CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-42110 – net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx()
https://notcve.org/view.php?id=CVE-2024-42110
In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.546922] BUG: using smp_processor_id() in preemptible [00000000] code: irq/52-idxd-por/14526 [74412.556784] caller is netif_rx_internal+0x42/0x130 [74412.562282] CPU: 6 PID: 14526 Comm: irq/52-idxd-por Not tainted 6.9.5 #5 [74412.569870] Hardware name: Intel Corporation ArcherCity/ArcherCity, BIOS EGSDCRB1.E9I.1752.P05.2402080856 02/08/2024 [74412.581699] Call Trace: [74412.584514] <TASK> [74412.586933] dump_stack_lvl+0x55/0x70 [74412.591129] check_preemption_disabled+0xc8/0xf0 [74412.596374] netif_rx_internal+0x42/0x130 [74412.600957] __netif_rx+0x20/0xd0 [74412.604743] ntb_netdev_rx_handler+0x66/0x150 [ntb_netdev] [74412.610985] ntb_complete_rxc+0xed/0x140 [ntb_transport] [74412.617010] ntb_rx_copy_callback+0x53/0x80 [ntb_transport] [74412.623332] idxd_dma_complete_txd+0xe3/0x160 [idxd] [74412.628963] idxd_wq_thread+0x1a6/0x2b0 [idxd] [74412.634046] irq_thread_fn+0x21/0x60 [74412.638134] ? irq_thread+0xa8/0x290 [74412.642218] irq_thread+0x1a0/0x290 [74412.646212] ? __pfx_irq_thread_fn+0x10/0x10 [74412.651071] ? __pfx_irq_thread_dtor+0x10/0x10 [74412.656117] ? __pfx_irq_thread+0x10/0x10 [74412.660686] kthread+0x100/0x130 [74412.664384] ? • https://git.kernel.org/stable/c/548c237c0a9972df5d1afaca38aa733ee577128d https://git.kernel.org/stable/c/4b3b6c7efee69f077b86ef7f088fb96768e46e1f https://git.kernel.org/stable/c/e3af5b14e7632bf12058533d69055393e2d126c9 https://git.kernel.org/stable/c/858ae09f03677a4ab907a15516893bc2cc79d4c3 https://git.kernel.org/stable/c/e15a5d821e5192a3769d846079bc9aa380139baf https://access.redhat.com/security/cve/CVE-2024-42110 https://bugzilla.redhat.com/show_bug.cgi?id=2301473 • CWE-372: Incomplete Internal State Distinction •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42105 – nilfs2: fix inode number range checks
https://notcve.org/view.php?id=CVE-2024-42105
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode being exposed in the namespace on a corrupted filesystem, and a couple of flaws that cause problems if the starting number of non-reserved inodes written in the on-disk super block is intentionally (or corruptly) changed from its default value. This patch (of 3): In the current implementation of nilfs2, "nilfs->ns_first_ino", which gives the first non-reserved inode number, is read from the superblock, but its lower limit is not checked. As a result, if a number that overlaps with the inode number range of reserved inodes such as the root directory or metadata files is set in the super block parameter, the inode number test macros (NILFS_MDT_INODE and NILFS_VALID_INODE) will not function properly. In addition, these test macros use left bit-shift calculations using with the inode number as the shift count via the BIT macro, but the result of a shift calculation that exceeds the bit width of an integer is undefined in the C specification, so if "ns_first_ino" is set to a large value other than the default value NILFS_USER_INO (=11), the macros may potentially malfunction depending on the environment. Fix these issues by checking the lower bound of "nilfs->ns_first_ino" and by preventing bit shifts equal to or greater than the NILFS_USER_INO constant in the inode number test macros. Also, change the type of "ns_first_ino" from signed integer to unsigned integer to avoid the need for type casting in comparisons such as the lower bound check introduced this time. • https://git.kernel.org/stable/c/57235c3c88bb430043728d0d02f44a4efe386476 https://git.kernel.org/stable/c/08cab183a624ba71603f3754643ae11cab34dbc4 https://git.kernel.org/stable/c/731011ac6c37cbe97ece229fc6daa486276052c5 https://git.kernel.org/stable/c/3be4dcc8d7bea52ea41f87aa4bbf959efe7a5987 https://git.kernel.org/stable/c/fae1959d6ab2c52677b113935e36ab4e25df37ea https://git.kernel.org/stable/c/9194f8ca57527958bee207919458e372d638d783 https://git.kernel.org/stable/c/1c91058425a01131ea30dda6cf43c67b17884d6a https://git.kernel.org/stable/c/e2fec219a36e0993642844be0f3455135 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42104 – nilfs2: add missing check for inode numbers on directory entries
https://notcve.org/view.php?id=CVE-2024-42104
In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file inodes, which triggers a kernel bug in lru_add_fn(). As Jan Kara pointed out, this is because the link count of a metadata file gets corrupted to 0, and nilfs_evict_inode(), which is called from iput(), tries to delete that inode (ifile inode in this case). The inconsistency occurs because directories containing the inode numbers of these metadata files that should not be visible in the namespace are read without checking. Fix this issue by treating the inode numbers of these internal files as errors in the sanity check helper when reading directory folios/pages. Also thanks to Hillf Danton and Matthew Wilcox for their initial mm-layer analysis. • https://git.kernel.org/stable/c/c33c2b0d92aa1c2262d999b2598ad6fbd53bd479 https://git.kernel.org/stable/c/07c176e7acc5579c133bb923ab21316d192d0a95 https://git.kernel.org/stable/c/2f2fa9cf7c3537958a82fbe8c8595a5eb0861ad7 https://git.kernel.org/stable/c/b11e8fb93ea5eefb2e4e719497ea177a58ff6131 https://git.kernel.org/stable/c/1b7d549ed2c1fa202c751b69423a0d3a6bd5a180 https://git.kernel.org/stable/c/3ab40870edb883b9633dc5cd55f5a2a11afa618d https://git.kernel.org/stable/c/265fff1a01cdc083aeaf0d934c929db5cc64aebf https://git.kernel.org/stable/c/bb76c6c274683c8570ad788f79d4b875b •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-42101 – drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes
https://notcve.org/view.php?id=CVE-2024-42101
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. • https://git.kernel.org/stable/c/6ee738610f41b59733f63718f0bdbcba7d3a3f12 https://git.kernel.org/stable/c/9baf60323efa992b7c915094529f0a1882c34e7e https://git.kernel.org/stable/c/e36364f5f3785d054a94e57e971385284886d41a https://git.kernel.org/stable/c/274cba8d2d1b48c72d8bd90e76c9e2dc1aa0a81d https://git.kernel.org/stable/c/f48dd3f19614022f2e1b794fbd169d2b4c398c07 https://git.kernel.org/stable/c/1f32535238493008587a8c5cb17eb2ca097592ef https://git.kernel.org/stable/c/744b229f09134ccd091427a6f9ea6d97302cfdd9 https://git.kernel.org/stable/c/7db5411c5d0bd9c29b8c2ad93c36b5c16 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52888 – media: mediatek: vcodec: Only free buffer VA that is not NULL
https://notcve.org/view.php?id=CVE-2023-52888
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn't do the check and triggered warnings in practice. We believe those checks were forgotten unintentionally. Add the checks back to fix the warnings. • https://git.kernel.org/stable/c/5c217253c76c94f76d1df31d0bbdcb88dc07be91 https://git.kernel.org/stable/c/303d01082edaf817ee2df53a40dca9da637a2c04 https://git.kernel.org/stable/c/eb005c801ec70ff4307727bd3bd6e8280169ef32 •