CVE-2022-48658 – mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context.
https://notcve.org/view.php?id=CVE-2022-48658
In the Linux kernel, the following vulnerability has been resolved: mm: slub: fix flush_cpu_slab()/__free_slab() invocations in task context. Commit 5a836bf6b09f ("mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context") moved all flush_cpu_slab() invocations to the global workqueue to avoid a problem related with deactivate_slab()/__free_slab() being called from an IRQ context on PREEMPT_RT kernels. When the flush_all_cpu_locked() function is called from a task context it may happen that a workqueue with WQ_MEM_RECLAIM bit set ends up flushing the global workqueue, this will cause a dependency issue. workqueue: WQ_MEM_RECLAIM nvme-delete-wq:nvme_delete_ctrl_work [nvme_core] is flushing !WQ_MEM_RECLAIM events:flush_cpu_slab WARNING: CPU: 37 PID: 410 at kernel/workqueue.c:2637 check_flush_dependency+0x10a/0x120 Workqueue: nvme-delete-wq nvme_delete_ctrl_work [nvme_core] RIP: 0010:check_flush_dependency+0x10a/0x120[ 453.262125] Call Trace: __flush_work.isra.0+0xbf/0x220 ? __queue_work+0x1dc/0x420 flush_all_cpus_locked+0xfb/0x120 __kmem_cache_shutdown+0x2b/0x320 kmem_cache_destroy+0x49/0x100 bioset_exit+0x143/0x190 blk_release_queue+0xb9/0x100 kobject_cleanup+0x37/0x130 nvme_fc_ctrl_free+0xc6/0x150 [nvme_fc] nvme_free_ctrl+0x1ac/0x2b0 [nvme_core] Fix this bug by creating a workqueue for the flush operation with the WQ_MEM_RECLAIM bit set. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: slub: corrige las invocaciones de flu_cpu_slab()/__free_slab() en el contexto de la tarea. Commit 5a836bf6b09f ("mm: slub: mover invocaciones de flu_cpu_slab() invocaciones de __free_slab() fuera del contexto IRQ") movió todas las invocaciones de flu_cpu_slab() a la cola de trabajo global para evitar un problema relacionado con la llamada de desactivate_slab()/__free_slab() desde un Contexto IRQ en núcleos PREEMPT_RT. • https://git.kernel.org/stable/c/5a836bf6b09f99ead1b69457ff39ab3011ece57b https://git.kernel.org/stable/c/61703b248be993eb4997b00ae5d3318e6d8f3c5b https://git.kernel.org/stable/c/df6cb39335cf5a1b918e8dbd8ba7cd9f1d00e45a https://git.kernel.org/stable/c/e45cc288724f0cfd497bb5920bcfa60caa335729 •
CVE-2022-48657 – arm64: topology: fix possible overflow in amu_fie_setup()
https://notcve.org/view.php?id=CVE-2022-48657
In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int*, while freq_inv_set_max_ratio() gets passed this frequency in Hz as 'u64'. Multiplying max frequency by 1000 can potentially result in overflow -- multiplying by 1000ULL instead should avoid that... Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: topología: corrige posible desbordamiento en amu_fie_setup() cpufreq_get_hw_max_freq() devuelve la frecuencia máxima en kHz como *unsigned int*, mientras que freq_inv_set_max_ratio() pasa esta frecuencia en Hz como 'u64 '. Multiplicar la frecuencia máxima por 1000 puede potencialmente resultar en un desbordamiento; multiplicar por 1000ULL debería evitar eso... Encontrado por el Centro de verificación de Linux (linuxtesting.org) con la herramienta de análisis estático SVACE. • https://git.kernel.org/stable/c/cd0ed03a8903a0b0c6fc36e32d133d1ddfe70cd6 https://git.kernel.org/stable/c/904f881b57360cf85de962d84d8614d94431f60e https://git.kernel.org/stable/c/3c3edb82d67b2be9231174ac2af4af60d4af7549 https://git.kernel.org/stable/c/bb6d99e27cbe6b30e4e3bbd32927fd3b0bdec6eb https://git.kernel.org/stable/c/d4955c0ad77dbc684fc716387070ac24801b8bca • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2022-48656 – dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get()
https://notcve.org/view.php?id=CVE-2022-48656
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference returned by of_parse_phandle() in fail path or when it is not used anymore. Here we only need to move the of_node_put() before the check. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: ti: k3-udma-private: corrige el error de fuga de recuento en of_xudma_dev_get() Deberíamos llamar a of_node_put() para la referencia devuelta por of_parse_phandle() en la ruta de error o cuando ya no se usa. Aquí solo necesitamos mover of_node_put() antes de la verificación. • https://git.kernel.org/stable/c/d702419134133db1eab2067dc6ea5723467fd917 https://git.kernel.org/stable/c/aa11dae059a439af82bae541b134f8f53ac177b5 https://git.kernel.org/stable/c/dd5a6c5a08752b613e83ad2cb5133e72a64b876d https://git.kernel.org/stable/c/a17df55bf6d536712da6902a83db82b82e67d5a2 https://git.kernel.org/stable/c/f9fdb0b86f087c2b7f6c6168dd0985a3c1eda87e • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2022-48655 – firmware: arm_scmi: Harden accesses to the reset domains
https://notcve.org/view.php?id=CVE-2022-48655
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consistency check before any such domains descriptors accesses. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Refuerza los accesos a los dominios de reinicio. El acceso a los descriptores de dominios de reinicio por el índice ante las solicitudes de los controladores SCMI a través de la interfaz de operaciones de reinicio de SCMI puede conducir potencialmente a violaciones fuera de los límites. si el controlador SCMI se comporta mal. Agregue una verificación de coherencia interna antes de que se acceda a dichos descriptores de dominio. • https://git.kernel.org/stable/c/95a15d80aa0de938299acfcbc6aa6f2b16f5d7e5 https://git.kernel.org/stable/c/7184491fc515f391afba23d0e9b690caaea72daf https://git.kernel.org/stable/c/f2277d9e2a0d092c13bae7ee82d75432bb8b5108 https://git.kernel.org/stable/c/1f08a1b26cfc53b7715abc46857c6023bb1b87de https://git.kernel.org/stable/c/8e65edf0d37698f7a6cb174608d3ec7976baf49e https://git.kernel.org/stable/c/e9076ffbcaed5da6c182b144ef9f6e24554af268 https://lists.debian.org/debian-lts-announce/2024/06/msg00019.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2022-48654 – netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find()
https://notcve.org/view.php?id=CVE-2022-48654
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale kernel stack data to userspace. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nfnetlink_osf: corrige una posible coincidencia falsa en nf_osf_find() nf_osf_find() devuelve verdadero incorrectamente en caso de discrepancia, esto lleva a copiar el área de memoria no inicializada en nft_osf que puede usarse para filtrar el kernel obsoleto apilar datos en el espacio de usuario. • https://git.kernel.org/stable/c/22c7652cdaa8cd33ce78bacceb4e826a3f795873 https://git.kernel.org/stable/c/721ea8ac063d70c2078c4e762212705de6151764 https://git.kernel.org/stable/c/5d75fef3e61e797fab5c3fbba88caa74ab92ad47 https://git.kernel.org/stable/c/816eab147e5c6f6621922b8515ad9010ceb1735e https://git.kernel.org/stable/c/633c81c0449663f57d4138326d036dc6cfad674e https://git.kernel.org/stable/c/559c36c5a8d730c49ef805a72b213d3bba155cc8 • CWE-908: Use of Uninitialized Resource •