/stable/c/6610e0893b8bc6f59b14fed7f089c5997f035f88 https://git.kernel.org/stable/c/39ad0a1ae17b54509cd9e93dcd8cec16e7c12d3f https://git.kernel.org/stable/c/44b3257ff705d63d5f00ef8ed314a0eeb7ec37f2 https://git.kernel.org/stable/c/0d68e8514d9040108ff7d1b37ca71096674b6efe https://git.kernel.org/stable/c/246f621d363988e7040f4546d20203dc713fa3e1 https://git.kernel.org/stable/c/fde56535505dde3336df438e949ef4742b6d6d6e https://git.kernel.org/stable/c/dd4b1cbcc916fad5d10c2662b62def9f05e453d4 https://git.kernel.org/stable/c/a1f0b4af90cc18b10261ecde56c6a56b2 •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2024-56730 – net/9p/usbg: fix handling of the failed kzalloc() memory allocation
https://notcve.org/view.php?id=CVE-2024-56730
In the Linux kernel, the following vulnerability has been resolved: net/9p/usbg: fix handling of the failed kzalloc() memory allocation On the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the following error report: ./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns NULL not ERR_PTR on failure kzalloc() failure is fixed to handle the NULL return case on the memory exhaustion. • https://git.kernel.org/stable/c/a3be076dc174d9022a71a12554feb4c97b5c4d5c https://git.kernel.org/stable/c/2cdb416de8b5795fd25fadcb69e1198b6df6d8cc https://git.kernel.org/stable/c/ff1060813d9347e8c45c8b8cff93a4dfdb6726ad •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2024-56729 – smb: Initialize cfid->tcon before performing network ops
https://notcve.org/view.php?id=CVE-2024-56729
In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid->tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cached_dir_lease_break() and then fail to release the ref in cached_dir_offload_close, since cfid->tcon is still NULL. • https://git.kernel.org/stable/c/ebe98f1447bbccf8228335c62d86af02a0ed23f7 https://git.kernel.org/stable/c/625e2357c8fcfae6e66dcc667dc656fe390bab15 https://git.kernel.org/stable/c/4b216c8f9c7d84ef7de33ca60b97e08e03ef3292 https://git.kernel.org/stable/c/1b9ab6b648f89441c8a13cb3fd8ca83ffebc5262 https://git.kernel.org/stable/c/c353ee4fb119a2582d0e011f66a76a38f5cf984d •