CVE-2024-26731 – bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
https://notcve.org/view.php?id=CVE-2024-26731
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() syzbot reported the following NULL pointer dereference issue [1]: BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:0x0 [...] Call Trace: <TASK> sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/0x240 entry_SYSCALL_64_after_hwframe+0x6f/0x77 If sk_psock_verdict_data_ready() and sk_psock_stop_verdict() are called concurrently, psock->saved_data_ready can be NULL, causing the above issue. This patch fixes this issue by calling the appropriate data ready function using the sk_psock_data_ready() helper and protecting it from concurrency with sk->sk_callback_lock. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: bpf, sockmap: corrigió la desreferencia del puntero NULL en sk_psock_verdict_data_ready() syzbot informó el siguiente problema de desreferencia del puntero NULL [1]: ERROR: desreferencia del puntero NULL del kernel, dirección: 0000000000000000 [... ] RIP: 0010:0x0 [...] Seguimiento de llamadas: sk_psock_verdict_data_ready+0x232/0x340 net/core/skmsg.c:1230 unix_stream_sendmsg+0x9b4/0x1230 net/unix/af_unix.c:2293 sock_sendmsg_nosec net/socket. c:730 [en línea] __sock_sendmsg+0x221/0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en línea] __sys_sendmsg+0x2b0/0x3a0 net /socket. c:2667 do_syscall_64+0xf9/0x240 Entry_SYSCALL_64_after_hwframe+0x6f/0x77 Si sk_psock_verdict_data_ready() y sk_psock_stop_verdict() se llaman simultáneamente, psock->saved_data_ready puede ser NULL, causando el problema anterior. Este parche soluciona este problema llamando a la función de preparación de datos adecuada utilizando el asistente sk_psock_data_ready() y protegiéndola de la concurrencia con sk->sk_callback_lock. • https://git.kernel.org/stable/c/dd628fc697ee59b76bd3877c4bd13f07ccc3776f https://git.kernel.org/stable/c/6df7f764cd3cf5a03a4a47b23be47e57e41fcd85 https://git.kernel.org/stable/c/d3cbd7c571446a876aefd8320500300b2c951c58 https://git.kernel.org/stable/c/4588b13abcbd561ec67f5b3c1cb2eff690990a54 https://git.kernel.org/stable/c/9b099ed46dcaf1403c531ff02c3d7400fa37fa26 https://git.kernel.org/stable/c/d61608a4e394f23e0dca099df9eb8e555453d949 https://git.kernel.org/stable/c/4cd12c6065dfcdeba10f49949bffcf383b3952d8 • CWE-476: NULL Pointer Dereference •
CVE-2024-26730 – hwmon: (nct6775) Fix access to temperature configuration registers
https://notcve.org/view.php?id=CVE-2024-26730
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775) Fix access to temperature configuration registers The number of temperature configuration registers does not always match the total number of temperature registers. This can result in access errors reported if KASAN is enabled. BUG: KASAN: global-out-of-bounds in nct6775_probe+0x5654/0x6fe9 nct6775_core En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: hwmon: (nct6775) Arreglar el acceso a los registros de configuración de temperatura El número de registros de configuración de temperatura no siempre coincide con el número total de registros de temperatura. Esto puede resultar en errores de acceso reportados si KASAN está habilitado. ERROR: KASAN: global fuera de los límites en nct6775_probe+0x5654/0x6fe9 nct6775_core • https://git.kernel.org/stable/c/b7f1f7b2523a6a4382f12fe953380b847b80e09d https://git.kernel.org/stable/c/f006c45a3ea424f8f6c8e4b9283bc245ce2a4d0f https://git.kernel.org/stable/c/c196387820c9214c5ceaff56d77303c82514b8b1 https://git.kernel.org/stable/c/d56e460e19ea8382f813eb489730248ec8d7eb73 •
CVE-2024-26729 – drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv
https://notcve.org/view.php?id=CVE-2024-26729
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv Fixes potential null pointer dereference warnings in the dc_dmub_srv_cmd_list_queue_execute() and dc_dmub_srv_is_hw_pwr_up() functions. In both functions, the 'dc_dmub_srv' variable was being dereferenced before it was checked for null. This could lead to a null pointer dereference if 'dc_dmub_srv' is null. The fix is to check if 'dc_dmub_srv' is null before dereferencing it. Thus moving the null checks for 'dc_dmub_srv' to the beginning of the functions to ensure that 'dc_dmub_srv' is not null when it is dereferenced. Found by smatch & thus fixing the below: drivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:133 dc_dmub_srv_cmd_list_queue_execute() warn: variable dereferenced before check 'dc_dmub_srv' (see line 128) drivers/gpu/drm/amd/amdgpu/../display/dc/dc_dmub_srv.c:1167 dc_dmub_srv_is_hw_pwr_up() warn: variable dereferenced before check 'dc_dmub_srv' (see line 1164) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: corrige una posible desreferencia de puntero nulo en dc_dmub_srv. • https://git.kernel.org/stable/c/028bac5834495f4f4036bf8b3206fcdafe99a393 https://git.kernel.org/stable/c/351080ba3414c96afff0f1338b4aeb2983195b80 https://git.kernel.org/stable/c/d2b48f340d9e4a8fbeb1cdc84cd8da6ad143a907 •
CVE-2024-26728 – drm/amd/display: fix null-pointer dereference on edid reading
https://notcve.org/view.php?id=CVE-2024-26728
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix null-pointer dereference on edid reading Use i2c adapter when there isn't aux_mode in dc_link to fix a null-pointer derefence that happens when running igt@kms_force_connector_basic in a system with DCN2.1 and HDMI connector detected as below: [ +0.178146] BUG: kernel NULL pointer dereference, address: 00000000000004c0 [ +0.000010] #PF: supervisor read access in kernel mode [ +0.000005] #PF: error_code(0x0000) - not-present page [ +0.000004] PGD 0 P4D 0 [ +0.000006] Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000006] CPU: 15 PID: 2368 Comm: kms_force_conne Not tainted 6.5.0-asdn+ #152 [ +0.000005] Hardware name: HP HP ENVY x360 Convertible 13-ay1xxx/8929, BIOS F.01 07/14/2021 [ +0.000004] RIP: 0010:i2c_transfer+0xd/0x100 [ +0.000011] Code: ea fc ff ff 66 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 41 54 55 53 <48> 8b 47 10 48 89 fb 48 83 38 00 0f 84 b3 00 00 00 83 3d 2f 80 16 [ +0.000004] RSP: 0018:ffff9c4f89c0fad0 EFLAGS: 00010246 [ +0.000005] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000000080 [ +0.000003] RDX: 0000000000000002 RSI: ffff9c4f89c0fb20 RDI: 00000000000004b0 [ +0.000003] RBP: ffff9c4f89c0fb80 R08: 0000000000000080 R09: ffff8d8e0b15b980 [ +0.000003] R10: 00000000000380e0 R11: 0000000000000000 R12: 0000000000000080 [ +0.000002] R13: 0000000000000002 R14: ffff9c4f89c0fb0e R15: ffff9c4f89c0fb0f [ +0.000004] FS: 00007f9ad2176c40(0000) GS:ffff8d90fe9c0000(0000) knlGS:0000000000000000 [ +0.000003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000004] CR2: 00000000000004c0 CR3: 0000000121bc4000 CR4: 0000000000750ee0 [ +0.000003] PKRU: 55555554 [ +0.000003] Call Trace: [ +0.000006] <TASK> [ +0.000006] ? __die+0x23/0x70 [ +0.000011] ? page_fault_oops+0x17d/0x4c0 [ +0.000008] ? preempt_count_add+0x6e/0xa0 [ +0.000008] ? srso_alias_return_thunk+0x5/0x7f [ +0.000011] ? • https://git.kernel.org/stable/c/0e859faf8670a78ce206977dcf1a31a0231e9ca5 https://git.kernel.org/stable/c/2d392f7268a1a9bfbd98c831f0f4c964e59aa145 https://git.kernel.org/stable/c/9671761792156f2339627918bafcd713a8a6f777 •
CVE-2023-52641 – fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
https://notcve.org/view.php?id=CVE-2023-52641
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() It is preferable to exit through the out: label because internal debugging functions are located there. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Agregar verificación de desreferencia de ptr NULL al final de attr_allocate_frame() Es preferible salir por la etiqueta out: porque las funciones de depuración interna se encuentran allí. • https://git.kernel.org/stable/c/ee8db6475cb15c8122855f72ad4cfa5375af6a7b https://git.kernel.org/stable/c/50545eb6cd5f7ff852a01fa29b7372524ef948cc https://git.kernel.org/stable/c/947c3f3d31ea185ddc8e7f198873f17d36deb24c https://git.kernel.org/stable/c/847b68f58c212f0439c5a8101b3841f32caffccd https://git.kernel.org/stable/c/aaab47f204aaf47838241d57bf8662c8840de60a •