CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-53234 – erofs: handle NONHEAD !delta[1] lclusters gracefully
https://notcve.org/view.php?id=CVE-2024-53234
In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as delta[1]=1 to work around these legacy mkfs versions. `lclusterbits > 14` is illegal for compact indexes, error out too. • https://git.kernel.org/stable/c/d95ae5e25326092d61613acf98280270dde22778 https://git.kernel.org/stable/c/96a85becb811ca2ce21a21721f1544d342ae431e https://git.kernel.org/stable/c/8c723eef989bc419585237daa467b787ddca5415 https://git.kernel.org/stable/c/0e1854f87be8fa237198d407a1347476dbead3f5 https://git.kernel.org/stable/c/f466641debcbea8bdf78d1b63a6270aadf9301bf https://git.kernel.org/stable/c/480c6c7b55aeacac800bc2a0d321ff53273045e5 https://git.kernel.org/stable/c/daaf68fef4b2ff97928227630021d37b27a96655 https://git.kernel.org/stable/c/0bc8061ffc733a0a246b8689b2d32a3e9 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53233 – unicode: Fix utf8_load() error path
https://notcve.org/view.php?id=CVE-2024-53233
In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? • https://git.kernel.org/stable/c/2b3d047870120bcd46d7cc257d19ff49328fd585 https://git.kernel.org/stable/c/4387cef540f36c2c9297460758cc2438305a24a0 https://git.kernel.org/stable/c/c4b6c1781f6cc4e2283120ac8d873864b8056f21 https://git.kernel.org/stable/c/6504dd27123966dc455494cb55217c04ca479121 https://git.kernel.org/stable/c/89933f8ab3b4cad5ac14ea56a39947d1ffe7d0e3 https://git.kernel.org/stable/c/156bb2c569cd869583c593d27a5bd69e7b2a4264 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53232 – iommu/s390: Implement blocking domain
https://notcve.org/view.php?id=CVE-2024-53232
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain_nofail() attaching the default domain fails when the platform no longer recognizes the device as it has already been removed and we end up with a NULL domain pointer and UAF. This is exactly the case referred to in the second comment in __iommu_device_set_domain() and just as stated there if we can instead attach the blocking domain the UAF is prevented as this can handle the already removed device. Implement the blocking domain to use this handling. With this change, the crash is fixed but we still hit a warning attempting to change DMA ownership on a blocked device. • https://git.kernel.org/stable/c/c76c067e488ccd55734c3e750799caf2c5956db6 https://git.kernel.org/stable/c/3be34fa1cdbf180c1a948cfededfdf2cdc497199 https://git.kernel.org/stable/c/bd89d94f3ea6fdaee983cbc69226a00b9bde6d59 https://git.kernel.org/stable/c/ecda483339a5151e3ca30d6b82691ef6f1d17912 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53231 – cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw()
https://notcve.org/view.php?id=CVE-2024-53231
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae https://git.kernel.org/stable/c/a357b63fd21e4b2791008c2175ba7a8c235ebce1 https://git.kernel.org/stable/c/e07570a8f2cfc51260c6266cb8e1bd4777a610d6 https://git.kernel.org/stable/c/e9b39f1924b76abc18881e4ce899fb232dd23d12 https://git.kernel.org/stable/c/65fe2f7fdafe2698a343661800434b3f2e51041e https://git.kernel.org/stable/c/a78e7207564258db6e373e86294a85f9d646d35a •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53230 – cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost()
https://notcve.org/view.php?id=CVE-2024-53230
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference, so check NULL for cppc_get_cpu_cost(). • https://git.kernel.org/stable/c/740fcdc2c20ecf855b36b919d7fa1b872b5a7eae https://git.kernel.org/stable/c/1975b481f644f8f841d9c188e3c214fce187f18b https://git.kernel.org/stable/c/f05ef81db63889f6f14eb77fd140dac6cedb6f7f https://git.kernel.org/stable/c/afd22d9839359829776abb55cc9bc4946e888704 https://git.kernel.org/stable/c/6be57617a38b3f33266acecdb3c063c1c079aaf7 https://git.kernel.org/stable/c/1a1374bb8c5926674973d849feed500bc61ad535 •