CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27050 – libbpf: Use OPTS_SET() macro in bpf_xdp_query()
https://notcve.org/view.php?id=CVE-2024-27050
In the Linux kernel, the following vulnerability has been resolved: libbpf: Use OPTS_SET() macro in bpf_xdp_query() When the feature_flags and xdp_zc_max_segs fields were added to the libbpf bpf_xdp_query_opts, the code writing them did not use the OPTS_SET() macro. This causes libbpf to write to those fields unconditionally, which means that programs compiled against an older version of libbpf (with a smaller size of the bpf_xdp_query_opts struct) will have its stack corrupted by libbpf writing out of bounds. The patch adding the feature_flags field has an early bail out if the feature_flags field is not part of the opts struct (via the OPTS_HAS) macro, but the patch adding xdp_zc_max_segs does not. For consistency, this fix just changes the assignments to both fields to use the OPTS_SET() macro. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: libbpf: use la macro OPTS_SET() en bpf_xdp_query() Cuando los campos feature_flags y xdp_zc_max_segs se agregaron a libbpf bpf_xdp_query_opts, el código que los escribió no usó la macro OPTS_SET(). Esto hace que libbpf escriba en esos campos incondicionalmente, lo que significa que los programas compilados con una versión anterior de libbpf (con un tamaño más pequeño de la estructura bpf_xdp_query_opts) tendrán su pila dañada por la escritura de libbpf fuera de los límites. El parche que agrega el campo feature_flags tiene un rescate anticipado si el campo feature_flags no es parte de la estructura opts (a través de la macro OPTS_HAS), pero el parche que agrega xdp_zc_max_segs no lo hace. • https://git.kernel.org/stable/c/13ce2daa259a3bfbc9a5aeeee8b9a87058703731 https://git.kernel.org/stable/c/fa5bef5e80c6a3321b2b1a7070436f3bc5daf07c https://git.kernel.org/stable/c/682ddd62abd4bdcee7584246903e7a2df005fe0d https://git.kernel.org/stable/c/cd3be9843247edb8fc6fcd8d8237cbce2bc19f5e https://git.kernel.org/stable/c/92a871ab9fa59a74d013bc04f321026a057618e7 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-27048 – wifi: brcm80211: handle pmk_op allocation failure
https://notcve.org/view.php?id=CVE-2024-27048
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: handle pmk_op allocation failure The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: brcm80211: maneja el error de asignación de pmk_op El kzalloc() en brcmf_pmksa_v3_op() devolverá nulo si la memoria física se ha agotado. Como resultado, si eliminamos la referencia del valor nulo, se producirá el error de desreferencia del puntero nulo. Devuelve -ENOMEM de brcmf_pmksa_v3_op() si kzalloc() falla para pmk_op. • https://git.kernel.org/stable/c/a96202acaea47fa8377088e0952bb63bd02a3bab https://git.kernel.org/stable/c/df62e22c2e27420e8990a4f09e30d7bf56c2036f https://git.kernel.org/stable/c/9975908315c13bae2f2ed5ba92870fa935180b0e https://git.kernel.org/stable/c/6138a82f3bccfc67ed7ac059493579fc326c02e5 https://git.kernel.org/stable/c/b4152222e04cb8afeeca239c90e3fcaf4c553b42 https://access.redhat.com/security/cve/CVE-2024-27048 https://bugzilla.redhat.com/show_bug.cgi?id=2278431 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27047 – net: phy: fix phy_get_internal_delay accessing an empty array
https://notcve.org/view.php?id=CVE-2024-27047
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defining delay_values and rx-internal-delay-ps or tx-internal-delay-ps is defined to 0 in the device-tree. This will lead to "unable to handle kernel NULL pointer dereference at virtual address 0". To avoid this kernel oops, the test should be delay >= 0. As there is already delay < 0 test just before, the test could only be size == 0. En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:phy: fix phy_get_internal_delay accediendo a un array vacío La función phy_get_internal_delay podría intentar acceder a un array vacío en el caso de que el driver esté llamando a phy_get_internal_delay sin definir delay_values y rx-internal- delay-ps o tx-internal-delay-ps se define en 0 en el árbol de dispositivos. Esto provocará que "no se pueda manejar la desreferencia del puntero NULL del kernel en la dirección virtual 0". • https://git.kernel.org/stable/c/92252eec913b2dd5e7b5de11ea3efa2e64d65cf4 https://git.kernel.org/stable/c/06dd21045a7e8bc8701b0ebedcd9a30a6325878b https://git.kernel.org/stable/c/0e939a002c8a7d66e60bd0ea6b281fb39d713c1a https://git.kernel.org/stable/c/2a2ff709511617de9c6c072eeee82bcbbdfecaf8 https://git.kernel.org/stable/c/589ec16174dd9378953b8232ae76fad0a96e1563 https://git.kernel.org/stable/c/c0691de7df1d51482a52cac93b7fe82fd9dd296b https://git.kernel.org/stable/c/0307cf443308ecc6be9b2ca312bb31bae5e5a7ad https://git.kernel.org/stable/c/4469c0c5b14a0919f5965c7ceac96b523 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2024-27046 – nfp: flower: handle acti_netdevs allocation failure
https://notcve.org/view.php?id=CVE-2024-27046
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null pointer dereference bugs will happen. This patch adds a check to judge whether allocation failure occurs. If it happens, the delayed work will be rescheduled and try again. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfp: flor: manejar el error de asignación de acti_netdevs El kmalloc_array() en nfp_fl_lag_do_work() devolverá nulo, si la memoria física se ha agotado. Como resultado, si eliminamos la referencia a acti_netdevs, se producirán errores de desreferencia del puntero nulo. Este parche agrega una verificación para juzgar si se produce una falla en la asignación. • https://git.kernel.org/stable/c/bb9a8d031140f186d13d82f57b0f5646d596652f https://git.kernel.org/stable/c/d746889db75a76aeee95fb705b8e1ac28c684a2e https://git.kernel.org/stable/c/3b1e8a617eb0f4cdc19def530047a95b5abde07d https://git.kernel.org/stable/c/928705e341010dd910fdece61ccb974f494a758f https://git.kernel.org/stable/c/0d387dc503f9a53e6d1f6e9dd0292d38f083eba5 https://git.kernel.org/stable/c/c9b4e220dd18f79507803f38a55d53b483f6c9c3 https://git.kernel.org/stable/c/408ba7fd04f959c61b50db79c983484312fea642 https://git.kernel.org/stable/c/c8df9203bf22c66fa26e8d8c7f8ce181c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2024-27045 – drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
https://notcve.org/view.php?id=CVE-2024-27045
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() is printing too much 30 vs 10 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: soluciona un posible desbordamiento del búfer en 'dp_dsc_clock_en_read()' Dile a snprintf() que almacene como máximo 10 bytes en el búfer de salida en lugar de 30. Corrige lo siguiente : drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_debugfs.c:1508 dp_dsc_clock_en_read() error: snprintf() está imprimiendo demasiado 30 vs 10 • https://git.kernel.org/stable/c/c06e09b76639657f284bfaf1cce29557a2515e85 https://git.kernel.org/stable/c/ff28893c96c5e0927a4da10cd24a3522ca663515 https://git.kernel.org/stable/c/440f059837418fac1695b65d3ebc6080d33be877 https://git.kernel.org/stable/c/d346b3e5b25c95d504478507eb867cd3818775ab https://git.kernel.org/stable/c/ad76fd30557d6a106c481e4606a981221ca525f7 https://git.kernel.org/stable/c/eb9327af3621d26b1d83f767c97a3fe8191a3a65 https://git.kernel.org/stable/c/cf114d8d4a8d78df272116a745bb43b48cef65f4 https://git.kernel.org/stable/c/4b09715f1504f1b6e8dff0e9643630610 •