CVE-2024-36027 – btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer
https://notcve.org/view.php?id=CVE-2024-36027
In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: do not flag ZEROOUT on non-dirty extent buffer Btrfs clears the content of an extent buffer marked as EXTENT_BUFFER_ZONED_ZEROOUT before the bio submission. This mechanism is introduced to prevent a write hole of an extent buffer, which is once allocated, marked dirty, but turns out unnecessary and cleaned up within one transaction operation. Currently, btrfs_clear_buffer_dirty() marks the extent buffer as EXTENT_BUFFER_ZONED_ZEROOUT, and skips the entry function. If this call happens while the buffer is under IO (with the WRITEBACK flag set, without the DIRTY flag), we can add the ZEROOUT flag and clear the buffer's content just before a bio submission. As a result: 1) it can lead to adding faulty delayed reference item which leads to a FS corrupted (EUCLEAN) error, and 2) it writes out cleared tree node on disk The former issue is previously discussed in [1]. The corruption happens when it runs a delayed reference update. • https://git.kernel.org/stable/c/aa6313e6ff2bfbf736a2739047bba355d8241584 https://git.kernel.org/stable/c/f4b994fccbb6f294c4b31a6ca0114b09f7245043 https://git.kernel.org/stable/c/68879386180c0efd5a11e800b0525a01068c9457 •
CVE-2024-36026 – drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11
https://notcve.org/view.php?id=CVE-2024-36026
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 While doing multiple S4 stress tests, GC/RLC/PMFW get into an invalid state resulting into hard hangs. Adding a GFX reset as workaround just before sending the MP1_UNLOAD message avoids this failure. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/pm: corrige un bloqueo aleatorio en S4 para SMU v13.0.4/11 Al realizar múltiples pruebas de estrés de S4, GC/RLC/PMFW entra en un estado no válido, lo que resulta en cuelga duro. Agregar un reinicio de GFX como workaround justo antes de enviar el mensaje MP1_UNLOAD evita este error. • https://git.kernel.org/stable/c/bd9b94055c3deb2398ee4490c1dfdf03f53efb8f https://git.kernel.org/stable/c/1e3b8874d55c0c28378beb9007494a7a9269a5f5 https://git.kernel.org/stable/c/7521329e54931ede9e042bbf5f4f812b5bc4a01d https://git.kernel.org/stable/c/31729e8c21ecfd671458e02b6511eb68c2225113 •
CVE-2024-36025 – scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()
https://notcve.org/view.php?id=CVE-2024-36025
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() The app_reply->elem[] array is allocated earlier in this function and it has app_req.num_ports elements. Thus this > comparison needs to be >= to prevent memory corruption. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: scsi: qla2xxx: arreglada por uno en qla_edif_app_getstats() La matriz app_reply->elem[] se asignó anteriormente en esta función y tiene elementos app_req.num_ports. Por lo tanto, esta > comparación necesita ser >= para evitar la corrupción de la memoria. A vulnerability was found in the Linux kernel's qla2xxx SCSI driver, specifically in the `qla_edif_app_getstats()` function, where an off-by-one error in array access could lead to memory corruption. • https://git.kernel.org/stable/c/7878f22a2e03b69baf792f74488962981a1c9547 https://git.kernel.org/stable/c/8c820f7c8e9b46238d277c575392fe9930207aab https://git.kernel.org/stable/c/9fc74e367be4247a5ac39bb8ec41eaa73fade510 https://git.kernel.org/stable/c/60b87b5ecbe07d70897d35947b0bb3e76ccd1b3a https://git.kernel.org/stable/c/ea8ac95c22c93acecb710209a7fd10b851afe817 https://git.kernel.org/stable/c/4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd https://access.redhat.com/security/cve/CVE-2024-36025 https://bugzilla.redhat.com/show_bug.cgi?id=2284421 • CWE-787: Out-of-bounds Write •
CVE-2024-36024 – drm/amd/display: Disable idle reallow as part of command/gpint execution
https://notcve.org/view.php?id=CVE-2024-36024
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable idle reallow as part of command/gpint execution [Why] Workaroud for a race condition where DMCUB is in the process of committing to IPS1 during the handshake causing us to miss the transition into IPS2 and touch the INBOX1 RPTR causing a HW hang. [How] Disable the reallow to ensure that we have enough of a gap between entry and exit and we're not seeing back-to-back wake_and_executes. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/amd/display: deshabilite la reasignación inactiva como parte de la ejecución del comando/gpint [Por qué] Workaroud para una condición de ejecución en la que DMCUB está en el proceso de comprometerse con IPS1 durante el protocolo de enlace que causa Nos perdemos la transición a IPS2 y tocamos el RPTR de INBOX1 provocando un bloqueo del HW. [Cómo] Deshabilite la reallow para asegurarnos de que tengamos un espacio suficiente entre la entrada y la salida y que no veamos wake_and_executes consecutivos. • https://git.kernel.org/stable/c/2aac387445610d6dfd681f5214388e86f5677ef7 https://git.kernel.org/stable/c/6226a5aa77370329e01ee8abe50a95e60618ce97 •
CVE-2024-36023 – Julia Lawall reported this null pointer dereference, this should fix it.
https://notcve.org/view.php?id=CVE-2024-36023
In the Linux kernel, the following vulnerability has been resolved: Julia Lawall reported this null pointer dereference, this should fix it. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: Julia Lawall informó esta desreferencia de puntero nulo, esto debería solucionarlo. • https://git.kernel.org/stable/c/2e2177f94c0e0bc41323d7b6975a5f4820ed347e https://git.kernel.org/stable/c/214a6c4a28c11d67044e6cf3a0ab415050d9f03a https://git.kernel.org/stable/c/b972e8ac3f44f693127a2806031962d100dfc4d1 https://git.kernel.org/stable/c/9bf93dcfc453fae192fe5d7874b89699e8f800ac • CWE-476: NULL Pointer Dereference •