CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35959 – net/mlx5e: Fix mlx5e_priv_init() cleanup flow
https://notcve.org/view.php?id=CVE-2024-35959
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix mlx5e_priv_init() cleanup flow When mlx5e_priv_init() fails, the cleanup flow calls mlx5e_selq_cleanup which calls mlx5e_selq_apply() that assures that the `priv->state_lock` is held using lockdep_is_held(). Acquire the state_lock in mlx5e_selq_cleanup(). Kernel log: ============================= WARNING: suspicious RCU usage 6.8.0-rc3_net_next_841a9b5 #1 Not tainted ----------------------------- drivers/net/ethernet/mellanox/mlx5/core/en/selq.c:124 suspicious rcu_dereference_protected() usage!... 0xffffffffa0573000 ipoib_init_module+0xeb/0x1a0 [ib_ipoib] do_one_initcall+0x61/0x250 do_init_module+0x8a/0x270 init_module_from_file+0x8b/0xd0 idempotent_init_module+0x17d/0x230 __x64_sys_finit_module+0x61/0xb0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x46/0x4e </TASK> En el kernel de Linux, se resolvió la siguiente vulnerabilidad: net/mlx5e: corrige el flujo de limpieza de mlx5e_priv_init(). • https://git.kernel.org/stable/c/8bf30be75069d6080659de9a28565c048f6cef9b https://git.kernel.org/stable/c/ad26f26abd353113dea4e8d5ebadccdab9b61e76 https://git.kernel.org/stable/c/f9ac93b6f3de34aa0bb983b9be4f69ca50fc70f3 https://git.kernel.org/stable/c/6bd77865fda662913dcb5722a66a773840370aa7 https://git.kernel.org/stable/c/ecb829459a841198e142f72fadab56424ae96519 https://access.redhat.com/security/cve/CVE-2024-35959 https://bugzilla.redhat.com/show_bug.cgi?id=2281923 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2024-35958 – net: ena: Fix incorrect descriptor free behavior
https://notcve.org/view.php?id=CVE-2024-35958
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all descriptors in a TX queue and unmaps + frees every descriptor that hasn't been acknowledged yet by the device (uncompleted TX transactions). The function assumes that the processed TX queue is necessarily from the first category listed above and ends up using napi_consume_skb() for descriptors belonging to an XDP specific queue. This patch solves a bug in which, in case of a VF reset, the descriptors aren't freed correctly, leading to crashes. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ena: soluciona el comportamiento incorrecto sin descriptor. • https://git.kernel.org/stable/c/548c4940b9f1f527f81509468dd60b61418880b6 https://git.kernel.org/stable/c/b26aa765f7437e1bbe8db4c1641b12bd5dd378f0 https://git.kernel.org/stable/c/fdfbf54d128ab6ab255db138488f9650485795a2 https://git.kernel.org/stable/c/19ff8fed3338898b70b2aad831386c78564912e1 https://git.kernel.org/stable/c/5c7f2240d9835a7823d87f7460d8eae9f4e504c7 https://git.kernel.org/stable/c/c31baa07f01307b7ae05f3ce32b89d8e2ba0cc1d https://git.kernel.org/stable/c/bf02d9fe00632d22fa91d34749c7aacf397b6cde https://lists.debian.org/debian-lts-announce/2024/06/ •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35957 – iommu/vt-d: Fix WARN_ON in iommu probe path
https://notcve.org/view.php?id=CVE-2024-35957
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix WARN_ON in iommu probe path Commit 1a75cc710b95 ("iommu/vt-d: Use rbtree to track iommu probed devices") adds all devices probed by the iommu driver in a rbtree indexed by the source ID of each device. ... init_module_from_file+0x86/0xd0 init_module_from_file+0x86/0xd0 idempotent_init_module+0x17c/0x230 __x64_sys_finit_module+0x56/0xb0 do_syscall_64+0x6e/0x140 entry_SYSCALL_64_after_hwframe+0x71/0x79 En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: corrige WARN_ON en la ruta de sondeo de iommu. • https://git.kernel.org/stable/c/c618d446f1d64bdc9e426bab5e8619f224cde2ae https://git.kernel.org/stable/c/fba8ca3e6f608b92e54271fdbd3ce569361939fc https://git.kernel.org/stable/c/89436f4f54125b1297aec1f466efd8acb4ec613d https://access.redhat.com/security/cve/CVE-2024-35957 https://bugzilla.redhat.com/show_bug.cgi?id=2281927 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2024-35956 – btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations
https://notcve.org/view.php?id=CVE-2024-35956
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to the parent subvolume's fs tree, which cannot be mediated in the normal way via start_transaction. ... En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: qgroup: corrige la fuga de rsv prealloc de qgroup en operaciones de subvolumen Crear subvolumen, crear instantánea y eliminar subvolumen, todos usan btrfs_subvolume_reserve_metadata() para reservar metadatos para los cambios realizados en el árbol fs del subvolumen principal , que no se puede mediar de la forma normal a través de start_transaction. • https://git.kernel.org/stable/c/e85fde5162bf1b242cbd6daf7dba0f9b457d592b https://git.kernel.org/stable/c/2978cb474745b2d93c263008d265e89985706094 https://git.kernel.org/stable/c/14431815a4ae4bcd7c7a68b6a64c66c7712d27c9 https://git.kernel.org/stable/c/6c95336f5d8eb9ab79cd7306d71b6d0477363f8c https://git.kernel.org/stable/c/74e97958121aa1f5854da6effba70143f051b0cd •
CVSS: 8.8EPSS: 0%CPEs: 11EXPL: 0CVE-2024-35955 – kprobes: Fix possible use-after-free issue on kprobe registration
https://notcve.org/view.php?id=CVE-2024-35955
In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. ... En el kernel de Linux, se resolvió la siguiente vulnerabilidad: kprobes: soluciona un posible problema de use after free en el registro de kprobe Al descargar un módulo, su estado cambia MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. • https://git.kernel.org/stable/c/1c836bad43f3e2ff71cc397a6e6ccb4e7bd116f8 https://git.kernel.org/stable/c/6a119c1a584aa7a2c6216458f1f272bf1bc93a93 https://git.kernel.org/stable/c/2a49b025c36ae749cee7ccc4b7e456e02539cdc3 https://git.kernel.org/stable/c/a1edb85e60fdab1e14db63ae8af8db3f0d798fb6 https://git.kernel.org/stable/c/28f6c37a2910f565b4f5960df52b2eccae28c891 https://git.kernel.org/stable/c/4262b6eb057d86c7829168c541654fe0d48fdac8 https://git.kernel.org/stable/c/97e813e6a143edf4208e15c72199c495ed80cea5 https://git.kernel.org/stable/c/16a544f1e013ba0660612f3fe35393b14 • CWE-416: Use After Free •