CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2024-53113 – mm: fix NULL pointer dereference in alloc_pages_bulk_noprof
https://notcve.org/view.php?id=CVE-2024-53113
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: corregir la desreferencia de puntero NULL en alloc_pages_bulk_noprof Activamos una desreferencia de puntero NULL para ac.preferred_zoneref->zone en alloc_pages_bulk_noprof() cuando la tarea se migra entre conjuntos de CPU. • https://git.kernel.org/stable/c/387ba26fb1cb9be9e35dc14a6d97188e916eda05 https://git.kernel.org/stable/c/903d896448c2e50e8652aaba529a30d4d1eaa0e5 https://git.kernel.org/stable/c/6addb2d9501ec866d7b3a3b4e665307c437e9be2 https://git.kernel.org/stable/c/d0f16cec79774c3132df006cf771eddd89d08f58 https://git.kernel.org/stable/c/31502374627ba9ec3e710dbd0bb00457cc6d2c19 https://git.kernel.org/stable/c/8ce41b0f9d77cca074df25afd39b86e2ee3aa68e •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2024-53112 – ocfs2: uncache inode which has failed entering the group
https://notcve.org/view.php?id=CVE-2024-53112
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? • https://git.kernel.org/stable/c/7909f2bf835376a20d6dbf853eb459a27566eba2 https://git.kernel.org/stable/c/ac0cfe8ac35cf1be54131b90d114087b558777ca https://git.kernel.org/stable/c/5ae8cc0b0c027e9cab22596049bc4dd1cbc37ee4 https://git.kernel.org/stable/c/28d4ed71ae0b4baedca3e85ee6d8f227ec75ebf6 https://git.kernel.org/stable/c/0e04746db2ec4aec04cef5763b9d9aa32829ae2f https://git.kernel.org/stable/c/620d22598110b0d0cb97a3fcca65fc473ea86e73 https://git.kernel.org/stable/c/843dfc804af4b338ead42331dd58081b428ecdf8 https://git.kernel.org/stable/c/b751c50e19d66cfb7360c0b55cf17b072 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2024-53108 – drm/amd/display: Adjust VSDB parser for replay feature
https://notcve.org/view.php?id=CVE-2024-53108
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 ... [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Ajustar el analizador VSDB para la función de reproducción En algún momento, se agregó la identificación IEEE ID para la comprobación de reproducción en AMD EDID. Sin embargo, esta comprobación provoca los siguientes problemas fuera de límites al utilizar KASAN: [ 27.804016] ERROR: KASAN: slab-out-of-bounds en amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Lectura de tamaño 1 en la dirección ffff8881647fdb00 por la tarea systemd-udevd/383 ... [ 27.821207] Estado de la memoria alrededor de la dirección con errores: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ===================================================================== Esto se debe a que la extracción de ID se realiza fuera del rango de longitud de edid. Esta confirmación soluciona este problema al considerar el tamaño de amd_vsdb_block. • https://git.kernel.org/stable/c/0a326fbc8f72a320051f27328d4d4e7abdfe68d7 https://git.kernel.org/stable/c/8db867061f4c76505ad62422b65d666b45289217 https://git.kernel.org/stable/c/16dd2825c23530f2259fc671960a3a65d2af69bd •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53104 – media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format
https://notcve.org/view.php?id=CVE-2024-53104
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Omitir el análisis de fotogramas de tipo UVC_VS_UNDEFINED en uvc_parse_format Esto puede provocar escrituras fuera de los límites, ya que los fotogramas de este tipo no se tuvieron en cuenta al calcular el tamaño del búfer de fotogramas en uvc_parse_streaming. • https://git.kernel.org/stable/c/c0efd232929c2cd87238de2cccdaf4e845be5b0c https://git.kernel.org/stable/c/95edf13a48e75dc2cc5b0bc57bf90d6948a22fe8 https://git.kernel.org/stable/c/684022f81f128338fe3587ec967459669a1204ae https://git.kernel.org/stable/c/faff5bbb2762c44ec7426037b3000e77a11d6773 https://git.kernel.org/stable/c/467d84dc78c9abf6b217ada22b3fdba336262e29 https://git.kernel.org/stable/c/beced2cb09b58c1243733f374c560a55382003d6 https://git.kernel.org/stable/c/575a562f7a3ec2d54ff77ab6810e3fbceef2a91d https://git.kernel.org/stable/c/622ad10aae5f5e03b7927ea95f7f32812 • CWE-787: Out-of-bounds Write •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2024-53103 – hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
https://notcve.org/view.php?id=CVE-2024-53103
In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hv_sock: inicialización de vsk->trans en NULL para evitar un puntero colgante. Cuando se lanza hvs, existe la posibilidad de que vsk->trans no se inicialice en NULL, lo que podría provocar un puntero colgante. Este problema se resuelve inicializando vsk->trans en NULL. • https://git.kernel.org/stable/c/ae0078fcf0a5eb3a8623bfb5f988262e0911fdb9 https://git.kernel.org/stable/c/285266ef92f7b4bf7d26e1e95e215ce6a6badb4a https://git.kernel.org/stable/c/4fe1d42f2acc463b733bb42e3f8e67dbc2a0eb2d https://git.kernel.org/stable/c/414476c4fb11be070c09ab8f3e75c9ee324a108a https://git.kernel.org/stable/c/7cf25987820350cb950856c71b409e5b6eed52bd https://git.kernel.org/stable/c/98d8dde9232250a57ad5ef16479bf6a349e09b80 https://git.kernel.org/stable/c/4bdc5a62c6e50600d8a1c3e18fd6dce0c27c9497 https://git.kernel.org/stable/c/e0fe3392371293175f25028020ded5267 •