CVE-2024-27072 – media: usbtv: Remove useless locks in usbtv_video_free()
https://notcve.org/view.php?id=CVE-2024-27072
In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166dc872180000 Also remove usbtv_stop() call since it will be called when unregistering the device. Before 'c838530d230b' this issue would only be noticed if you disconnect while streaming and now it is noticeable even when disconnecting while not streaming. [hverkuil: fix minor spelling mistake in log message] En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: usbtv: Eliminar bloqueos inútiles en usbtv_video_free() Eliminar llamadas de bloqueos en usbtv_video_free() porque son inútiles y pueden provocar un punto muerto como se informa aquí: https://syzkaller.appspot .com/x/bisect.txt?x=166dc872180000 También elimine la llamada usbtv_stop() ya que se llamará al cancelar el registro del dispositivo. Antes de 'c838530d230b', este problema solo se notaba si se desconectaba mientras se transmitía y ahora se nota incluso cuando se desconecta mientras no se transmite. [hverkuil: corrige un error ortográfico menor en el mensaje de registro] • https://git.kernel.org/stable/c/f3d27f34fdd7701e499617d2c1d94480a98f6d07 https://git.kernel.org/stable/c/4ec4641df57cbdfdc51bb4959afcdbcf5003ddb9 https://git.kernel.org/stable/c/d5ed208d04acf06781d63d30f9fa991e8d609ebd https://git.kernel.org/stable/c/bdd82c47b22a8befd617b723098b2a41b77373c7 https://git.kernel.org/stable/c/dea46e246ef0f98d89d59a4229157cd9ffb636bf https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2 https://git.kernel.org/stable/c/65e6a2773d655172143cc0b927cdc89549842895 •
CVE-2024-27071 – backlight: hx8357: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2024-27071
In the Linux kernel, the following vulnerability has been resolved: backlight: hx8357: Fix potential NULL pointer dereference The "im" pins are optional. Add missing check in the hx8357_probe(). En el kernel de Linux, se resolvió la siguiente vulnerabilidad: retroiluminación: hx8357: corrige una posible desreferencia del puntero NULL Los pines "im" son opcionales. Agregue el cheque que falta en hx8357_probe(). • https://git.kernel.org/stable/c/7d84a63a39b78443d09f2b4edf7ecb1d586379b4 https://git.kernel.org/stable/c/67e578c8ff2d7df03bf8ca9a7f5436b1796f6ad1 https://git.kernel.org/stable/c/b1ba8bcb2d1ffce11b308ce166c9cc28d989e3b9 •
CVE-2024-27070 – f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault
https://notcve.org/view.php?id=CVE-2024-27070
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 Read of size 8 at addr ffff88807bb22680 by task syz-executor184/5058 CPU: 0 PID: 5058 Comm: syz-executor184 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x163/0x540 mm/kasan/report.c:488 kasan_report+0x142/0x170 mm/kasan/report.c:601 f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 __do_fault+0x131/0x450 mm/memory.c:4376 do_shared_fault mm/memory.c:4798 [inline] do_fault mm/memory.c:4872 [inline] do_pte_missing mm/memory.c:3745 [inline] handle_pte_fault mm/memory.c:5144 [inline] __handle_mm_fault+0x23b7/0x72b0 mm/memory.c:5285 handle_mm_fault+0x27e/0x770 mm/memory.c:5450 do_user_addr_fault arch/x86/mm/fault.c:1364 [inline] handle_page_fault arch/x86/mm/fault.c:1507 [inline] exc_page_fault+0x456/0x870 arch/x86/mm/fault.c:1563 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 The root cause is: in f2fs_filemap_fault(), vmf->vma may be not alive after filemap_fault(), so it may cause use-after-free issue when accessing vmf->vma->vm_flags in trace_f2fs_filemap_fault(). So it needs to keep vm_flags in separated temporary variable for tracepoint use. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: f2fs: solución para evitar el problema de use-after-free en f2fs_filemap_fault syzbot informa un error de f2fs como se muestra a continuación: ERROR: KASAN: slab-use-after-free en f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 Lectura de tamaño 8 en la dirección ffff88807bb22680 por tarea syz-executor184/5058 CPU: 0 PID: 5058 Comm: syz-executor184 Not tainted 6.7.0-syzkaller-09928-g052d534373b7 #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 17/11/2023 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en línea] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 print_address_description mm/kasan/ report.c:377 [en línea] print_report+0x163/0x540 mm/kasan/report.c:488 kasan_report+0x142/0x170 mm/kasan/report.c:601 f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 __do_fault+0x131/0x450 mm/memory.c:4376 do_shared_fault mm/memory.c:4798 [en línea] do_fault mm/memory.c:4872 [en línea] do_pte_missing mm/memory.c:3745 [en línea] handle_pte_fault mm/memory. c:5144 [en línea] __handle_mm_fault+0x23b7/0x72b0 mm/memory.c:5285 handle_mm_fault+0x27e/0x770 mm/memory.c:5450 do_user_addr_fault arch/x86/mm/fault.c:1364 [en línea] handle_page_fault arch/x86/ mm/fault.c:1507 [en línea] exc_page_fault+0x456/0x870 arch/x86/mm/fault.c:1563 asm_exc_page_fault+0x26/0x30 arch/x86/include/asm/idtentry.h:570 La causa raíz es: en f2fs_filemap_fault(), es posible que vmf->vma no esté activo después de filemap_fault(), por lo que puede causar un problema de use-after-free al acceder a vmf->vma->vm_flags en trace_f2fs_filemap_fault(). Por lo tanto, debe mantener vm_flags en una variable temporal separada para su uso en puntos de seguimiento. • https://git.kernel.org/stable/c/87f3afd366f7c668be0269efda8a89741a3ea6b3 https://git.kernel.org/stable/c/8186e16a766d709a08f188d2f4e84098f364bea1 https://git.kernel.org/stable/c/eb70d5a6c932d9d23f4bb3e7b83782c21ac4b064 •
CVE-2024-27069 – ovl: relax WARN_ON in ovl_verify_area()
https://notcve.org/view.php?id=CVE-2024-27069
In the Linux kernel, the following vulnerability has been resolved: ovl: relax WARN_ON in ovl_verify_area() syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause undefined behavior, so returning EIO error for the copy up makes sense, but it should not be causing a WARN_ON assertion. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: ovl: relax WARN_ON en ovl_verify_area() syzbot alcanzó una afirmación en el bucle de copia de datos que parece ser el resultado de un archivo inferior cuyo tamaño se está cambiando debajo de overlayfs. Está documentado que este tipo de caso de uso causa un comportamiento indefinido, por lo que devolver un error EIO para la copia tiene sentido, pero no debería causar una afirmación WARN_ON. • https://git.kernel.org/stable/c/ca7ab482401cf0a7497dad05f4918dc64115538b https://git.kernel.org/stable/c/c3c85aefc0da1e5074a06c682542a54ccc99bdca https://git.kernel.org/stable/c/77a28aa476873048024ad56daf8f4f17d58ee48e •
CVE-2024-27068 – thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
https://notcve.org/view.php?id=CVE-2024-27068
In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path If devm_krealloc() fails, then 'efuse' is leaking. So free it to avoid a leak. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/mediatek/lvts_thermal: corrige una pérdida de memoria en una ruta de manejo de errores. Si devm_krealloc() falla, entonces 'efuse' tiene una fuga. Así que libérelo para evitar una fuga. • https://git.kernel.org/stable/c/f5f633b18234cecb0e6ee6e5fbb358807dda15c3 https://git.kernel.org/stable/c/2db869da91afd48e5b9ec76814709be49662b07d https://git.kernel.org/stable/c/a37f3652bee468f879d35fe2da9ede3f1dcbb7be https://git.kernel.org/stable/c/9b02197596671800dd934609384b1aca7c6ad218 https://git.kernel.org/stable/c/ca93bf607a44c1f009283dac4af7df0d9ae5e357 •