CVE-2024-47672 – wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
https://notcve.org/view.php?id=CVE-2024-47672
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead There is a WARNING in iwl_trans_wait_tx_queues_empty() (that was recently converted from just a message), that can be hit if we wait for TX queues to become empty after firmware died. Clearly, we can't expect anything from the firmware after it's declared dead. Don't call iwl_trans_wait_tx_queues_empty() in this case. While it could be a good idea to stop the flow earlier, the flush functions do some maintenance work that is not related to the firmware, so keep that part of the code running even when the firmware is not running. [edit commit message] • https://git.kernel.org/stable/c/ad2fcc2daa203a6ad491f00e9ae3b7867e8fe0f3 https://git.kernel.org/stable/c/16c1e5d5228f26f120e12e6ca55c59c3a5e6dece https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244 https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669 https://git.kernel.org/stable/c/1b0cd832c9607f41f84053b818e0b7908510a3b9 https://git.kernel.org/stable/c/4d0a900ec470d392476c428875dbf053f8a0ae5e https://git.kernel.org/stable/c/7188b7a72320367554b76d8f298417b070b05dd3 https://git.kernel.org/stable/c/3a84454f5204718ca5b4ad2c1f0bf2031 •
CVE-2024-47670 – ocfs2: add bounds checking to ocfs2_xattr_find_entry()
https://notcve.org/view.php?id=CVE-2024-47670
In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_xattr_find_entry() Add a paranoia check to make sure it doesn't stray beyond valid memory region containing ocfs2 xattr entries when scanning for a match. It will prevent out-of-bound access in case of crafted images. • https://git.kernel.org/stable/c/b49a786beb11ff740cb9e0c20b999c2a0e1729c2 https://git.kernel.org/stable/c/60c0d36189bad58b1a8e69af8781d90009559ea1 https://git.kernel.org/stable/c/34759b7e4493d7337cbc414c132cef378c492a2c https://git.kernel.org/stable/c/5bbe51eaf01a5dd6fb3f0dea81791e5dbc6dc6dd https://git.kernel.org/stable/c/9b32539590a8e6400ac2f6e7cf9cbb8e08711a2f https://git.kernel.org/stable/c/1f6e167d6753fe3ea493cdc7f7de8d03147a4d39 https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77 https://git.kernel.org/stable/c/9e3041fecdc8f78a5900c3aa51d3d756e •
CVE-2024-47669 – nilfs2: fix state management in error path of log writing function
https://notcve.org/view.php?id=CVE-2024-47669
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 ("nilfs2: separate wait function from nilfs_segctor_write") was applied, the log writing function nilfs_segctor_do_construct() was able to issue I/O requests continuously even if user data blocks were split into multiple logs across segments, but two potential flaws were introduced in its error handling. First, if nilfs_segctor_begin_construction() fails while creating the second or subsequent logs, the log writing function returns without calling nilfs_segctor_abort_construction(), so the writeback flag set on pages/folios will remain uncleared. This causes page cache operations to hang waiting for the writeback flag. For example, truncate_inode_pages_final(), which is called via nilfs_evict_inode() when an inode is evicted from memory, will hang. Second, the NILFS_I_COLLECTED flag set on normal inodes remain uncleared. As a result, if the next log write involves checkpoint creation, that's fine, but if a partial log write is performed that does not, inodes with NILFS_I_COLLECTED set are erroneously removed from the "sc_dirty_files" list, and their data and b-tree blocks may not be written to the device, corrupting the block mapping. Fix these issues by uniformly calling nilfs_segctor_abort_construction() on failure of each step in the loop in nilfs_segctor_do_construct(), having it clean up logs and segment usages according to progress, and correcting the conditions for calling nilfs_redirty_inodes() to ensure that the NILFS_I_COLLECTED flag is cleared. • https://git.kernel.org/stable/c/a694291a6211537189c6080f77f63cdabfc9b63e https://git.kernel.org/stable/c/40a2757de2c376ef8a08d9ee9c81e77f3c750adf https://git.kernel.org/stable/c/036441e8438b29111fa75008f0ce305fb4e83c0a https://git.kernel.org/stable/c/efdde00d4a1ef10bb71e09ebc67823a3d3ad725b https://git.kernel.org/stable/c/3e349d7191f0688fc9808ef24fd4e4b4ef5ca876 https://git.kernel.org/stable/c/30562eff4a6dd35c4b5be9699ef61ad9f5f20a06 https://git.kernel.org/stable/c/0a1a961bde4351dc047ffdeb2f1311ca16a700cc https://git.kernel.org/stable/c/74866c16ea2183f52925fa5d76061a1fe •
CVE-2024-47668 – lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()
https://notcve.org/view.php?id=CVE-2024-47668
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll still have a preallocated node that might be used later. If we then use that node for a new non-root node, it'll still have a pointer to the old root instead of being zeroed - fix this by zeroing it in the cmpxchg failure path. • https://git.kernel.org/stable/c/0f27f4f445390cb7f73d4209cb2bf32834dc53da https://git.kernel.org/stable/c/99418ec776a39609f50934720419e0b464ca2283 https://git.kernel.org/stable/c/ad5ee9feebc2eb8cfc76ed74a2d6e55343b0e169 https://git.kernel.org/stable/c/ebeff038744c498a036e7a92eb8e433ae0a386d7 https://git.kernel.org/stable/c/d942e855324a60107025c116245095632476613e https://git.kernel.org/stable/c/0f078f8ca93b28a34e20bd050f12cd4efeee7c0f https://git.kernel.org/stable/c/b2f11c6f3e1fc60742673b8675c95b78447f3dae https://access.redhat.com/security/cve/CVE-2024-47668 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2024-47667 – PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)
https://notcve.org/view.php?id=CVE-2024-47667
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an inbound PCIe TLP spans more than two internal AXI 128-byte bursts, the bus may corrupt the packet payload and the corrupt data may cause associated applications or the processor to hang. The workaround for Errata #i2037 is to limit the maximum read request size and maximum payload size to 128 bytes. Add workaround for Errata #i2037 here. The errata and workaround is applicable only to AM65x SR 1.0 and later versions of the silicon will have this fixed. [1] -> https://www.ti.com/lit/er/sprz452i/sprz452i.pdf • https://git.kernel.org/stable/c/cfb006e185f64edbbdf7869eac352442bc76b8f6 https://git.kernel.org/stable/c/ebbdbbc580c1695dec283d0ba6448729dc993246 https://git.kernel.org/stable/c/135843c351c08df72bdd4b4ebea53c8052a76881 https://git.kernel.org/stable/c/af218c803fe298ddf00abef331aa526b20d7ea61 https://git.kernel.org/stable/c/576d0fb6f8d4bd4695e70eee173a1b9c7bae9572 https://git.kernel.org/stable/c/dd47051c76c8acd8cb983f01b4d1265da29cb66a https://git.kernel.org/stable/c/86f271f22bbb6391410a07e08d6ca3757fda01fa •