CVE-2024-47737 – nfsd: call cache_put if xdr_reserve_space returns NULL
https://notcve.org/view.php?id=CVE-2024-47737
In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL If not enough buffer space available, but idmap_lookup has triggered lookup_fn which calls cache_get and returns successfully. Then we missed to call cache_put here which pairs with cache_get. Reviwed-by: Jeff Layton <jlayton@kernel.org> • https://git.kernel.org/stable/c/ddd1ea56367202f6c99135cd59de7a97af4c4ffd https://git.kernel.org/stable/c/9f03f0016ff797932551881c7e06ae50e9c39134 https://git.kernel.org/stable/c/9803ab882d565a8fb2dde5999d98866d1c499dfd https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056 https://git.kernel.org/stable/c/a1afbbb5276f943ad7173d0b4c626b8c75a260da https://git.kernel.org/stable/c/e32ee6a61041925d1a05c14d10352dcfce9ef029 https://git.kernel.org/stable/c/8d0765f86135e27f0bb5c950c136495719b4c834 https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c •
CVE-2024-47735 – RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled
https://notcve.org/view.php?id=CVE-2024-47735
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled Fix missuse of spin_lock_irq()/spin_unlock_irq() when spin_lock_irqsave()/spin_lock_irqrestore() was hold. This was discovered through the lock debugging, and the corresponding log is as follows: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 96 PID: 2074 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Call trace: warn_bogus_irq_restore+0x30/0x40 _raw_spin_unlock_irqrestore+0x84/0xc8 add_qp_to_list+0x11c/0x148 [hns_roce_hw_v2] hns_roce_create_qp_common.constprop.0+0x240/0x780 [hns_roce_hw_v2] hns_roce_create_qp+0x98/0x160 [hns_roce_hw_v2] create_qp+0x138/0x258 ib_create_qp_kernel+0x50/0xe8 create_mad_qp+0xa8/0x128 ib_mad_port_open+0x218/0x448 ib_mad_init_device+0x70/0x1f8 add_client_context+0xfc/0x220 enable_device_and_get+0xd0/0x140 ib_register_device.part.0+0xf4/0x1c8 ib_register_device+0x34/0x50 hns_roce_register_device+0x174/0x3d0 [hns_roce_hw_v2] hns_roce_init+0xfc/0x2c0 [hns_roce_hw_v2] __hns_roce_hw_v2_init_instance+0x7c/0x1d0 [hns_roce_hw_v2] hns_roce_hw_v2_init_instance+0x9c/0x180 [hns_roce_hw_v2] • https://git.kernel.org/stable/c/9a4435375cd151e07c0c38fa601b00115986091b https://git.kernel.org/stable/c/07f0f643d7e570dbe8ef6f5c3367a43e3086a335 https://git.kernel.org/stable/c/29c0f546d3fd66238b42cf25bcd5f193bb1cf794 https://git.kernel.org/stable/c/425589d4af09c49574bd71ac31f811362a5126c3 https://git.kernel.org/stable/c/094a1821903f33fb91de4b71087773ee16aeb3a0 https://git.kernel.org/stable/c/2656336a84fcb6802f6e6c233f4661891deea24f https://git.kernel.org/stable/c/a1a3403bb1826c8ec787f0d60c3e7b54f419129e https://git.kernel.org/stable/c/74d315b5af180220d561684d158977301 •
CVE-2024-47726 – f2fs: fix to wait dio completion
https://notcve.org/view.php?id=CVE-2024-47726
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to wait dio completion It should wait all existing dio write IOs before block removal, otherwise, previous direct write IO may overwrite data in the block which may be reused by other inode. • https://git.kernel.org/stable/c/e3db757ff9b7101ae68650ac5f6dd5743b68164e https://git.kernel.org/stable/c/96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d •
CVE-2024-47723 – jfs: fix out-of-bounds in dbNextAG() and diAlloc()
https://notcve.org/view.php?id=CVE-2024-47723
In the Linux kernel, the following vulnerability has been resolved: jfs: fix out-of-bounds in dbNextAG() and diAlloc() In dbNextAG() , there is no check for the case where bmp->db_numag is greater or same than MAXAG due to a polluted image, which causes an out-of-bounds. Therefore, a bounds check should be added in dbMount(). And in dbNextAG(), a check for the case where agpref is greater than bmp->db_numag should be added, so an out-of-bounds exception should be prevented. Additionally, a check for the case where agno is greater or same than MAXAG should be added in diAlloc() to prevent out-of-bounds. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 https://git.kernel.org/stable/c/0338e66cba272351ca9d7d03f3628e390e70963b https://git.kernel.org/stable/c/ead82533278502428883085a787d5a00f15e5eb9 https://git.kernel.org/stable/c/6ce8b6ab44a8b5918c0ee373d4ad19d19017931b https://git.kernel.org/stable/c/c1ba4b8ca799ff1d99d01f37d7ccb7d5ba5533d2 https://git.kernel.org/stable/c/128d5cfdcf844cb690c9295a3a1c1114c21fc15a https://git.kernel.org/stable/c/96855f40e152989c9e7c20c4691ace5581098acc https://git.kernel.org/stable/c/e63866a475562810500ea7f784099bfe3 •
CVE-2023-52917 – ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
https://notcve.org/view.php?id=CVE-2023-52917
In the Linux kernel, the following vulnerability has been resolved: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() The debugfs_create_dir() function returns error pointers. It never returns NULL. So use IS_ERR() to check it. • https://git.kernel.org/stable/c/e26a5843f7f5014ae4460030ca4de029a3ac35d3 https://git.kernel.org/stable/c/ef7e34237e2612b116a84c9640628a6f7a0d693e https://git.kernel.org/stable/c/a429158f2e0a7a03eb67fd5e204e1f6735c725aa https://git.kernel.org/stable/c/7cbd6d7fb9ba2be03978809c848e2e50eaeead2c https://git.kernel.org/stable/c/16e5bed6c1883b19f9fcbdff996aa3381954d5f3 https://git.kernel.org/stable/c/b66bf833e72a1e23d7ccafc0f8f74e80f8c357b5 https://git.kernel.org/stable/c/babba8595d1e5d57313a6187f3e51aceacc6881a https://git.kernel.org/stable/c/e229897d373a87ee09ec5cc4ecd4bb2f8 •