CVSS: -EPSS: 0%CPEs: 10EXPL: 0CVE-2024-56548 – hfsplus: don't query the device logical block size multiple times
https://notcve.org/view.php?id=CVE-2024-56548
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a new min_io_size initally set to sb_min_blocksize works for the purposes of the original fix, since it will be set to the max between HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not initialized. Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024 and 4096. The produced KASAN report before the fix looks like this: [ 419.944641] ================================================================== [ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Call Trace: [ 419.950384] <TASK> [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.951830] print_report+0x14c/0x49e [ 419.952361] ? __virt_addr_valid+0x267/0x278 [ 419.952979] ? • https://git.kernel.org/stable/c/6596528e391ad978a6a120142cba97a1d7324cb6 https://git.kernel.org/stable/c/c53c89aba3ebdfc3e9acdb18bb5ee9d2f8a328d0 https://git.kernel.org/stable/c/baccb5e12577b7a9eff54ffba301fdaa0f3ee5a8 https://git.kernel.org/stable/c/f57725bcc5816425e25218fdf5fb6923bc578cdf https://git.kernel.org/stable/c/e8a2b1c1c2ea85e9a5a2d0c5a5a7e7c639feb866 https://git.kernel.org/stable/c/06cbfbb13ac88f4154c2eb4bc4176f9d10139847 https://git.kernel.org/stable/c/3d7bda75e1a6239db053c73acde17ca146317824 https://git.kernel.org/stable/c/21900e8478126ff6afe3b66679f676e74 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2024-56547 – rcu/nocb: Fix missed RCU barrier on deoffloading
https://notcve.org/view.php?id=CVE-2024-56547
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60 test_boost=2, will trigger the following warning: WARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0 RIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0 Call Trace: <TASK> ? __warn+0x7e/0x120 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x3d/0x70 ? • https://git.kernel.org/stable/c/1fcb932c8b5ce86219d7dedcd63659351a43291c https://git.kernel.org/stable/c/224b62028959858294789772d372dcb36cf5f820 https://git.kernel.org/stable/c/2996980e20b7a54a1869df15b3445374b850b155 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-56546 – drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend()
https://notcve.org/view.php?id=CVE-2024-56546
In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path. • https://git.kernel.org/stable/c/05e5ba40ea7ab6a99bb8d6117c899d0e13ca8700 https://git.kernel.org/stable/c/272168927f38bda46f6c1ed5f40de97689e7a5d2 https://git.kernel.org/stable/c/882d7afaa4b82c20a7be7a3a039532a80ebacd23 https://git.kernel.org/stable/c/5a3bda42394ff137eb2d3d3d20d2956a8c6e9237 https://git.kernel.org/stable/c/584d420771e1ad2bb74e19a19da8ae0fee0a6e1f https://git.kernel.org/stable/c/44ed4f90a97ff6f339e50ac01db71544e0990efc •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-56545 – HID: hyperv: streamline driver probe to avoid devres issues
https://notcve.org/view.php?id=CVE-2024-56545
In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hid_hyperv' module results in a devres complaint: ... hv_vmbus: unregistering driver hid_hyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 ... Call Trace: <TASK> ? devres_release_group+0x1f2/0x2c0 ? __warn+0xd1/0x1c0 ? devres_release_group+0x1f2/0x2c0 ? report_bug+0x32a/0x3c0 ? • https://git.kernel.org/stable/c/62c68e7cee332e08e625af3bca3318814086490d https://git.kernel.org/stable/c/b03e713a400aeb5f969bab4daf47a7402d0df814 https://git.kernel.org/stable/c/19a9457e5e210e408c1f8865b5d93c5a2c90409d https://git.kernel.org/stable/c/3d48d0fbaaa74a04fb9092780a3f83dc4f3f8160 https://git.kernel.org/stable/c/66ef47faa90d838cda131fe1f7776456cc3b59f2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56544 – udmabuf: change folios array from kmalloc to kvmalloc
https://notcve.org/view.php?id=CVE-2024-56544
In the Linux kernel, the following vulnerability has been resolved: udmabuf: change folios array from kmalloc to kvmalloc When PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine, page_alloc only support 4MB. If above this, trigger this warn and return NULL. udmabuf can change size limit, if change it to 3072(3GB), and then alloc 3GB udmabuf, will fail create. [ 4080.876581] ------------[ cut here ]------------ [ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350 [ 4080.878839] RIP: 0010:__alloc_pages+0x2c8/0x350 [ 4080.879470] Call Trace: [ 4080.879473] <TASK> [ 4080.879473] ? __alloc_pages+0x2c8/0x350 [ 4080.879475] ? __warn.cold+0x8e/0xe8 [ 4080.880647] ? __alloc_pages+0x2c8/0x350 [ 4080.880909] ? report_bug+0xff/0x140 [ 4080.881175] ? • https://git.kernel.org/stable/c/2acc6192aa8570661ed37868c02c03002b1dc290 https://git.kernel.org/stable/c/85bb72397cb63649fe493c96e27e1d0e4ed2ff63 https://git.kernel.org/stable/c/1c0844c6184e658064e14c4335885785ad3bf84b •